JP4690007B2 - Communication system and communication terminal - Google Patents

Description

  The present invention relates to a communication system that performs encrypted communication, and more particularly to a communication system and a communication terminal that improve a public key management method in encrypted communication.

  Wireless communication terminals such as mobile phones, PHS (registered trademark), and PDA (Personal Digital Assistance) that are connected wirelessly do not require a base station or an access point, and wirelessly connect to each other to perform other wireless communication. A network configuration in which wireless communication is performed by multi-hop connection that connects to a target communication partner via a terminal is called a wireless ad hoc network. In a wireless ad hoc network, since all nodes within a range where radio waves reach from a certain node can eavesdrop on that node, a VPN (Virtual Private Network) is required for concealing end-to-end communication. .

  Conventionally, in order to construct a highly secure VPN, an encryption method for exchanging encrypted data by communication is often used. A public key cryptosystem is well known as an example of the cryptosystem. In this method, different keys are used for the encryption key used on the data transmission side and the decryption key used on the reception side. For example, the data transmission side receives a public key from the reception side in advance, and transmits data encrypted using this public key to the reception side. The receiving side that has received this data performs decryption using the private key corresponding to its own public key, and obtains the data.

  In the public key cryptosystem, in order to prove the validity of a public key that is made public to an unspecified number of people, a public key certificate is assigned to the public key, and the reliability and security of the public key are given. It is a common practice to increase sex. An organization that issues and manages this public key certificate is called CA (Certificate Authority), and in a conventional wireless communication system, a fixed base such as a base station or an access point plays a role. In the conventional wireless communication system, the node notifies the CA of its own public key in advance. When the CA determines that the node having the public key can be trusted, the CA issues a public key certificate to the node.

  The public key certificate includes an electronic book name made by the CA using its own private key (common key) with respect to data obtained by combining the public key and information regarding the node that owns the public key. When a certain node (referred to as node A) authenticates the public key of another node (referred to as node B), node A obtains a public key certificate from node B. Then, the node A verifies the electronic signature of the public key certificate using the CA public key acquired in advance from the CA, and if the node A authenticates that the electronic signature is indeed made by the CA, the public key It is determined that the public key of Node B given to the certificate is valid. In this case, as described above, the node A communicates with the node B using this public key.

  However, in the case of a wireless ad hoc network that does not have a fixed base such as a base station or an access point, there is no CA that can be absolutely trusted, and thus public key certificates cannot be issued and managed. Therefore, a public key certificate distributed management method (called this because each communication node plays the role of CA) has been proposed (for example, Non-Patent Document 1), in which each node independently issues and manages a public key certificate. .

  In this method, each node issues and manages a public key certificate of a communication node based on its own judgment (knowledge: knowledge and experience). For example, it is assumed that the node A has not issued a public key certificate to the node B and does not have a trust relationship with the node B. Further, it is assumed that node C directly trusting node A (issuing a public key certificate) directly trusts node B. When node A performs encrypted communication with node B, node A can trust node B by receiving the public key certificate of node B from node C. In this way, the trust relationship established between the node A and the node B is called a circle of trust.

  In the method described in Non-Patent Document 1, each node establishes a trust relationship with those nodes by exchanging information on the public key certificate with nodes that it trusts. Furthermore, these nodes are in a trust relationship with other nodes, and this is a technique for constructing a circle of trust to the authenticated node using the trust relationship. If the circle of trust up to the node to be authenticated is connected, then the validity of the public key of the node to be authenticated has been proved.

More specifically, the following processing is performed in this method. First, each node creates its own public key and a corresponding private key. Subsequently, each node creates a public key certificate related to the public key of the other node based on the knowledge of the public key of the other node that it has already acquired, and for each node that owns the public key Issue a public key certificate. Each node exchanges the created public key certificate between each node, and the obtained public key certificate is stored in its own repository (database built on a hard disk drive etc. to store the public key certificate). Store the certificate. Each node exchanges information in the repository, and acquires information in the repository of all nodes participating in the network. A node that wants to communicate with the target node performs a calculation of building a circle of trust to the target node based on the information in the repository.
Srdjan Capkun, two others, “Self-Organized Public-Key Management for Mobile Ad Hoc Networks”, IEEE TRANSACTIONS ON MOBILE COMPUTING, 2003, Vol. 2, no. 1, p. 52-63

  However, in the above-described conventional public key certificate distributed management method, each node receives information in the repositories of all nodes participating in the network in advance and manages them on an HDD (Hard Disk Drive) or memory. Is assumed. Therefore, as the number of nodes increases, the amount of communication for exchanging public key certificate information increases. In addition, since there are limits to the memory and HDD capacity and CPU resources required for repository management, the number of nodes that can manage public keys is limited. Even if information about the trust relationship of all the nodes can be collected and stored, a CPU (Central Processing Unit) is used to search a connection of a circle of trust to the target authenticated node from the repository. Therefore, there is a problem in real-time property for performing authentication during communication.

  Also, even if a circle of trust can be searched, the validity of each public key certificate in the repository must be confirmed. Nodes for which the public key certificate is determined not to be valid are listed in a revocation certificate list (CRL). The validity of the public key certificate is determined based on the revoked certificate list. In the conventional public key certificate distributed management method, when a circle of trust is established, a communication node inquires of a node constituting the circle of trust about the information related to the revocation certificate list. The communication cost is also a problem.

  The present invention has been made in view of the above-described problems, and provides a communication system and a communication terminal that can reduce the management cost of public keys without wastefully using communication resources and resources of each node. The purpose is to provide.

  The present invention has been made to solve the above problems, and the invention according to claim 1 is directed to verifying the public key of the authenticated terminal by the authentication terminal via one or more relay terminals, and verifying the public key In the communication system that performs encrypted communication with the authenticated terminal using the authentication terminal, the authenticating terminal transmits a request information for requesting information necessary for verifying the public key, and the relay A first receiving means for receiving verification information including the information from the terminal; and a verification means for verifying the public key based on the verification information, wherein the relay terminal is requested by the request information. If the requested information is not possessed, the request information is transmitted to another relay terminal, and if the requested information is possessed, the verification information including the information is To an authentication terminal or other relay terminal It is a communication system characterized by comprising a second transmission means for signals.

  The invention according to claim 2 is a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key. The authentication terminal includes first transmission means for broadcasting request information for requesting first certificate information necessary for verifying the public key, and verification information including the first certificate information. First receiving means for receiving from the relay terminal, and verifying means for verifying the public key based on the verification information, wherein the relay terminal includes first storage means for storing certificate information; A second receiving unit that receives the request information; a determination unit that determines whether the first certificate information is stored in the first storage unit based on the request information; If it is determined that The certificate information stored in the first storage means is added to the request information, the request information is broadcast, and if it is determined that the information is stored, the certificate information added to the request information And a second transmission means for transmitting verification information including the first certificate information to the authentication terminal.

  According to a third aspect of the present invention, in the communication system according to the second aspect, the first transmission means uses the route information for requesting the first certificate information necessary for verifying the public key. Broadcast request information including the request information, and when the second transmission means determines that the first certificate information is not stored in the first storage means, the route included in the request information Information is updated, the request information is broadcast, and if it is determined that the first certificate information is stored in the first storage means, the first certificate information is passed through When the verification information including the reply via information indicating the terminal is transmitted to the authentication terminal or the relay terminal indicated by the reply via information and the verification information is received, the information is stored by the first storage unit Certificate information It was added to the request information, and transmits to the authentication terminal or the relay terminal the reply via information indicates.

