JP4403130B2 - Security system, security management method, client terminal, and authentication information storage medium - Google Patents

Description

  The present invention relates to a security system technology such as authentication of indoor entry / exit and management of electronic certificates.

  In a conventional security system, an entrance / exit management system for managing entrance / exit into a person's room and an electronic certificate management system (for example, Patent Document 1) for managing an electronic certificate are operated as separate systems. It had been.

JP 2001-320361 A

  However, in the conventional technology, since the entrance / exit management system and the electronic certificate management system are operated as separate systems, the user uses a plurality of authentication information storage media such as IC (Integrated Circuit) cards used in these systems. It was inconvenient to hold.

  Therefore, an object of the present invention is to make it possible to use an entrance / exit management system and an information security system with only one authentication information storage medium.

  In order to solve the above problems, the present invention makes it possible to use an entry / exit management system and an information security system by using an authentication information storage medium storing identification information and key information.

  For example, the present invention determines whether a reading unit that reads identification information stored in an authentication information storage medium and whether the identification information matches the previously stored identification information. An entry / exit management system that permits entry / exit of a user, a certificate server, and a client terminal arranged in a room in which entry / exit of a user is managed by the entry / exit management system An electronic certificate management system comprising: a reading unit that reads identification information from the authentication information storage medium; and the identification information read by the reading unit as the certificate. A transmission unit that transmits to the server, and the certificate server stores a reception unit that receives identification information from the client terminal and an electronic certificate. An electronic certificate storage unit, a certificate management unit that acquires an electronic certificate corresponding to the identification information from the electronic certificate storage unit, and a transmission unit that transmits the acquired electronic certificate to the client terminal; It is characterized by providing.

  As described above, according to the present invention, since the entry / exit management system and the information security system can be used using the authentication information storage medium storing the identification information and the key information, These systems can be used only by holding one authentication information storage medium.

  FIG. 1 is a schematic diagram of a security system 100 according to an embodiment of the present invention.

  As illustrated, the security system 100 includes a registration terminal 110, a service server 120, a verification server 130, an entry / exit management server 140, a certificate server 150, and a first entry / exit authentication device 160A. The second entry / exit authentication device 160B and the client terminal 170 are connected via a LAN 190, and further include a card 180 as an authentication information storage medium.

  The registration terminal 110 includes a registration processing unit 111, a transmission / reception unit 112, an input unit 113, a display unit 114, and a reader / writer 115.

  The registration processing unit 111 performs user registration processing of the security system 100.

  Specifically, first, input of predetermined user information is received from a user who is not registered in the security system 100 via the input unit 113 and the display unit 114 described later. Here, as user information, at least a user's name, common name, and personal identification number are required.

  Then, a card ID stored in advance from a card to be used by the user is obtained via a reader / writer 115 described later, and the entry / exit management of the card ID is performed via a transmission / reception unit 112 described later. It transmits to the server 140 and receives the entrance / exit ID generated by the entrance / exit management server 140 corresponding to the card ID.

  Also, an encryption key to be used by this user is created, and the encryption key, user information, and entrance / exit ID are transmitted to the certificate server 150. The certificate server 150 generates an electronic certificate and an authentication ID based on these pieces of information.

  The electronic certificate is used to prove that the public key belongs to the user. Usually, information about the owner of the electronic certificate, the public key of the owner of the electronic certificate, and the electronic certificate are used. Information about the issuer of the certificate and the digital signature of the issuer of the electronic certificate.

  The encryption key can use a common key method using an encryption method such as AES (Advanced Encryption Standard) or 3DES (Triple Data Encryption Standard), and an encryption method such as RSA (Rivest Shamir Adleman). The public key method used can also be used. When using the public key method, the public key is transmitted to the certificate server 150, and the private key is stored in the card 180 as described later.

  Then, first certificate information is created from the electronic certificate generated by the certificate server 150 and sent to the entrance / exit management server 140. The first certificate information includes the serial number of the electronic certificate transmitted from the certificate server 150, the “issuer name hash” that is a hash value of the name of the electronic certificate issuer, and the key of the issuer. The hash value “issuer key hash” is generated by concatenating with “−”. That is, the first certificate information is generated so as to be “serial number−issuer name hash−issuer key hash”.

  Further, when the user is not a temporary user who temporarily uses the security system 100 but is an authorized user, the entry / exit ID and the encryption key are stored in the card 180 via the reader / writer 115 described later. To do.

  Further, the card ID, the entrance / exit ID and the password are transmitted to the first entrance / exit authentication device 160A and the second entrance / exit authentication device 160B. The first entry / exit authentication device 160 </ b> A and the second entry / exit authentication device 160 </ b> B store the received card ID, entry / exit ID, and password in the identification information table 162.

  The transmission / reception unit 112 transmits / receives information via the LAN 190.

  The input unit 113 is an input device such as a keyboard and a mouse, for example.

  The display unit 114 is a display device such as a display.

  The reader / writer 115 is a device that can read and write information stored in a card 180, which will be described later. In this embodiment, an IC card is used as the card 180. Use what can read and write stored information.

  The registration terminal 110 configured in this way can be realized by a so-called computer. That is, the registration processing unit 111 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into a main memory and executing it by a CPU (Central Processing Unit). It can be realized by a NIC (Network Interface Card).

  The service server 120 includes a service providing unit 121, a certificate processing unit 122, and a transmission / reception unit 123.

  The service providing unit 121 provides a predetermined service such as transmitting predetermined information to the client terminal 170 in response to a request from the client terminal 170 described later. In this embodiment, as will be described later, the user of the client terminal 170 is verified by the certificate processing unit 122 before the service is provided by the service providing unit 121.

  The certificate processing unit 122 transmits a server certificate to the client terminal 170 when there is a service provision request from the client terminal 170 described later. Further, the user's electronic certificate and verification information are obtained from the client terminal 170, and the electronic certificate is verified.

  In the verification of the electronic certificate, a verification plaintext is acquired from the verification information received from the client terminal 170, a digest is generated from the plaintext using a hash function, and an encrypted text encrypted from the received verification information is also obtained. And the digest is decrypted using the public key attached to the digital certificate. Then, the digest generated from plain text is compared with the digest decrypted from the encrypted text. If they match, the digital certificate is valid. If they do not match, the digital certificate is invalid. Judge that.