According to a fourth aspect of the present invention, in the communication system according to the second aspect, the authentication terminal further includes second storage means for storing a reliable relay terminal, and the first transmission means includes the Request information for requesting first certificate information necessary for public key verification is transmitted to the relay terminal stored in the second storage means, and the first storage means Information and other trusted relay terminals are stored, and when the second transmission means determines that the first certificate information is not stored in the first storage means, the first transmission means The certificate information stored in the storage means is added to the request information, the request information is transmitted to the relay terminal stored in the first storage means, and the first certificate information is Determined to be stored in the first storage means If it is, and transmits the verification information including said request the additional certificate information and the information first certificate information to the authentication terminal.
The trust relationship between the terminals is defined by, for example, issuing a public key certificate. A certain terminal (A) trusts another terminal (B) means that the terminal (A) issues a public key certificate to the public key of the terminal (B). The first and second storage means store the issue destination terminal that has issued the public key certificate.

  According to a fifth aspect of the present invention, in the communication system according to the fourth aspect, the first transmission means uses the route information for requesting the first certificate information necessary for the verification of the public key. The request information including the request information is transmitted to the relay terminal stored in the second storage unit, and the second transmission unit does not store the first certificate information in the first storage unit. The route information included in the request information is updated, the request information is transmitted to the relay terminal stored in the first storage means, and the first certificate information is transmitted. Is determined to be stored in the first storage means, the return information indicates verification information including the first certificate information and return information indicating a terminal through which the certificate is passed. Sent to the authentication terminal or the relay terminal When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. It is characterized by.

  According to a sixth aspect of the present invention, in the communication system according to the first to fifth aspects, the first receiving means further includes second certificate information for certifying the public key from the authenticated terminal. , And the first certificate information certifies a public key necessary for verifying signature information included in the second certificate information.

  According to a seventh aspect of the present invention, in the communication system according to the first to fifth aspects, the first receiving means further trusts the public key and the authenticated terminal from the authenticated terminal. Trusted information about the terminal is received in advance, the first certificate information proves the public key, and the request information receives the first certificate information from the terminal indicated by the trusted information. It is characterized by indicating acquisition.

  The invention according to claim 8 is a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key. The authentication terminal transmits request information for requesting information necessary for verification of the public key to another terminal, and verification information including information necessary for verification of the public key from the other terminal. The relay terminal verifies the public key based on the verification information, and the relay terminal stores in advance the identification information of the terminal that it trusts and the path information about the path that reaches the other terminal, When request information is received, new request information including information necessary for verifying the public key and information for designating a terminal to be routed is generated based on the route information. The terminal to be authenticated When the request information is received, the verification information including information necessary for verifying the public key and information necessary for verifying the public key included in the request information is included in the request information. It is a communication system characterized by generating and transmitting to the authentication terminal.

  The invention according to claim 9 is the communication system according to claim 8, wherein the new request information generated by the relay terminal is generated by another relay terminal through which the request information passes or the authentication terminal. The verification information generated by the authenticated terminal includes certificate information for certifying its own public key, the certificate information of the relay terminal added to the request information, and the relay terminal through which the request information has passed And certificate information that certifies its own public key, generated by (1).

  The invention according to claim 10 is a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key. The authentication terminal transmits request information for requesting information necessary for verification of the public key to another terminal, and verification information including information necessary for verification of the public key from the other terminal. The relay terminal verifies the public key based on the verification information, and the relay terminal stores in advance the identification information of the terminal that it trusts and the path information about the path that reaches the other terminal, If the request information is received and the certificate information that proves the public key of the authenticated terminal is not possessed, the public information generated by the other relay terminal or the authentication terminal through which the request information passes Certificate information that proves the key And generating new request information including information for designating a terminal through which it is transmitted based on the route information, transmitting it to another terminal, receiving the request information, and proving the public key of the authenticated terminal Certificate information that certifies its own public key generated by another relay terminal or the authentication terminal through which the request information passes, and is added to the request information. In the communication system, the verification information including the certificate information and the certificate information proving the public key of the authenticated terminal is generated and transmitted to the authentication terminal.

  According to an eleventh aspect of the present invention, in the communication system according to any one of the eighth to tenth aspects, the relay terminal receives the request information from another terminal that does not trust itself, and the request is received. When the terminal itself is designated as a terminal through which information passes, new request information including information designating arrival at another relay terminal or the authenticated terminal is generated.

  The invention according to claim 12 is a communication system in which the authentication terminal verifies the public key of the authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key. In the communication terminal used, as the authentication terminal, first transmission means for transmitting request information for requesting information necessary for verification of the public key, and verification information including the information from the relay terminal A first receiving means for receiving and a verification means for verifying the public key based on the verification information, and the relay terminal does not possess the information requested by the request information The request information is transmitted to another relay terminal, and when the information requested by the request information is possessed, the verification information including the information is transmitted to the authentication terminal or another relay terminal. 2 senders A communication terminal, characterized by comprising and.

  The invention according to claim 13 is a communication system in which the authentication terminal verifies the public key of the authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key. In the communication terminal to be used, as the authentication terminal, first transmission means for broadcasting request information for requesting first certificate information necessary for verification of the public key, and the first certificate information First verification means for receiving verification information from the relay terminal and verification means for verifying the public key based on the verification information, and storing certificate information as the relay terminal A first storage unit; a second reception unit configured to receive the request information; and a determination unit configured to determine whether the first certificate information is stored in the first storage unit based on the request information. And remembered If it is determined that the request information is stored, the certificate information stored by the first storage unit is added to the request information, the request information is broadcast, and if it is determined that the request information is stored, A communication terminal comprising: second transmission means for transmitting verification information including certificate information added to the request information and the first certificate information to the authentication terminal.

  According to a fourteenth aspect of the present invention, in the communication terminal according to the thirteenth aspect, the first transmission means uses the route information for requesting the first certificate information necessary for verifying the public key. Broadcast request information including the request information, and when the second transmission means determines that the first certificate information is not stored in the first storage means, the route included in the request information Information is updated, the request information is broadcast, and if it is determined that the first certificate information is stored in the first storage means, the first certificate information is passed through When the verification information including the reply via information indicating the terminal is transmitted to the authentication terminal or the relay terminal indicated by the reply via information and the verification information is received, the information is stored by the first storage unit Certificate information It was added to the request information, and transmits to the authentication terminal or the relay terminal the reply via information indicates.

  The invention according to claim 15 is the communication terminal according to claim 13, further comprising second storage means for storing a reliable relay terminal as the authentication terminal, wherein the first transmission means Request information for requesting first certificate information necessary for public key verification is transmitted to the relay terminal stored in the second storage means, and the first storage means Information and other trusted relay terminals are stored, and when the second transmission means determines that the first certificate information is not stored in the first storage means, the first transmission means The certificate information stored in the storage means is added to the request information, the request information is transmitted to the relay terminal stored in the first storage means, and the first certificate information is When stored in the first storage means If it is a constant, characterized in that to transmit the verification information including said and additional certificate information to the request information first certificate information to the authentication terminal.

  According to a sixteenth aspect of the present invention, in the communication terminal according to the fifteenth aspect, the first transmission means uses the route information for requesting the first certificate information necessary for verifying the public key. The request information including the request information is transmitted to the relay terminal stored in the second storage unit, and the second transmission unit does not store the first certificate information in the first storage unit. The route information included in the request information is updated, the request information is transmitted to the relay terminal stored in the first storage means, and the first certificate information is transmitted. Is determined to be stored in the first storage means, the return information indicates verification information including the first certificate information and return information indicating a terminal through which the certificate is passed. Sent to the authentication terminal or the relay terminal When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. It is characterized by.

  According to a seventeenth aspect of the present invention, in the communication terminal according to the twelfth to sixteenth aspects, the first receiving means further includes second certificate information for proving the public key from the authenticated terminal. , And the first certificate information certifies a public key necessary for verifying signature information included in the second certificate information.

  According to an eighteenth aspect of the present invention, in the communication terminal according to the twelfth to sixteenth aspects, the first receiving unit further trusts the public key and the authenticated terminal from the authenticated terminal. Trusted information about the terminal is received in advance, the first certificate information proves the public key, and the request information receives the first certificate information from the terminal indicated by the trusted information. It is characterized by indicating acquisition.

  The invention according to claim 19 is a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key. In the communication terminal used, as the authentication terminal, a first transmission means for transmitting request information for requesting information necessary for verification of the public key to another terminal; A first receiving unit that receives verification information including information necessary for verification; and a verification unit that verifies the public key based on the received verification information. When the request information is received, storage means for preliminarily storing the identification information of the trusted terminal, route information regarding the route to reach another terminal, second receiving means for receiving the request information, Necessary for verification of the public key First information generating means for generating new request information including information for designating a terminal to be routed based on the route information, and a second transmission for transmitting the request information to another terminal A third receiving means for receiving the request information as the authenticated terminal, and information necessary for verifying the public key included in the received request information. A second information generating unit that generates the verification information including information necessary for verifying the public key, and a third transmitting unit that transmits the verification information to the authentication terminal. This is a featured communication terminal.

  According to a twentieth aspect of the present invention, in the communication terminal according to the nineteenth aspect, the new request information generated by the first information generation unit is transmitted by another relay terminal or the authentication terminal through which the request information passes. The verification information generated by the second information generation means includes certificate information that certifies the public key that is generated, and includes the certificate information of the relay terminal added to the request information, and the request And certificate information proving its own public key, which is generated by the relay terminal through which the information has passed.

  The invention according to claim 21 is a communication system in which the authentication terminal verifies the public key of the authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key. In the communication terminal used, as the authentication terminal, a first transmission means for transmitting request information for requesting information necessary for verification of the public key to another terminal; A first receiving unit that receives verification information including information necessary for verification; and a verification unit that verifies the public key based on the received verification information. Storage means for preliminarily storing the identification information of the trusted terminal and the route information related to the route to reach another terminal, the second receiving means for receiving the request information, and proving the public key of the authenticated terminal I have certificate information In the case where the request information is not included, it includes certificate information for certifying its own public key generated by another relay terminal or the authentication terminal through which the request information passes, and specifies the terminal through which the request information passes. New request information including information to be generated, and when possessing certificate information that proves the public key of the terminal to be authenticated, generated by another relay terminal through which the request information passes or the authentication terminal The verification information including the certificate information for certifying its own public key, the certificate information added to the request information, and the certificate information for certifying the public key of the authenticated terminal. A communication terminal comprising: a first information generating means for generating; and a third transmitting means for transmitting new verification information to another terminal and transmitting the verification information to the authentication terminal. It is.

  According to a twenty-second aspect of the present invention, in the communication system according to any one of the nineteenth to twenty-first aspects, the second receiving unit receives the request information from another terminal that does not trust itself. The first information generation means, when it is designated as a terminal through which the request information passes, includes new request information including information designating arrival at another relay terminal or the authenticated terminal. Is generated.

  According to the present invention, when there is a need to authenticate the public key of the authenticated terminal, the authentication terminal acquires the public key certificate of only the necessary terminal from each terminal that builds a circle of trust. As a result, it is possible to reduce the public key management cost without wastefully using communication resources and resources of each node.

  The best mode for carrying out the present invention will be described below with reference to the drawings. In the present embodiment, a wireless ad hoc network will be described as an example of a communication system having no certificate authority (CA). FIG. 1 is a schematic configuration diagram showing a configuration of a communication system according to an embodiment of the present invention. In the figure, nodes 1A to 1N are shown. The node in the present embodiment is a communication terminal such as a mobile phone, a terminal having a wireless communication function such as PHS (registered trademark), PDA (Personal Digital Assistance), or a personal computer constituting a wireless LAN (Local Area Network). . This configuration diagram does not show the positional relationship between the nodes, but shows a logical connection relationship. Further, this communication system is not limited to the nodes 1A to 1N, and includes nodes not shown.

  FIG. 2 is a block diagram showing the configuration of each node. In the figure, reference numeral 10 denotes an antenna for data transmission / reception. A communication unit 11 performs modulation / demodulation processing and the like related to data transmission / reception. An operation unit 12 is operated by the user. A display unit 13 displays various information to the user. Reference numeral 14 denotes a temporary storage unit that temporarily holds information (public key certificate or the like) acquired in communication with other nodes. When communication with another node is completed, the information in the temporary storage unit 14 is deleted.

  A storage unit 15 stores information that is held for a long time. The storage unit 15 stores a public key certificate issued to a node trusted by the own node and a public key certificate issued from a node trusting the own node as a certificate repository. Further, information on nodes directly trusted by the own node is stored as a trusted node list, and information indicating to which node the own node is directly trusted is stored as a trusted node list. Reference numeral 16 denotes a control unit that controls the above-described units and encrypts and decrypts data.

  Next, the operation of each node in this embodiment will be described. First, the trust relationship between each node will be described. In the communication system shown in FIG. 1, the node 1A trusts the node 1B and the node 1C. Further, the node 1B and the node 1C that are trusted by the node 1A also trust other nodes as shown in the figure. Here, the fact that the node 1A trusts the node 1B means that the node 1A issues a public key certificate for the public key of the node 1B. In FIG. 1, each arrow indicates the trust relationship of each node.

  When the node 1A is notified in advance of the public key of the node 1B from the node 1B and determines that the node 1B can be trusted, the node 1A creates a public key certificate for the public key of the node 1B and stores it in the storage unit 15 of the node 1A. The public key certificate is added to the certificate repository and node 1B information is added to the trusted node list. This public key certificate includes public key information such as the public key of the node 1B and an identifier of the node 1B, and signature information (an electronic signature by the node 1A and an identifier of the node 1A that is the signer). The electronic signature of the node 1A is obtained by encrypting the above public key information with the private key of the node 1A, and can be decrypted only with the public key of the node 1A.

Hereinafter, in the description of this embodiment, to be expressed a public key certificate including the signature information S _A of the public key K _B and the node 1A node 1B as (K B _{/ S A).} K represents a public key, and S represents a signature.

When the node 1A creates the public key certificate for the node 1B, the node 1A transmits the public key certificate (K _B / S _A ) to the node 1B. The node 1B that has acquired the public key certificate adds the public key certificate to the certificate repository in the storage unit 15 and adds the information of the node 1A to the trusted node list in the storage unit 15. Thereby, it can be recognized that the node 1B is trusted by the node 1A.