  Then, if the electronic certificate is valid, the certificate processing unit 122 uses the serial number, “issuer name hash”, and “issuer key hash” included in the certificate as described above. First certificate information is generated, and the first certificate information is transmitted to the verification server 130 to request confirmation of the validity of the electronic certificate.

  If the electronic certificate is valid and valid, the service providing unit 121 is instructed to start providing the service to the client terminal 170.

  The transmission / reception unit 123 transmits / receives information via the LAN 190.

  The service server 120 configured in this way can be realized by a so-called computer. That is, the service providing unit 121 and the certificate processing unit 122 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU. It can be realized by NIC.

  The verification server 130 includes a verification processing unit 131 and a transmission / reception unit 132.

  When the first certificate information is sent from the service server 120, the verification processing unit 131 verifies the validity of the certificate based on the first certificate information.

  Specifically, the certificate “serial number”, “issuer name hash”, and “issuer key hash” are extracted from the first certificate information, and the certificate server that is the certificate authority as described later. The validity of the certificate is verified by referring to a CRL (Certificate Revocation List) that is a certificate revocation list acquired from 150.

  Further, the verification processing unit 131 transmits the first certificate information to the entry / exit management server 140, and the user enters / exits any room based on the entry information sent from the entry / exit management server 140. Confirm that you have not exited.

  Then, if the verification processing unit 131 can confirm that the certificate is valid and that the user has entered the room, the verification processing unit 131 transmits a success response as a verification result to the service server 120, and any one of them can be confirmed. If the confirmation cannot be obtained, a failure response is transmitted.

  The transmission / reception unit 132 transmits / receives information via the LAN 190.

  The verification server 130 configured in this way can be realized by a so-called computer. That is, the verification processing unit 131 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU, and the transmission / reception unit 132 can be realized by the NIC. is there.

  The entrance / exit management server 140 includes an entrance / exit management unit 141, an entrance / exit room table 142, an entrance / exit information table 143, a device table 144, a location table 144, and a transmission / reception unit 146.

  The entrance / exit management unit 141 manages the entrance / exit status of the user based on information stored in an entrance / exit table 142, an entrance / exit information table 143, and a location table 144, which will be described later.

  Specifically, when a card ID of a new user is transmitted from the registration terminal 110, a unique entry / exit ID is created corresponding to this card ID. Then, a new line is created in an entry / exit table 142 described later, and these card ID and entry / exit ID are entered in the respective columns. When the first certificate information corresponding to these IDs is transmitted from the registration terminal 110, the first certificate information is entered in a predetermined column on the same line as these IDs.

  In addition, from a first entrance / exit authentication device 160A or a second entrance / exit authentication device 160B, which will be described later, one of the entrance / exit ID and card ID, and a device ID for identifying these entrance / exit authentication devices 160A, 160B, and When the authentication result, the time when the authentication is performed, and the room ID for identifying the room in which these entrance / exit authentication devices 160A and 160B are installed, an entrance / exit information table 143 to be described later is sent. Create a new line and enter this information in the respective fields.

  In addition, when the first certificate information is received from the verification server 111, the entrance / exit management unit 141 enters / exits the ID corresponding to the first certificate information (a card ID if there is no entrance / exit ID). And by referring to the entry / exit information table 143 based on this entry / exit ID (or card ID if there is no entry / exit ID), it is determined whether or not the user is in the room and is verified as entry information. Send to server 111.

  Whether or not the user is in the room is determined as follows. First, in the entry / exit information table 143, the row of the latest time when the authentication was successful is identified based on the entry / exit ID (or the card ID if there is no entry / exit ID), and the device ID is identified. Next, in this embodiment, when the entrance / exit authentication device specified by the device ID is installed outside the room at the head position of the device ID (in the case of the entrance / exit authentication device for entering the room), When the identification code “A” is installed in the room (in the case of an entry / exit authentication device for leaving the room), the identification code “B” is added, so this identification code is specified. By doing so, it is determined whether or not the user is in the room.

  As shown in FIG. 2, the entrance / exit table 142 includes an entrance / exit room ID input field 142a, a card ID input field 142b, and a first certificate information input field 142c.

  The entrance / exit ID entered in the entrance / exit ID input field 142a is unique identification information as described above.

  The card ID input in the card ID input field 142b is identification information uniquely determined for each card 180 described later, and is stored in advance in the card 180 as described later.

  As described above, the first certificate information input to the first certificate information input field 142c includes the serial number included in the electronic certificate, “issuer name hash”, “issuer key hash”, Is generated from

  As shown in FIG. 3, the entrance / exit information table 143 includes a device ID input field 143a, an entrance / exit ID input field 143b, a card ID input field 143c, an authentication result input field 143d, and a time input field 143e. And a room ID input field 143f.

  The device ID entered in the device ID input field 143a is the identification code “A” at the head of a unique identification number for each entry / exit authentication device 160, and when the entry / exit authentication device is installed outside the room. Is added with an identification code of “B” when installed in a room.

  In the authentication result input field 143d, when authentication is successful by the entrance / exit authentication device 160 as described later, “◯” is input, and when authentication is not successful, “×” is input. However, any identification information may be used as long as it can identify the success or failure of the authentication.

  In the time input field 143e, an authentication time is input. In the present embodiment, the time information transmitted from the entrance / exit authentication device 160 is input, but the present invention is not limited to this mode.

  The room ID input in the room ID input field 143f is identification information for uniquely identifying the room in which the entrance / exit authentication device is installed.

  As shown in FIG. 4, the location table 144 has a second certificate information input column 144a and a location ID input column 144b.

  The second certificate information input in the second certificate information input field 144a is obtained by connecting “issuer name hash” and “issuer key hash” with “−”, that is, “issuer name hash-issuer”. It is concatenated to be “key hash”.

  In the place ID input field 144b, identification information for uniquely specifying the place where the certificate server 150 as the certificate authority is installed is input.

  Since “issuer name hash” and “issuer key hash” can be created when the authority as the certificate authority (the certificate server 150 in this embodiment) is obtained, the certificate server 150 At the stage of installation, the location table 144 can be created.

  The transmission / reception unit 145 transmits / receives information via the LAN 190.