  Next, a communication path establishment method in this embodiment will be described. In the present embodiment, it is assumed that the node 1A in FIG. 1 performs encrypted communication with the node 1N. In this embodiment, it is assumed that a communication path between nodes is established according to a conventional protocol such as a DSR (Dynamic Source Routing) protocol or an AODV (Ad Hoc On-Demand Distance Vector Routing) protocol. Hereinafter, a route search method based on the DSR protocol and the AODV protocol will be described.

  In the DSR protocol, an authentication node that performs a route search transmits a packet called RREQ (Route Request) to surrounding nodes. If the destination node of the packet is not itself, the surrounding node that has received this adds its own information to the route information in the packet, and further transmits the RREQ packet to the surrounding node. When the destination node receives this packet, it transmits an RREP (Route Reply) packet to the authentication node according to the route information in the RREQ packet. The authentication node that has received this RREP packet via the relay node communicates with the destination node via the relay node indicated by the path information included in the RREP packet.

  On the other hand, in the AODV protocol, an authentication node that performs route search transmits an RREQ packet that does not include route information to surrounding nodes. The surrounding nodes store the identifier of the transmission node (the node that transmitted the RREQ packet immediately before) included in the RREQ packet as a communication partner. This communication partner is a node located on the authentication node side. Subsequently, the surrounding nodes rewrite the transmission node identifier of the RREQ packet with its own identifier, and further transmit the RREQ packet to other surrounding nodes.

  When the destination node receives this packet, the destination node stores the communication partner and transmits an RREP packet to the communication partner. The node that has received the RREP packet stores the transmission node included in the RREP packet (the node that transmitted the RREP packet immediately before itself) as a communication partner. This communication partner is a node located on the destination node side. Subsequently, the node that has received the RREP packet transmits the RREP packet in which the transmission node identifier is rewritten to its own identifier to the authenticated node stored by the RREQ packet. The authentication node that has received the RREP packet similarly stores the communication partner and communicates with the destination node via the relay node.

  Note that the above-described DSR protocol and AODV protocol are examples of communication methods in a wireless ad hoc network, and the communication path establishment method in the present embodiment is not limited to these methods.

Next, the operation of each node during communication will be described. First, a first operation example in the present embodiment will be described. Before performing encrypted communication, the node 1A (authentication terminal) establishes a communication path with the node 1N (authenticated terminal) in advance and obtains the public key certificate (K _N / S _M ) of the node 1N from the node 1N. To do. The public key certificate of node 1N are included with the public key K _N nodes 1N, the signature information S _M for the public key. Since the node 1A to authenticate the public key K _N included in the public key certificate, with reference to the certificate repository in its own storage unit 15, the node 1N public key certificate (K N _{/ S A)} is Determine if there is.

Since the node 1A does not directly trust the node 1N, it does not have the public key certificate of the node 1N. In that case, the node 1A refers to the signature information S _M included in the public key certificate obtained from the node 1N. The signature information is generated by the node 1M that trusts the node 1N, and the electronic signature included in the signature information is decrypted only by the public key of the node 1M. Since node 1A does not directly trust node 1M, node 1M's public key certificate is not in node 1A's certificate repository. Therefore, the node 1A acquires the public key certificate of the node 1M from the node that trusts the node 1M.

  Subsequently, the node 1A broadcasts certificate request information (request information) for requesting the public key certificate of the node 1M. The certificate request information includes information indicating that the node 1A is requesting the public key certificate of the node 1M, and relay node information indicating the node that relayed the certificate request information (initially the node 1A). include. This certificate request information is transferred by each node. FIG. 3 shows a state of communication according to the first operation example. FIG. 3A shows how the certificate request information transmitted by the node 1A is transferred. This figure shows a part of the transfer of the certificate request information, and the nodes (not shown) (for example, node 1B, node 1D, etc.) perform the same processing.

  When a node not shown in FIG. 1 (for example, a node existing between the node 1A and the node 1C) receives this certificate request information, the node refers to the relay node information, so that the node 1A is the sender. Knowing that there is, it is determined whether or not the node 1A is included in the trusted node list of its own storage unit 15. Since the node (not shown) is not trusted by the node 1A, it is determined that it should not participate in the construction of the trust circle, and the certificate request information is broadcast as it is. Note that the above-described RREQ may be included so that the certificate request information also serves as a route search.

When the node 1C (relay terminal: the same applies to the node 1B) receives the certificate request information, the node 1C knows that the node 1A is the sender by referring to the relay node information, It is determined whether or not the node 1A is included in the trusted node list. Since the node 1C includes the node 1A in the trusted node list of the node 1C, the node 1C determines that it should participate in the construction of the circle of trust. The node 1C rewrites the relay node information with its own information with respect to the certificate request information, adds its own public key certificate (K _C / S _A ) issued from the node 1A, and adds the certificate request information. Broadcast.

The node 1F receives this certificate request information and recognizes that it is trusted by the node 1C by referring to the relay node information in the certificate request information and the trusted node list in the storage unit 15. Judge that they should participate in building a circle of trust. The node 1F rewrites the relay node information with its own information with respect to the certificate request information, and adds its own public key certificate (K _F / S _C ) issued from the node 1C to obtain the certificate request information. Broadcast.

  As described above, each node broadcasts the certificate request information, so that the certificate request information is transferred to the node 1J having the public key certificate of the node 1M. As with other nodes, the node 1J recognizes that it is trusted by the node 1F by referring to the sender information in the certificate request information and the trusted node list in the storage unit 15, and trusts the node 1J. Judge that they should participate in the construction of the circle. Further, the certificate request information indicates that the node 1A requests the public key certificate of the node 1M, and the public key certificate of the node 1M exists in the certificate repository in the storage unit 15. The node 1J determines that the public key certificate of the node 1M should be transmitted to the node 1A.

FIG. 3B shows a state of transmission when the node 1J transmits reply information (information for verification) including the public key certificate (K _M / S _J ) of the node 1M to the node 1A. The node 1J specifies that the destination is the node 1A, but does not specify the node through which it passes. Note that in the communication between the node 1J and the node 1A, the node 1C or the like that was passed when the certificate request information was transferred may be included in the path, but the node 1J only designates that the node 1C or the like is routed. Not a translation.

The reply information includes final destination information indicating that the final destination is the node 1A, and public key certificates (K _F / S _C ), (K _C / S) added to the certificate request information received by the node 1J. _A )) and public key certificates (K _M / S _J ) and (K _J / S _F ) possessed by the node 1J are included. The node 1J communicates with the node 1A directly or via a plurality of nodes, and transmits the return information to the node 1A.

The node 1A receives the reply information, and confirms that the public key certificate of the target node 1M is included in the reply information. Subsequently, the node 1A verifies the public key of the node 1F included in the public key certificate (K _F / S _C ) using the public key of the node 1C included in the public key certificate (K _C / S _A ). To do. Specifically, the node 1A is the public key K _C, decrypts the digital signature by the node 1C in the signature information S _C. Then, the public key K _F included in the public key certificate as plain text is compared with the public key K _F obtained by decrypting the electronic signature to determine whether or not they are the same.

If both are the same, the node 1A will be authenticating the public key K _F. Similarly, the public, by the node 1A is the public key _{K F,} performs the verification of the public key _{K J} in the public key certificate _(K J / _{S F),} after a successful verification of the public key _{K J,} by the public key _{K J} carry out the verification of the public key _{K M} in the key certificate _(K M / _{S J).} If successful this verification, the node 1A is the public key _{K M,} verifies the public key _{K N} in the public key certificate _(K N / _{S M).} If this verification is successful, the node 1A starts encrypted communication with the node 1N.

Encrypted communication between the node 1A and the node 1N is performed as follows. Node 1A, by a successful authentication of the public key K _N nodes 1N, trust node 1N. The node 1A encrypts a secret key (common key) known only by itself with the public key of the node 1N, and transmits it to the node 1N. The node 1N decrypts the information received from the node 1A using the secret key generated from its own public key, and acquires the common key of the node 1A. Thereby, the node 1A and the node 1N own the same common key.

  Thereafter, communication between the node 1A and the node 1N is communication using a common key encryption (secret key encryption) method using a common key. For example, when the node 1A transmits data to the node 1N, the node 1A encrypts the data using the common key and transmits the data to the node 1N. The node 1N decrypts the received data using the common key acquired from the node 1A. Since the data encrypted with the common key can be decrypted only with the same common key, only the node 1N can decrypt the data. Even when the node 1N transmits data to the node 1A, secure communication can be performed by encryption / decryption using a common key.

In the above operation, the node 1A has the public key certificate (K _C / S _A ) of the node 1C that it directly trusts in advance, so that when the node 1C transfers the certificate request information, The public key certificate (K _C / S _A ) may not be added.

  Next, the operation of the authentication node (node X: corresponding to the node 1A in FIG. 1) in the first operation example will be described with reference to the flowcharts in FIGS. First, the node X establishes a communication path with the node to be authenticated (node Y: corresponding to the node 1N in FIG. 1). In some cases, this communication path includes a plurality of nodes (not shown). After establishing the communication path, the node X receives the public key certificate of the node Y from the node Y. In this case, the communication unit 11 receives information including the public key certificate via the antenna 10 and outputs this information to the control unit 16 (step S401).

  This public key certificate includes public key information such as a public key of node Y and an identifier of node Y, and signature information (an electronic signature by node Z and an identifier of node Z which is a signer). Node Z corresponds to node 1M in FIG. This electronic signature is obtained by encrypting the public key information with the private key of the node Z. The control unit 16 can recognize that the electronic signature is performed by the node Z by the identifier of the signer.

Subsequently, the control unit 16 refers to the certificate repository in the storage unit 15 and determines whether the public key certificate (K _Y / S _X ) of the node Y is stored (step S402). If it is determined as YES in step S402, the control unit 16 and the public key _{K Y} in the public key certificate _(K Y / _{S X),} the public key certificate received from the node Y _(K Y _{/ S} Z) It determines whether the public key _{K Y} and Do the same in (step S403). If it is determined as YES in step S403, the node X succeeds in authenticating the public key of the node Y and starts encrypted communication with the node Y.

On the other hand, if it is determined NO in step S402 or step S403, the control unit 16 determines whether the public key certificate (K _Z / S _X ) of the node Z is stored in the certificate repository in the storage unit 15. (Step S404). When it is determined YES in step S404, the control unit 16 verifies the signature information of the public key certificate (K _Y / S _Z ) using the public key K _Z and determines whether the public key _KY is valid. (Step S405). If it is determined as YES in step S405, the node X succeeds in authenticating the public key of the node Y and starts encrypted communication with the node Y.

  If NO is determined in step S404 or step S405, the node X performs an operation for acquiring the public key certificate of the node Z that is the signer of the public key certificate of the node Y from another node. The operation in this case is as shown in FIG. The control unit 16 stores the public key certificate acquired from the node Y in the temporary storage unit 14. Then, the control unit 16 creates certificate request information for requesting the public key certificate of the node 1J, and outputs the certificate request information to the communication unit 11.

  The certificate request information includes information indicating that the node X is requesting the public key certificate of the node Z, relay node information (initially referred to as node X), a public key certificate owned by the relay node, and a hop Number (the number of nodes that relayed the certificate request information) and the creation time of the certificate request information. In the node X, the hop count is zero, and no public key certificate is stored in the certificate request information. The communication unit 11 broadcasts this certificate request information via the antenna 10 (step S501).

Subsequently, the control unit 16 determines whether or not reply information including the requested public key certificate of the node Z has been received (step S502). In addition, regarding the determination of reception, a time limit may be provided and it may be determined whether the control part 16 received reply information within the time limit. If YES is determined in step S502, the control unit 16 determines whether the public key KY of the node _Y is valid as described above based on the received one or more public key certificates (step S503). ). If YES is determined in step S503, the node X succeeds in authenticating the public key of the node Y, and starts encrypted communication with the node Y. On the other hand, if NO is determined in step S502 or step S503, the node X fails to authenticate the public key of the node Y.

  FIG. 6 is a flowchart showing the operation of a relay node (node not shown in FIG. 1 or node 1B, node 1C, etc.). The communication unit 11 that has received the certificate request information from another node via the antenna 10 outputs the certificate request information to the control unit 16 (step S601). The control unit 16 refers to the relay node information in the certificate request information, and reads and refers to the trusted node list from the storage unit 15. The control unit 16 determines whether or not the node indicated by the relay node information should participate in the construction of the trust circle by determining whether or not the node indicated by the relay node information is in the trusted node list (step S602). If the node indicated by the relay node information is in the trusted node list, it is determined that it should participate in the construction of the trust circle, and if not, it is determined that it should not participate in the construction of the trust circle.

  When it is determined NO in step S602, the control unit 16 outputs certificate request information to the communication unit 11, and the communication unit 11 broadcasts the certificate request information via the antenna 10 (step S603). On the other hand, when it is determined YES in step S602, the control unit 16 refers to the information in the certificate request information and determines that the public key certificate of the node Z is requested. Based on this, the control unit 16 refers to the certificate repository in the storage unit 15 and determines whether the public key certificate of the node Z is stored (step S604).

If YES is determined in step S604, the control unit 16 creates reply information including the public key certificate of the node Z (step S605). The reply information includes final destination information indicating that the final destination is the node X, and a public key certificate added to the certificate request information (in the example of FIG. 1, public key certificate (K _C / S _A )). (K _F / S _C )) and the public key certificate owned by itself. The public key certificate possessed by itself is the node indicated by the public key certificate of the node Z (in the example of FIG. 1, the public key certificate (K _M / S _J )) and the relay node information of the certificate request information. Means a public key certificate issued to itself (in the example of FIG. 1, public key certificate (K _J / S _F )).

  The control unit 16 outputs the reply information to the communication unit 11, and the communication unit 11 transmits the reply information to the node X via the antenna 10 (step S606). If NO is determined in step S604, the control unit 16 refers to the creation time of the certificate request information, obtains the elapsed time from the difference between the creation time and the current time, and whether the time is within the time limit. It is determined whether or not (step S607). When it determines with YES in step S607, the control part 16 refers to the hop number of certificate request information, and determines whether the value is less than a limit hop number (step S608).

  If YES is determined in step S608, the control unit 16 adds the public key certificate issued by the node indicated by the relay node information of the certificate request information to the certificate request information, and sets the relay node information as its own information. In addition to rewriting, the hop count is increased by 1, and the certificate request information is output to the communication unit 11. The communication unit 11 broadcasts certificate request information via the antenna 10 (step S609). If NO is determined in step S607 or step S608, the certificate request information is not broadcast and the process ends. Note that a node that does not participate in building a circle of trust may reject the received certificate request information without broadcasting it. The same applies to the following operation examples.