  The entrance / exit management server 140 configured as described above can be realized by a so-called computer. That is, the entrance / exit management unit 141 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU. Also, the entrance / exit table 142, the entrance / exit information table 143 and the location table 144 can be realized by storing them in an auxiliary storage device such as a hard disk, and the transmission / reception unit 145 can be realized by a NIC.

  The certificate server 150 includes a certificate management unit 151, a sequence unit 152, an authentication table 153, a certificate database 154, and a transmission / reception unit 155.

  First, when a new user registration request is received, the certificate management unit 151 performs registration in the authentication table and performs processing for issuing an electronic certificate.

  Specifically, when user information, a card ID, an entrance / exit ID, and an encryption key are transmitted from the registration terminal 110 (when a regular user is registered), the registration information is unique. An authentication ID is generated, a new line is created in the authentication table 153, and a card ID, an entrance / exit ID, and an authentication ID are input in the respective columns. Also, an electronic certificate and a key (public key and private key) are issued based on the transmitted user information, and the electronic certificate and private key are encrypted with the transmitted encryption key. Information is created, and this encrypted information is stored in a certificate database 154 described later in association with the authentication ID. Further, the file name of the stored encryption information is input to the corresponding field of the authentication table 153. Further, the encrypted information created in this way is transmitted to the registration terminal 110.

  In addition, when user information, a card ID, and an entrance / exit ID are transmitted from the registration terminal 110 (when registering a temporary user), a unique authentication ID is generated, A new line is created in the authentication table 153, and a card ID, an entrance / exit ID, and an authentication ID are entered in the respective columns. Also, an electronic certificate and a key (public key and private key) are issued based on the transmitted user information, and the electronic certificate and the private key are associated with an authentication ID in a certificate database 154 described later. Remember. In addition, the file name of the stored electronic certificate is input into the corresponding field of the authentication table 153. Further, when the electronic certificate and key are created in this way, a success response is transmitted to the registration terminal 110. When the user information and the card ID are transmitted from the registration terminal 110, it is considered as a temporary electronic certificate for the user. For example, an electronic certificate set to about one day) may be issued (hereinafter, the electronic certificate thus issued is referred to as a temporary electronic certificate).

  In the case of an authorized user (when user information, a card ID, an entrance / exit ID, and an encryption key are transmitted from the registration terminal 110), the authentication ID is a sequence unit described later. In the case of a temporary user (user information, card ID, and entrance / exit ID are transmitted from the registration terminal 110), “01” is added to the head of the number sent from 152. ), “91” is added to the head of the number sent from the sequence section 152 so that these users can be identified.

  In addition, when the entrance / exit ID is transmitted from the client terminal 170 (when an authorized user obtains an electronic certificate), the certificate management unit 151 corresponds to the entrance / exit ID. The authentication ID is extracted from the authentication table 153, the encrypted information is acquired from the certificate database 154 using this authentication ID as a key, and transmitted to the client terminal 170.

  Further, when a card ID is transmitted from the client terminal 170 (when a request for obtaining an electronic certificate is received from a temporary use user), the certificate management unit 151 performs authentication corresponding to the card ID. The ID is extracted from the authentication table 153, the temporary electronic certificate and the private key are acquired from the certificate database 154 using this authentication ID as a key, and transmitted to the client terminal 170.

  The sequence unit 152 outputs a number for generating an authentication ID to the certificate management unit 151. Here, in this embodiment, a serial number used for a temporary user is determined from an initial value to a predetermined number, and a serial number is registered for a user who performs regular registration from the next number after the predetermined number. Output.

  Specifically, the sequence unit 152 stores a numerical value for a temporary user and a numerical value for a regular user, and increments the stored numerical value every time the stored numerical value is output. When the numerical value for the temporary user reaches a predetermined value, the stored numerical value is returned to the initial value.

  As shown in FIG. 5, the authentication table 153 has an authentication ID input field 153a, an entry / exit room ID input field 153b, a card ID input field 153c, and a certificate file name input field 153d. Yes.

  In the authentication ID input field 153a, the authentication ID is input as described above.

  In the certificate file name input field 153d, as described above, the encryption information or the storage file name of the temporary certificate is input.

  Although not shown, the certificate database 154 stores encrypted information in the case of a regular user and a temporary certificate and a private key in association with an authentication ID in the case of a temporary user. Yes.

  The transmission / reception unit 155 transmits / receives information via the LAN 190.

  The certificate server 150 configured as described above can be realized by a so-called computer. That is, the certificate management unit 151 and the sequence unit 152 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU. The document database 154 can be realized by storing it in an auxiliary storage device such as a hard disk, and the transmission / reception unit 155 can be realized by a NIC.

  The first entry / exit authentication device 160A includes an entry / exit management unit 161, an identification information table 162, a time measurement unit 163, a transmission / reception unit 164, a card reader 165, an input unit 166, and a display unit 167. I have.

  When the entry / exit management unit 161 receives the card ID, the entry / exit ID, and the password from the registration terminal 110, the entry / exit management unit 161 creates new lines in the identification information table 162 and inputs them into the respective columns.

  In addition, when the entry / exit management unit 161 reads the information of the card 180 by a card reader 165 described later, the card ID or the entry / exit stored in the identification information table 162 is stored in the identification information table 162. If there is a match compared to the ID, a card ID is requested through the display unit 167 to input a password, and the password entered through the input unit 166 is matched in the identification information table 162. In addition, the electronic lock 191 is unlocked when they match with the personal identification number stored in association with the entrance / exit ID. When the electronic lock 191 is unlocked, time information is acquired from the time measuring unit 163 described later, and a notification that the authentication has been successful is sent to the entry / exit management server 140 by the card ID, entry / exit ID, and time. Send with information. The entry / exit management server 140 creates and inputs a new line in the entry / exit information table 143 for the received information.

  On the other hand, when the read card ID or the entry / exit ID is compared with the card ID and the entry / exit ID stored in the identification information table 162, if there is no match, authentication fails via the display unit 167. The time information is acquired from the time measuring unit 163 described later, and a notification that the authentication has failed is sent to the entrance / exit management server 140 together with the entrance / exit ID or card ID and time information. The entry / exit management server 140 creates and inputs a new line in the entry / exit information table 143 for the received information.

  If the password entered via the input unit 166 is different from the password stored in the identification information table 162, the password entered via the display unit 167 is set in advance. If the passwords still do not match, a notification that the authentication has failed is sent via the display unit 167, and time information is acquired from the time measuring unit 163, which will be described later. A notification that the authentication has failed is sent to the entrance / exit management server 140 along with the exit ID, card ID, and time information. The entry / exit management server 140 creates and inputs a new line in the entry / exit information table 143 for the received information.

  As shown in FIG. 6, the identification information table 162 has an entry / exit room ID input field 162a, a card ID input field 162b, and a password input field 163c, and is sent from the registration terminal 110. Enter the information you have entered into these fields.

  The time measurement unit 163 outputs time information in response to a request from the entrance / exit management unit 161.

  The transmission / reception unit 164 transmits / receives information via the LAN 190.

  The card reader 165 is a device that can read information stored in the card 180, which will be described later. In this embodiment, since the IC card is used as the card 180, the card reader 165 is stored in the IC card via radio waves. Use what can read the information.

  The input unit 166 is an input device such as a numeric keypad.

  The display unit 167 is a display device such as a display.

  The first authentication device 160A configured as described above can be realized by a so-called computer. That is, the entrance / exit management unit 161 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU, and the identification information table 162 is stored in the hard disk or the like. The time measurement unit 163 can be realized by an RTC (Real Time Clock), and the transmission / reception unit 164 can be realized by a NIC.

  The second entrance / exit authentication device 160B includes an entrance / exit management unit 161, an identification information table 162, a time measurement unit 163, a transmission / reception unit 164, a card reader 165, an input unit 166, and a display unit 167. Since these are the same as the first entrance / exit device 160A, description thereof is omitted.

  Here, the first entrance / exit authentication device 160A and the second entrance / exit authentication device 160B are used as a set of two, one on the outside and the inside of the entrance / exit to the room. To use.

  The client terminal 170 includes an authentication management unit 171, an application unit 172, a transmission / reception unit 173, and a card reader 174.

  The authentication management unit 171 performs processing for acquiring an electronic certificate from the certificate server 150 when there is a request for acquiring an electronic certificate from the application unit 172 described later.

  Specifically, when there is a request for obtaining an electronic certificate from the application unit 172 described later, by reading an entry / exit ID or card ID from a card reader 174 described later and transmitting it to the certificate server 150, The encryption information or the electronic certificate / private key corresponding to the entry / exit ID or card ID is acquired, and the electronic certificate and the verification information are calculated from these, and provided to the application unit 172.

  As described above, when the entrance / exit ID is transmitted to the certificate server 150, the encryption information is returned, and when the card ID is transmitted, the electronic certificate and the private key are returned.

  The verification information includes a plaintext for verification and an encrypted text obtained by creating a digest from the verification plaintext using a hash function and encrypting the digest with a secret key.

  When there is a predetermined processing request from the user, the application unit 172 verifies the server certificate sent from the service server and requests the authentication management unit 171 to obtain an electronic certificate.

  In the present embodiment, when the service server 120 is accessed, acquisition of an electronic certificate is requested, but the present invention is not limited to such an aspect.

  The application unit 172 transmits the acquired electronic certificate and verification information to the service server 120 via the transmission / reception unit 173.

  In addition, when there is a verification failure response from the service server 120, the application unit 172 forcibly terminates the application.

  Server certificate verification uses a hash function to generate a digest from the plain text attached to the server certificate, and the digital signature attached to the server certificate is published to the electronic certificate. Create a decrypted digest using the key. Then, the digest generated from the plaintext is compared with the digest decrypted from the digital signature, and whether or not they match is determined.

  The transmission / reception unit 173 transmits / receives information via the LAN 190.

  The card reader 174 is a device that can read information stored in the card 180, which will be described later. In this embodiment, since the IC card is used as the card 180, the card reader 174 is stored in the IC card via radio waves. Use what can read the information.

  The client terminal 170 configured as described above can be realized by a so-called computer. That is, the authentication management unit 171 and the application unit 172 can be realized by reading a predetermined program stored in an auxiliary storage device such as a hard disk into the main memory and executing it by the CPU. Can be realized.

  Here, in the present embodiment, the authentication management unit 171 and the application unit 172 handle the electronic certificate with a volatile memory such as a DRAM (Dynamic Random Access Memory), for example. Not stored in volatile memory.

  The card 180 includes a card ID storage unit 181, an entrance / exit room ID storage unit 182, and an encryption key storage unit 183, and a card ID uniquely determined for each card 180 is stored in the card ID storage unit 181 in advance. The entry / exit ID stored in the entry / exit ID storage unit 182 and the encryption key stored in the encryption key storage unit 183 are recorded by the reader / writer 115 of the registration terminal 110 when the user is registered. Is done.

  In the case of a temporary user, recording is not performed in the entrance / exit ID storage unit 182 and the encryption key storage unit 183, so that the card 180 can be easily reused.

  In addition, as the card 180 in this embodiment, an IC card having an IC chip and an antenna is used.

  A flow of registering a regular user in the security system 100 configured as described above will be described with reference to a sequence diagram shown in FIG.

  A registrant 192 who registers a user inputs user information to the registration terminal 110 via the input unit 113 and the display unit 114 of the registration terminal 110 (200). Here, as user information, at least the user's name, common name, and password are required to be input.

  When the user information is input, the registration terminal 110 requests the reader / writer 115 to obtain a card ID (201), and the reader / writer 115 obtains the card ID from the card 180 (202). The acquired card ID is sent to the registration terminal 110 (203).

  The registration terminal 110 that has read the card ID transmits the card ID to the entrance / exit management server 140 (204), and the entrance / exit management server 140 generates an entrance / exit ID (205), and the card ID and entrance / exit ID. Is registered in the entrance / exit table 142 (206). The created entrance / exit ID is returned to the registration terminal 110 (207).

  The registration terminal 110 generates an encryption key (208), and sends user information, a card ID, an entrance / exit ID, and an encryption key to the certificate server 150 (209).

  The certificate server 150 issues an electronic certificate based on the received user information (210), encrypts the issued electronic certificate and its private key with the received encryption key, and generates encrypted information ( 211).

  Further, the certificate server 150 generates an authentication ID (212), and registers the generated authentication ID, the received card ID, and the entrance / exit ID in the authentication table 153 (213).