  Next, a second operation example in this embodiment will be described. FIG. 7 shows a state of communication in the second operation example. In the second operation example, the certificate request information is transferred in the same manner as in the first operation example as shown in FIG. 7A, but in the reply information transmission as shown in FIG. 7B. Reverses the nodes that participated in building the trust circle when transferring certificate request information.

  Similarly to the first operation example, the node 1A acquires the public key certificate of the node 1N from the node 1N, and broadcasts certificate request information for requesting the public key certificate of the node 1M that is the signer. . The certificate request information includes information indicating that the node 1A requests the public key certificate of the node 1M, relay node information indicating the node that relayed the certificate request information (initially the node 1A), It includes route node information (route information) indicating a route node (first node 1A). Unlike the first operation example, no public key certificate is added to the certificate request information.

  When a node (not shown) receives the certificate request information, the certificate request information is broadcast as it is, as in the first operation example. When the node 1C (same for the node 1B) receives the certificate request information, the node 1C refers to the relay node information to know that the node 1A is the sender, and the trusted node in its own storage unit 15 It is determined whether node 1A is included in the list. Since the node 1C includes the node 1A in the trusted node list of the node 1C, the node 1C determines that it should participate in the construction of the circle of trust. The node 1C rewrites the relay node information in the certificate request information with its own information, adds its own information to the end of the transit node information (updates the transit node information), and broadcasts the certificate request information.

  The node 1F receives this certificate request information and recognizes that it is trusted by the node 1C by referring to the relay node information in the certificate request information and the trusted node list in the storage unit 15. Judge that they should participate in building a circle of trust. The node 1F rewrites the sender information to its own information with respect to the certificate request information, adds its own information to the transit node information, and broadcasts the certificate request information.

The node 1J that has received the certificate request information is trusted by the node 1F by referring to the relay node information in the certificate request information and the trusted node list in the storage unit 15 in the same manner as other nodes. And decide that it should participate in building a circle of trust. Similarly to the first operation example, the node 1J should transmit the public key certificate (K _M / S _J ) of the node 1M stored in the certificate repository in the storage unit 15 to the node 1A. It is judged that.

The node 1J creates reply information, establishes a communication path to the node 1F, and transmits the reply information to the node 1F. The reply information includes final destination information indicating that the final destination is the node 1A, transit node information indicating the nodes that pass through the node 1A (reply routed information), and a public key certificate possessed by the node 1J ( K _M / S _J ).

The node 1F receives this reply information, establishes a communication path to the next transit node indicated by the transit node information, that is, the node 1C, and transmits the reply information to the node 1C. A public key certificate (K _J / S _F ) is added to this reply information. Similarly, the node 1C that has received the reply information adds the public key certificate (K _F / S _C ) to the reply information and transmits it to the node 1A. When the node 1J transmits reply information addressed to the node 1A, a communication path to the node 1A that passes through the node indicated by the route node information may be established in advance.

The node 1A receives the return information to which the public key certificate (K _M / S _J ), (K _J / S _F ), and (K _F / S _C ) are added. Node 1A is similar to the first operation example, verifies the public key K _M because with these public key certificates, public key certificate itself possessed a (K C _{/ S A),} followed by public carry out the verification of the key _{K N.} If successful verification of the public key K _N, the node 1A initiates the node 1N and encrypted communication.

  Next, operations of the authentication node and the relay node in the second operation example will be described. The definitions of the nodes X, Y, and Z are the same as in the first operation example. The operation of node X, which is an authentication node, is the same as in FIG. 4 and FIG. However, the node information indicating the nodes participating in the construction of the trust circle is added to the certificate request information, and the public key certificate possessed by the relay node is not added.

  FIG. 8 is a flowchart showing the operation of the relay node. In the figure, operations in steps S801 to S805 are the same as those in steps S601 to S605 in FIG. However, the reply information created in step S805 includes final destination information indicating that the final destination is the node X, the public key certificate of the node Z possessed by itself, and the transit node information. .

  Subsequently, the communication unit 11 establishes a communication path to the relay node indicated by the relay node information in cooperation with the control unit 16. The control unit 16 outputs the reply information to the communication unit 11, and the communication unit 11 transmits the reply information to the relay node via the antenna 10 (step S806). The operations in steps S807 to S809 are the same as the operations in steps S607 to S609 in FIG. However, in step S809, the public key certificate is not added to the certificate request information. In step S810, the control unit 16 determines whether or not to receive reply information within the time limit.

  If YES is determined in step S810, the communication unit 11 cooperates with the control unit 16 to establish a communication path to the next transit node indicated by the transit node information in the reply information. The control unit 16 adds the public key certificate issued by the next transit node indicated by the transit node information to the reply information, and outputs the reply information to the communication unit 11. The communication unit 11 transmits the return information to the next relay node via the antenna 10 (step S811). If it is determined NO in step S807, step S808, or step S810, the process ends without transmitting the certificate request information.

  According to the second operation example, compared to the first operation example, there is a possibility that it takes time to transfer the reply information from the node 1J to the node 1A, but the public key certificate is included in the certificate request information. Since it is not added, the capacity of the certificate request information can be reduced. In particular, since unnecessary communication occurs due to the broadcast of certificate request information, it is possible to reduce network traffic by reducing this capacity. If each node holds a session (process related to a series of communications) for a short time and holds a communication path between them, the certificate request information and the reply information may not include the transit node information. Good.

  Next, a third operation example in this embodiment will be described. Similar to the first operation example, the node 1A acquires the public key certificate of the node 1N from the node 1N, and creates certificate request information for requesting the public key certificate of the node 1M that is the signer. . FIG. 9 shows a state of communication in the third operation example. FIG. 9A shows how certificate request information is transferred by each node. This figure also shows a part of the transfer of the certificate request information. In the third operation example, the nodes participating in the construction of the trust circle do not broadcast the certificate request information, but select one or more nodes that the node trusts, and issue a certificate to those nodes. Send request information. The certificate request information includes information indicating that the node 1A is requesting the public key certificate of the node 1M, and relay node information indicating the node that relayed the certificate request information (initially the node 1A). include.

The node 1A transmits the certificate request information to the nodes 1B and 1C that it trusts. In this case, the node 1A establishes a communication path to the node 1B and the node 1C, and transmits certificate request information. A node (not shown) transfers the certificate request information to the destination node. When the node 1C (same for the node 1B) receives the certificate request information, the node 1C refers to the relay node information in the certificate request information and the trusted node list in the storage unit 15 so that the node 1C Recognize that it is trusted by 1A, and judge that it should participate in building a circle of trust. The node 1C rewrites the relay node information with its own information with respect to the certificate request information, and adds its own public key certificate (K _C / S _A ) issued from the node 1A and trusts itself. The certificate request information is transmitted to the node (nodes indicated by the trusted node list in the storage unit 15: the nodes 1F and 1G).

The node 1F also transfers the certificate request information by the same operation. The node 1J receives this certificate request information, and similarly to the first and second operation examples, the node 1J should transmit the public key certificate (K _M / S _J ) of the node 1M to the node 1A. to decide. FIG. 9B shows how the reply information is transmitted by the node 1J. Similarly to the first operation example, the node 1J establishes a communication path to the node 1A and transmits reply information. Node 1A is similar to the first operation example, verifies the public key K _M, followed by performing the verification of the public key K _N. If successful verification of the public key K _N, the node 1A initiates the node 1N and encrypted communication.