  Then, the certificate server 150 registers the encrypted information in the certificate database 154 in association with the authentication ID (214), and transmits the encrypted information to the registration terminal 110 (215).

  Further, the registration terminal 110 sends the entrance / exit ID received from the entrance / exit management server 140 to the reader / writer 115 (216), and the reader / writer 115 records the entrance / exit ID on the card 180 (217). A success response is transmitted to the registration terminal 110 (218).

  The registration terminal 110 decrypts the received encryption information with the encryption key (219), extracts “serial number”, “issuer name hash”, and “issuer key hash” from the decrypted electronic certificate, and extracts them as “ First certificate information concatenated with “−” is created (220), and the created first certificate information is transmitted to the entrance / exit management server 140 together with the entrance / exit ID (221).

  The entrance / exit management server 140 registers the received first certificate information in the first certificate input field 142c on the same line as the entrance / exit ID received together (222), and sends a success response to the registration terminal 110. Transmit (223).

  The registration terminal 110 sends the encryption key to the reader / writer 115 (224), and the reader / writer 115 records the entry / exit ID on the card 180 (225), and transmits a success response to the registration terminal 110 ( 226).

  Further, the registration terminal 110 sends the card ID, the entrance / exit ID and the password to the entrance / exit authentication devices 160A and 160B (227), and the entrance / exit authentication devices 160A and 160B register them in the identification information table 162 ( 228), a success response is transmitted to the registration terminal 110 (229).

  The registration terminal 110 informs the registrant 192 by displaying on the display unit 114 that the registration process has been completed (230).

  Next, a flow for registering a temporary user in the security system 100 will be described with reference to a sequence diagram shown in FIG.

  The registrant 192 who performs user registration inputs user information to the registration terminal 110 via the input unit 113 and the display unit 114 of the registration terminal 110 (240). Here, as user information, at least the user's name, common name, and password are required to be input.

  When the user information is input, the registration terminal 110 requests the reader / writer 115 to obtain a card ID (241), and the reader / writer 115 obtains the card ID from the card 180 (242). The acquired card ID is sent to the registration terminal 110 (243).

  The registration terminal 110 that has read the card ID transmits the card ID to the entrance / exit management server 140 (244), and the entrance / exit management server 140 generates an entrance / exit ID (245), and the card ID and the entrance / exit ID. Is registered in the entrance / exit table 142 (246). The created entry / exit ID is returned to the registration terminal 110 (247).

  Then, the registration terminal 110 sends the user information, card ID, and entrance / exit ID to the certificate server 150 (248).

  The certificate server 150 issues a temporary electronic certificate based on the received user information (249).

  The certificate server 150 generates an authentication ID based on the number acquired from the sequence unit 152 (250), and registers the generated authentication ID, the received card ID, and the entrance / exit room ID in the authentication table 153 (251). ).

  Then, the certificate management unit 151 registers the temporary electronic certificate in association with the authentication ID together with the private key in the certificate database 154 (252), and transmits a success response to the registration terminal 110 (253). .

  The registration terminal 110 sends the card ID, the entrance / exit ID and the password to the entrance / exit authentication devices 160A, 160B (254), and the entrance / exit authentication devices 160A, 160B register these in the identification information table (255), A success response is transmitted to the registration terminal 110 (256).

  The registration terminal 110 informs the registrant 192 by displaying on the display unit 114 that the registration process has been completed (257).

  Next, the flow of verification processing when the user receives service provision from the service server 120 in the security system 100 will be described with reference to the sequence diagram shown in FIG.

  When the user launches a predetermined application on the client terminal 170 to receive provision of a predetermined service from the service server, the application unit 172 requests the service server 120 to provide the service (260). .

  The service server 120 requested to provide the service transmits the server certificate to the client terminal 170 (261), the application unit 172 of the client terminal 170 verifies the server certificate (262), and the authentication management unit 171. Requests the acquisition of an electronic certificate (263).

  The authentication management unit 171 acquires an electronic certificate from the certificate server 150 (264), and sends the electronic certificate and verification information created from the electronic certificate to the application unit 172 (265). The processing from 263 to 265 will be described in detail with reference to FIGS.

  The application unit 172 transmits the sent electronic certificate and verification information to the service server 120 (266).

  The service server 120 verifies the electronic certificate using the verification information (267), extracts the “serial number”, “issuer name hash”, and “issuer key hash” of the electronic certificate to obtain the first certificate information. (268), and the first certificate information is transmitted to the verification server (130) (269).

  The verification server 130 extracts “serial number”, “issuer name hash”, and “issuer key hash” from the first certificate information, and determines whether these are listed in the CRL acquired from the certificate server 150. The validity of the electronic certificate is verified (270), and the first certificate information is transmitted to the entrance / exit management server 140 (271).

  The entry / exit management server 140 obtains the corresponding card ID by referring to the entry / exit table 142 based on the first certificate information (272), and the latest entry from the entry / exit information table 143 based on this card ID. Extracting the device ID that has been successfully authenticated from the authentication result, and determining whether this device ID is installed outside or outside the room based on this device ID It is determined whether or not the person is in the room, room entry information is generated from the determination result (273), and this room entry information is transmitted to the verification server 130 together with the card ID (274).

  In the verification server 130, if the electronic certificate is valid and the user has entered any room, the electronic certificate is valid. On the other hand, if the electronic certificate is not valid or the user is If the user has not entered the room, it is determined that the electronic certificate is invalid (275), and the verification result is transmitted to the service server 120 (276).

  If the electronic certificate is valid, the service server 120 starts to provide a service to the application unit 172 of the client terminal 170 (277).

  Next, a flow in which a legitimate user acquires an electronic certificate in the security system 100 will be described with reference to a sequence diagram shown in FIG.

  When the user of the client terminal 170 starts up a predetermined application and wants to receive provision of a predetermined service from the service server 120, the application unit 172 of the client terminal 120 sends an electronic certificate to the authentication management unit 171. (280).

  Then, the authentication management unit 171 requests the card reader 174 to acquire the entrance / exit ID (281), and the card reader 174 acquires the entrance / exit ID from the card 180 (282), and the acquired entrance / exit ID is authenticated and managed. This is sent to the part 171 (283).

  The authentication management unit 171 that has acquired the entrance / exit ID sends the entrance / exit ID to the certificate server 150 (284), and the certificate management unit 151 of the certificate server 150 sets the authentication ID corresponding to the received entrance / exit ID. Obtained from the authentication table 153 (285), create an SQL query using the obtained authentication ID as a key, search the certificate database (286), and obtain encrypted information from the certificate database (287) The obtained encryption information is read into the certificate management unit 151 (288).

  The certificate management unit 151 transmits the read encrypted information to the client terminal 170 (289).

  The authentication management unit 171 of the client terminal issues an encryption key acquisition request to the card reader 174 in advance (290), and the card reader 174 acquires the encryption key from the card 180 (291), and uses the acquired encryption key as the authentication management unit. 171 (292).

  Then, the authentication management unit 171 of the client terminal 170 decrypts the received encryption information with the acquired encryption key to acquire an electronic certificate and a private key (293), and uses the hash function from the electronic certificate to generate a digest. Then, verification information obtained by encrypting the digest with the private key is generated (294), and the electronic certificate and the verification information are sent to the application unit 172 (295).

  Next, a flow in which a temporary user acquires an electronic certificate in the security system 100 will be described with reference to a sequence diagram shown in FIG.

  When the user of the client terminal 170 starts up a predetermined application and wants to receive provision of a predetermined service from the service server 120, the application unit 172 of the client terminal 120 sends an electronic certificate to the authentication management unit 171. (300).

  Then, the authentication management unit 171 requests the card reader 174 to acquire the entrance / exit ID (301). However, since only the card ID is recorded on the temporary user's card, the card reader 174 The reading of the exit ID has failed (302), and a failure response indicating that the reading of the entrance / exit ID has failed is sent to the authentication management unit 171 (303).

  Upon receiving the failure response, the authentication management unit 171 requests the card reader 174 to read the card ID (304), and the card reader 174 acquires the card ID from the card 180 (305), and the acquired card ID is authenticated and managed. To the unit 171 (306).

  Then, the authentication management unit 171 sends the card ID to the certificate server 150 (307), and the certificate management unit 151 of the certificate server 150 acquires the authentication ID corresponding to the received card ID from the authentication table 153. (308), create an SQL query using the acquired authentication ID as a key, search the certificate database (309), acquire a temporary electronic certificate and private key from the certificate database 154 (310) The temporary electronic certificate and the private key are sent to the certificate management unit 151 (311).

  The certificate management unit 151 transmits the read temporary electronic certificate and private key to the client terminal 170 (312).

  The authentication management unit 171 of the client terminal 170 generates verification information by using a verification plaintext and an encrypted text obtained by encrypting a digest generated from the verification plaintext using a hash function with a secret key ( 313), and sends these temporary electronic certificate and verification information to the application unit 172 (314).

  Processing in the certificate server 150 when registering a user in the security system 100 configured as described above will be described with reference to a flowchart shown in FIG.

  First, the certificate server 150 determines whether or not the information transmitted from the registration terminal 110 includes an encryption key. When the encryption key is included (S320), the certificate management is performed. The unit 151 issues an electronic certificate (S321), and encrypts the electronic certificate and the private key used in the electronic certificate by using the encryption key transmitted from the registration terminal 110. Is generated (S322).

  Then, a number is acquired from the sequence unit 152 (S323), and an authentication ID is generated by adding a numerical value “01” to the head of the acquired number (S324).

  Here, by referring to the authentication table 153, it is confirmed whether or not the authentication IDs are duplicated. If they are duplicated (S325), the processes of steps S323 and S324 are repeated.

  If the authentication ID is not duplicated, the authentication ID, entrance / exit ID, and card ID are registered in the authentication table 153 (S326), and the encrypted information is registered in the certificate database 154 in association with the authentication ID. At the same time (S327), the file name of the encrypted information is registered in the authentication table 153 (S328).

  Then, the encrypted information is transmitted to the client terminal 170 (S329).

  On the other hand, when the encryption key is not included in the information sent from the client terminal 170 (S320), the certificate management unit 151 issues a temporary electronic certificate (S330).

  Then, a number is acquired from the sequence unit 152 (S331), and when this number has reached a predetermined value (S332), the numerical value held in the sequence unit 152 is returned to the initial value (S333).

  On the other hand, when the number obtained from the sequence unit 152 does not reach the predetermined value (S332) or when the numerical value held in the sequence unit 152 is returned to the initial value (S333), the top of the acquired number An authentication ID is generated by adding a numerical value of “91” to (S334).

  Then, by referring to the authentication table 153, it is confirmed whether or not the authentication IDs are duplicated. If they are duplicated (S335), the processing of steps S331 to S334 is repeated.

  If the authentication ID is not duplicated, the authentication ID, the entrance / exit ID, and the card ID are registered in the authentication table 153 (S336), and the temporary electronic certificate and the private key are associated with the authentication ID in the certificate database. In addition, the temporary electronic certificate file name is registered in the authentication table 153 (S338).

  Then, a success response is transmitted to the client terminal 170 (S339).

  FIG. 13 is a flowchart showing processing in the client terminal 170 when a user receives provision of services in the security system 100.

  First, when a user activates a predetermined application and a request is made from the service server 120 to provide a predetermined service (S340), the user can read the card 180 by the card reader 174. It is confirmed whether it has been installed (S341).

  When the user installs the card 180 in the card reader 174 so as to be readable (S341), the service server 120 is requested to provide the service (S342), and the request is transmitted from the service server 120 that has received the request. The received server certificate is received (S343).

  The digital signature of the received server certificate is verified. If the server certificate is not valid (S344), the process returns to step S322 to request the service server 120 to provide the service again.

  On the other hand, if the received server certificate is valid, the card reader 174 is requested to read the entry / exit ID from the card 180 (S345).

  When the entrance / exit ID can be read from the card 180 (S346), the entrance / exit ID is transmitted to the certificate server 150 (S347), and the encrypted information corresponding to the transmitted entrance / exit ID is sent from the certificate server 150. Receive (S348).

  Then, the encryption key is read via the card reader 174 (S349), and the encrypted information is decrypted into the volatile memory using this encryption key (S350).

  Also, a plaintext for verification is prepared, and verification information is generated by using this plaintext, a digest generated from the plaintext using a hash function, and an encrypted text obtained by encrypting the digest with the decrypted private key (S351). ).