  According to the third operation example, the relay node participating in the construction of the trust circle forwards the certificate request information to the node that it trusts. Therefore, compared with the case of broadcasting the certificate request information, The amount of communication can be reduced. Note that when each node forwards certificate request information to a node that it trusts, it may select a suitable node from a plurality of trusted nodes and transmit it.

  Next, a fourth operation example in this embodiment will be described. In the fourth operation example, the transfer process of the certificate request information is the same as that in the third operation example, and the reply information is constructed in the same way as the second operation example in the trust circle in the transfer of the certificate request information. It is forwarded by following the nodes that participated in. The certificate request information in this case is the same as the certificate request information in the second operation example.

Next, a fifth operation example in this embodiment will be described. In the following fifth to operation example of the eighth node 1A first receives the public key K _N nodes 1N from node 1N, and the reliability information of the node 1N. The trusted information is node information indicated by the trusted node list in the storage unit 15 of the node 1N. Node 1A in order to verify the public key K _N nodes 1N, searches for a node in possession of the public key certificate of node 1N. In that case, the node 1A refers to the trusted information of the node 1N, and recognizes that the public key certificate (K _N / S _M ) should be obtained from the node 1M that trusts the node 1N. The node 1A creates certificate request information and broadcasts it as in the first operation example.

  The certificate request information includes information indicating that the node 1A requests the public key certificate of the node 1N, relay node information indicating the node that relayed the certificate request information (initially the node 1A), And certificate possession information indicating that the node 1M possesses the public key certificate of the node 1N. The operation of each node that has received the certificate request information is the same as in the first operation example. However, the node 1J does not broadcast the certificate request information but unicasts it to the node 1M.

  The operation of the node 1J is performed as follows. When the node 1J receives the certificate request information, the control unit 16 should participate in building the trust circle because the node 1F indicated by the relay node information is in the trusted node list of the storage unit 15. Judge that there is. In addition, the control unit 16 recognizes that the node 1M indicated by the certificate possession information in the certificate request information exists in the trusted node list in the storage unit 15. As a result, the control unit 16 determines that the certificate request information may be transmitted to the node 1M instead of broadcasting. Thereby, generation | occurrence | production of the useless communication accompanying broadcast can be suppressed. Note that, similarly to the first operation example, the node 1J may broadcast the certificate request information.

The node 1M receives the certificate request information, creates reply information, establishes a communication path to the node 1A, and transmits reply information as in the first or third operation example. The reply information includes public key certificates (K _N / S _M ), (K _M / S _J ), (K _J / S _F ), (K _F / S _C ), and (K _C / S _A ). It has been added. Node 1A receives the reply information verifies whether the public key certificate (K N _{/ S M)} Public Key K _N obtained from the public key K _N and the node 1N in match. If the two match, the node 1A starts encrypted communication with the node 1N.

Next, a sixth operation example in this embodiment will be described. Also in the sixth operation example, as in the fifth operation example, the node 1A receives the public key K _N and the node to be reliable information 1N from node 1N. The node 1A broadcasts the certificate request information as in the fifth operation example. The subsequent operation is the same as in the fifth operation example. However, as in the second or fourth operation example, the transit node information is added to the certificate request information, and the public key certificate is not added. The node 1M receives the certificate request information and creates reply information. The public key certificate (K _N / S _M ) of the node 1N is added to the reply information. The node 1M establishes a communication path to the node 1J based on the transit node information, and transmits reply information. This reply information is transferred to the node 1A by the nodes 1F and 1C as in the second or fourth operation example. The operation of the node 1A that has received the reply information is the same as in the fifth operation example.

Next, a seventh operation example in this embodiment will be described. Also in the seventh operation example of the node 1A receives the public key K _N and the node to be reliable information 1N from node 1N. The node 1A creates certificate request information and transmits the certificate request information to a node that it trusts. The operation of each of the following nodes is the same as that of the third operation example, and the node participating in the construction of the trust circle transfers the certificate request information to the node that it trusts. The node 1M receives the certificate request information and creates reply information to which the public key certificate (K _N / S _M ) is added. The operation in which the reply information is transferred to the node 1A is the same as in the first or third operation example, and the node 1M establishes a communication path to the node 1A and transmits the reply information. The operation of the node 1A that has received the reply information is the same as in the fifth operation example.

Next, an eighth operation example in this embodiment will be described. Also in operation example of the eighth, node 1A receives the public key K _N and the node to be reliable information 1N from node 1N. The node 1A creates certificate request information and transmits the certificate request information to a node that it trusts. The following operation of each node is the same as that of the fourth operation example, and the node participating in the construction of the trust circle transfers the certificate request information to the node that it trusts. The node 1M receives the certificate request information and creates reply information to which the public key certificate (K _N / S _M ) is added. The operation when the reply information is transferred to the node 1A is the same as in the second or fourth operation example, and the reply information is transferred from the node 1M to the node 1A via the node indicated by the transit node information. The operation of the node 1A that has received the reply information is the same as in the fifth operation example.

  Next, node selection methods in the third, fourth, seventh, and eighth operation examples will be described. In these operation examples, each node selects one or more nodes that it trusts, and transmits certificate request information to that node. In a wireless ad hoc network that does not have an absolutely reliable CA, it is assumed that there is a trade-off between the reliability of the trust wheel and the speed of construction regarding the construction of the trust wheel. Therefore, a method for selecting a node by weighting both is proposed.

  This selection method will be described with reference to FIGS. In the figure, nodes 1a to 1o are shown, and arrows connecting the nodes indicate a trust relationship between the nodes. In the figure, some nodes are not shown. The node at the base of the arrow issues a public key certificate to the node at the end of the arrow. For example, the node 1a issues a public key certificate to the node 1i. That is, the node 1a trusts the node 1i. Also, the numbers written beside each node indicate the number of issued / issued public key certificates. For example, the node 1a issues public key certificates to four nodes, and the public key certificate is issued from one node. Each node can know the number of issued / issued public key certificates by referring to the trusted node list and the trusted node list in the storage unit 15. In addition, it is assumed that each node notifies the above-mentioned issue / issued number in advance to its surrounding nodes.

  When each node builds a circle of trust with an emphasis on the construction speed, a node with a large number of public key certificate issues (a node that trusts many nodes) is preferentially selected. For example, when the node 1a selects a surrounding node, the node 1i having the largest number of issued public key certificates among the surrounding nodes is selected. If the number of issues is the same, a node may be arbitrarily selected. When each node performs the same operation, a trust circle is constructed along the route indicated by the dotted arrow in FIG.

  When each node constructs a circle of trust with an emphasis on reliability, a node having a large number of public key certificate issued (a node trusted by many nodes) is preferentially selected. For example, when the node 1a selects a surrounding node, the node 1c or the node 1e having the largest number of issued public key certificates among the surrounding nodes is selected. If the number of issued items is the same, a node may be arbitrarily selected. As each node performs the same operation, a trust circle is constructed along the route indicated by the dotted arrow in FIG.

  Note that the number of nodes to be selected is not limited to one, and a plurality of nodes may be appropriately selected from those having a larger number of public key certificates issued or issued.