  The electronic certificate and verification information are transmitted to the service server 120 (S352).

  After transmitting the electronic certificate and verification information to the service server 120, the electronic certificate and private key stored in the volatile memory are deleted (S353).

  When the verification is successful in the service server 120 (S354), the service provision from the service server 120 is received (S355). When the verification fails (S354), the application is forcibly terminated (S354). S356).

  If the entry / exit ID cannot be read from the card 180 (S346), the card ID is read from the card 180 (S357), and the card ID is transmitted to the certificate server 150 (S358). The corresponding temporary electronic certificate and private key are received from the certificate server 150 (S359).

  And the process of step S351-S356 is performed similarly to the above-mentioned.

  FIG. 14 is a flowchart illustrating processing in the certificate server 150 when a user receives provision of services in the security system 100.

  When the entrance / exit ID is received from the client terminal 170 (S360), an authentication ID corresponding to the received entrance / exit ID is acquired from the authentication table 153 (S361).

  Encryption information corresponding to the acquired authentication ID is acquired from the certificate database 154 (S362), and the encryption information is transmitted to the client terminal 170 (S363).

  On the other hand, if the card ID is received without receiving the entrance / exit ID from the client terminal 170 (S360) (S364), the authentication ID corresponding to the card ID is acquired from the authentication table 153 (S365).

  Then, the temporary electronic certificate and private key corresponding to the acquired authentication ID are obtained from the certificate database 154 (S366), and the temporary electronic certificate and private key are transmitted to the client terminal 170 (S367).

  FIG. 15 is a flowchart showing processing of the entrance / exit authentication device 160 when the user enters or leaves the room in the security system 100.

  When the user passes the card 180 through the card reader 165 and requests to read the information recorded on the card 180 (S370), the entrance / exit ID or card ID stored in the card 180 is read (S371). .

  By referring to the identification information table 162, it is verified whether or not there is a match with the read / exit room ID or card ID, and if there is a match (S372), the password is verified via the display unit 167. The input of a number is requested (S373), and it is determined whether or not the password entered via the input unit 166 matches the password stored in the identification information table 162 (S374).

  If these passwords match (S374), the electronic lock 191 is unlocked (S375), and the entry / exit management server 140 is notified of the successful authentication together with the entry / exit ID or card ID (S375). S376).

  If the passwords do not match (S374), if the predetermined number of times is not exceeded (S377), the processes of S373 and S374 are repeated.

  When the input code number does not match a predetermined number of times (S377), and when the card ID or entry / exit ID read from the card 180 does not match the identification information table 162, the display unit 167 The user is notified by displaying that the authentication has failed (S378), and the entrance / exit management server 140 is notified of the authentication failure together with the entrance / exit ID or card ID (S379).

  FIG. 16 is a schematic diagram illustrating an example of use of the security system 100.

  As shown in the figure, a registration terminal 110, a service server 120, a verification server 130, an entrance / exit management server 140, and a certificate server 150 are installed in any place in a building 193, and a client is installed inside a room 194 in the building 193. The terminal 170 is installed, the first entrance / exit authentication device 160A is installed outside the entrance of the room 194, and the second entrance / exit authentication device 160B is installed inside the room 194, thereby entering the room 194. Exit management and information management at the client terminal 170 can be managed by one security system 100.

  Further, for example, as shown in FIG. 17, the first building 193A includes a registration terminal 110, a service server 120, a verification server 130, an entry / exit management server 140, a certificate server 150, a first entry / exit authentication device. 160A, a second entrance / exit authentication device 160B, and a client terminal 170 are installed, and these can be connected to the Internet 196 via a router 195, and the second building 193B and the third building 193C are respectively By installing the certificate server 150, the first entry / exit authentication device 160A, the second entry / exit authentication device 160B, and the client terminal 170, and connecting them to the Internet 196 via the router 195, the first The registration terminal 110 installed in one building 193A is used for the rooms 194A to 194A in these buildings 193A to 193C. And entry and exit to 94C, also can register a user using the client terminal 170 in these buildings 193A～193C. Further, the service server 120, the authentication server 130, and the entrance / exit management server 160 installed in the first building 193A enter and leave the rooms 194A to 194C in these buildings 193A to 193C, and these buildings 193A to 193C. The user who uses the client terminal 170 can be managed.

  Here, as shown in FIG. 17, in the case where a plurality of certificate servers 150 are provided, all certificate servers are used to register users via the registration terminal 110 installed in the first building 193A. When the client terminal 170 is used, the electronic certificate issued by the certificate server 150 belonging to the buildings 193A to 193C to which the client terminal 170 belongs is used, so that the client terminal 170 is used. It is possible to know which building 193A to 193C the user is in, and when the compared building 193A to 193C and the place ID are different, The verification server 130 may determine that the verification has failed.

  When the verification server 130 verifies the location ID, the location ID is extracted from the location table 144 when the entrance information is sent from the entrance / exit management server 140 to the verification server 130, and the location ID is entered together with the entrance information. What is necessary is just to send to the verification server 130.

  In the security system 100 described above, the verification server 130, the entrance / exit management server 140, and the certificate server 150 are provided. However, the present invention is not limited to this mode, and all the processes performed by these are performed by one server. Also good. The processing performed by the verification server 130 and the entrance / exit management server 140 may be performed by one server, the processing performed by the verification server 130 and the certificate server 150 may be performed by one server, and the entrance / exit management server 140 The processing performed by the certificate server may be performed by one server.

  Further, in the security system 100 described above, the card ID and the room entry / exit ID are used as the user identification information, but the present invention is not limited to such a mode, and only one of them can be used. .

  Furthermore, in the security system 100 described above, the entrance / exit authentication devices 160A and 160B are provided both inside and outside the room. However, the present invention is not limited to this mode. It is possible to provide an entrance / exit authentication device on one side and a card reader only on the other side. In such a case, it is possible to identify with which card reader the card reader has read (for example, by storing the identification information of the card reader that has read the ID in the entrance / exit information table 143). ), The user's entry or exit can be specified.

1 is a schematic diagram of a security system 100. FIG. Schematic of the entrance / exit table 142. FIG. Schematic of the entrance / exit information table 143. FIG. Schematic of the location table 144. FIG. Schematic of the authentication table 153. FIG. Schematic of the identification information table 162. FIG. The sequence diagram which shows the flow which performs registration of a regular user. The sequence diagram which shows the flow which registers the user of temporary use. The sequence diagram which shows the flow of the verification process when a user receives provision of service from the service server 120. FIG. The sequence diagram which shows the flow in which a regular user acquires an electronic certificate. The sequence diagram which shows the flow which the user of temporary use acquires an electronic certificate. The flowchart which shows the process in the certificate server 150 at the time of registering a user. The flowchart which shows the process in the client terminal 170 when a user receives provision of a service. The flowchart which shows the process in the certificate server 150 when a user receives provision of a service. The flowchart which shows the process of the entrance / exit authentication apparatus 160 when a user enters a room or leaves a room. Schematic which shows the usage example of the security system 100. FIG. Schematic which shows the usage example of the security system 100. FIG.

Explanation of symbols

100 Security System 110 Registration Terminal 120 Service Server 130 Verification Server 140 Entrance / Exit Management Server 140
150 Certificate Server 160 Entrance / Exit Authentication Device 170 Client Terminal 180 Card

Claims (7)

A reading unit that reads the identification information stored in the authentication information storage medium, and determines whether the identification information matches the identification information stored in advance, and permits the user to enter or leave the room if they match An entrance / exit management system comprising:
A certificate server and a client terminal arranged in a room in which entry / exit of a user is managed by the entry / exit management system are provided with a room for managing entry / exit of the user by the entry / exit management system. An electronic certificate management system comprising: a verification server that is arranged in each of the buildings that is installed and determines the validity of the electronic certificate generated by the certificate server;
A security system having
The client terminal transmits a reading unit that reads identification information from the authentication information storage medium and the identification information read by the reading unit to the certificate server arranged in the building where the own device is arranged. A transmission unit that transmits the electronic certificate received from the certificate server arranged in the building where the apparatus is arranged, to the verification server, and
The certificate server includes a receiving unit that receives identification information from the client terminal;
An electronic certificate storage unit storing the electronic certificate;
A certificate management unit for obtaining an electronic certificate corresponding to the identification information from the electronic certificate storage unit;
A transmission unit that transmits the acquired electronic certificate to the client terminal,
The verification server includes a verification processing unit that determines the validity of the electronic certificate received by the client terminal,
When the verification processing unit determines the validity of the electronic certificate received by the user at the client terminal, it is also effective that the user enters the room where the client terminal is located. Make it a condition to judge,
Security system characterized by The security system according to claim 1,
The electronic certificate management system includes a registration terminal,
The registration terminal includes a reading unit that reads identification information stored in an authentication information storage medium, an input unit that receives input of user information from a user of the security system, and identification information read by the reading unit. A transmission unit that transmits the identification information read by the reading unit and the user information received by the input unit to the certificate server.
The entrance / exit management system stores the identification information received from the registration terminal,
When the certificate management unit of the certificate server receives the identification information and the user information from the registration terminal, the certificate management unit generates an electronic certificate from the user information and associates it with the identification information received from the registration terminal. Storing in the electronic certificate storage unit;
Security system characterized by The security system according to claim 1,
The authentication information storage medium is an IC card;
Security system characterized by The security system according to claim 1,
The electronic certificate storage unit encrypts and stores an electronic certificate,
The authentication information storage medium stores an encryption key,
The authentication management unit of the client terminal receives the encrypted electronic certificate from the certificate server, reads the encryption key stored in the authentication information storage medium via the reading unit, and uses the encryption key Decrypting the encrypted electronic certificate;
Security system characterized by A reading unit that reads the identification information stored in the authentication information storage medium, and determines whether the identification information matches the identification information stored in advance, and permits the user to enter or leave the room if they match An entrance / exit management system comprising:
A certificate server and a client terminal arranged in a room in which entry / exit of a user is managed by the entry / exit management system are provided with a room for managing entry / exit of the user by the entry / exit management system. An electronic certificate management system comprising: a verification server that is arranged in each of the buildings that is installed and determines the validity of the electronic certificate generated by the certificate server;
A security management method performed by a security system having a process in which the reading unit of the client terminal reads identification information from the authentication information storage medium,
A process in which the transmission unit of the client terminal transmits the identification information read by the reading unit to the certificate server arranged in the building where the own device is arranged;
A process in which a receiving unit of the certificate server receives identification information from the client terminal;
The certificate management unit of the certificate server obtains an electronic certificate corresponding to the identification information received from the client terminal from the electronic certificate storage unit that stores the electronic certificate;
A process in which the transmitting unit of the certificate server transmits the acquired electronic certificate to the client terminal;
The receiving unit of the client terminal receives the electronic certificate from the certificate server;
A process in which the transmission unit of the client terminal transmits the electronic certificate received from the certificate server arranged in the building where the own apparatus is arranged to the verification server;
The electronic certificate received by the client terminal as a condition that the verification processing unit of the client terminal determines that the electronic certificate is valid when the user enters the room where the client terminal is located The process of determining the effectiveness of
A security management method characterized by comprising: The security management method according to claim 5,
The electronic certificate management system includes a registration terminal,
A process of reading identification information stored in an authentication information storage medium by a reading unit of the registration terminal;
A process in which the input unit of the registration terminal receives input of user information from a user of the security system;
A process in which the transmitting unit of the registration terminal transmits the identification information read by the reading unit to the entrance / exit management system;
A process in which the transmitting unit of the registration terminal transmits the identification information read by the reading unit and the user information received by the input unit to the certificate server;
A process of storing the identification information received from the registration terminal by the entrance / exit management system;
When the certificate management unit of the certificate server receives the identification information and user information from the registration terminal, it generates an electronic certificate from the user information and associates it with the identification information received from the registration terminal. Storing in the electronic certificate storage unit;
A security management method characterized by comprising: The security management method according to claim 5,
The electronic certificate storage unit encrypts and stores an electronic certificate,
The authentication information storage medium stores an encryption key,
The authentication management unit of the client terminal receives the encrypted electronic certificate from the certificate server, reads the encryption key stored in the authentication information storage medium via the reading unit, and uses the encryption key Having the process of decrypting the encrypted electronic certificate;
Security management method characterized by the above.

Images