Next, in the above-described surrounding node selection method, a method for accurately selecting the reliability and the construction speed of the trust wheel having a trade-off relationship with each other is proposed. The following equation shows the weighting for the reliability and the construction speed.
weight = outage × α + inedge × β (1)
α + β = 1 (2)

  In the above equation (1), weight is a value indicating weighting. “outedge” is the number of outward arrows (the number of public key certificates issued) when attention is paid to a specific surrounding node, and “inedge” is the number of inward arrows (the number of issued public key certificates). α and β are numbers that are equal to or greater than 0 and satisfy equation (2). When each node selects a surrounding node, α and β are determined as appropriate, weight is calculated for each surrounding node according to equation (1), and the node having the maximum weight is selected.

  As for α and β, α = 1 and β = 0 when the construction speed of the reliable wheel is most important. When the reliability is most important, α = 0 and β = 1. Note that the values of α and β may be appropriately selected for each node depending on the importance of the construction speed and reliability of each node.

  Next, management of public key certificates by each node will be described. In the conventional public key certificate distributed management method, each node manages the public key certificates of all nodes participating in the network. However, in this embodiment, each node stores its own public key certificate issued by a node that trusts itself and the public key certificate of surrounding nodes that it trusts in the certificate repository in the storage unit 15. Hold on. In addition to the public key certificate of the surrounding node, among the public key certificates acquired from other nodes and stored in the temporary storage unit 14 when building the circle of trust in the present embodiment, the surrounding node trusted by itself The public key certificate of a node existing within k hops (k is a positive integer) may be stored and managed in a certificate repository in the storage unit 15. In this embodiment, each node manages a public key certificate issued to itself and a public key certificate issued to itself. However, only the public key certificate issued to itself is managed. May be managed.

  For example, in FIG. 1, it is assumed that the node 1A has acquired public key certificates from the nodes 1D to 1G that are the surrounding nodes of the nodes, in addition to the nodes 1B and 1C that are the surrounding nodes. If the nodes 1D to 1G exist within k hops from the node 1B or the node 1C, the node 1A holds the public key certificates of these nodes in the certificate repository. Note that the value of k may be changed as appropriate according to the capacity of the storage unit 15.

  In addition, each node dynamically deletes a public key certificate with low usage frequency from the certificate repository. For example, each node holds information on the date and time when a specific public key certificate was last used in the storage unit 15, and the public key that has not been used again after a predetermined time has elapsed since the last use. Delete the certificate. Or, delete public key certificates that are known to be used only once. As described above, the validity of the public key certificate held by each node is guaranteed.

  Next, a case where the search for a node possessing the target public key certificate in this embodiment has not been successful will be described. For example, when each node selects only one surrounding node that it trusts and sends certificate request information to that node, the search is performed because the destination node does not trust any surrounding nodes. May fail. In that case, the search is restarted from the first node, or the search is restarted by changing the node selection method from the node immediately before the failed node. Further, in the present embodiment, when a circle of trust is not established within a predetermined time limit or the number of restricted hops, the construction is stopped.

  Next, the visualization of the trust wheel constructed according to this embodiment will be described. When the circle of trust to the target node is established, in the authentication node (for example, node 1A in FIG. 1), the control unit 16 outputs display data to the display unit 13 in order to prompt the user to confirm. The display unit 13 performs display based on the display data. FIG. 12 is a reference diagram showing a display example by the display unit 13. With this display, the user is notified of the state of construction of the trust circle from the own node to the partner node.

  The display unit 13 displays the state of the path of the trust circle and the number of surrounding nodes that each node constructing the trust circle is trusted by. The user refers to the display unit 13 and determines whether to communicate with the partner node using this circle of trust. When the user determines to perform communication and inputs a communication start instruction from the operation unit 12, the operation unit 12 outputs a signal indicating the instruction from the user to the control unit 16. Based on this signal, the control unit 16 controls the communication unit 11 and the like, and starts encrypted communication with the counterpart node.

  When a plurality of paths are constructed, a plurality of paths are displayed on the display unit 13. FIG. 13 is a reference diagram showing a display example in this case. Furthermore, when a circle of trust cannot be established, the display is as shown in FIG. Even when a circle of trust from the own node to the partner node is not constructed, the display unit 13 displays the reliability of a node having a higher reliability number from the surrounding nodes.

  As described above, according to the present embodiment, when there is a need to authenticate the public key of a node that is a communication partner, only the necessary public key certificate is obtained from each node that constructs a circle of trust. The communication resources and resources of each node are wasted compared to the conventional public key distributed management method in which each node manages the public keys of all nodes participating in the network. In addition, the management cost of the public key can be reduced. For example, the authentication node obtains the public key certificate of only the node necessary for authenticating the public key of the authenticated node, so that each node obtains information in the certificate repository of all nodes participating in the network. Compared with the key distribution management method, the amount of communication resources used can be reduced.

  In addition, since each node holds the public key certificate of only the node that it trusts in the certificate repository, even if the number of nodes participating in the network increases, the amount of memory and HDD resources used by each node is conventionally increased. Can also be greatly reduced. Furthermore, each node manages only the public key certificate issued to itself or in addition to the public key certificate issued by itself, so that each node makes it public from other nodes. When obtaining a key certificate, the validity of the public key certificate is guaranteed. Therefore, in the communication system according to the present embodiment, it is not necessary to check the validity of the public key certificate based on the revocation certificate list, so that the amount of communication resources used due to the exchange of the revocation certificate list can be reduced. it can. As described above, the management cost of the public key can be reduced.

  Also, in the construction of the circle of trust, when selecting the node that transmits the certificate request information from among the nodes that each node trusts, by considering the number of trust / trusted number of surrounding nodes, Construction based on the degree of emphasis on the construction speed and reliability of the wheel of trust can be performed.

  In addition, when the trust circle cannot be established within the time limit or the number of hops, the generation of unnecessary communication can be suppressed by stopping the construction of the trust circle. In particular, when each node broadcasts certificate request information, unnecessary communication is likely to occur, so the amount of communication can be reduced.

  Further, by notifying the user of the state of the trust circle that has been constructed, the user can be prompted for confirmation. In particular, when a plurality of paths of trust are established, the user can select which path is used for communication.

Next, another embodiment of the present invention will be described. FIG. 15 is a schematic configuration diagram showing the configuration of the communication system according to the present embodiment. As shown in FIG. 15A, the communication system includes nodes 2A to 2H. The internal configuration of each node is the same as in the above-described embodiment. FIG. 15B shows the trust relationship (public key certificate issuance relationship) of each node. For example, “2F → 2A” means that the node 2F trusts the node 2A and has issued a public key certificate (K _A / S _F ) to the node 2A. ing. The issued public key certificate is stored in the certificate repository of the storage unit 15 in FIG. 2 at the issuer and issuer nodes of the public key certificate, as in the above-described embodiment. Further, the trust relationship of each node shown in FIG. 15B is stored in the trust node list and the trusted node list of the storage unit 15.

In the present embodiment, the node 2A (authentication terminal) for performing encrypted communication with the node 2D (to be authenticated terminal), the node 2D authentication, namely to verify the validity of the public key K _D of the node 2D . Node 2A, in order to request a public key certificate for the public key K _D, but sends the certificate request information, in the present embodiment, to suppress the transmission of unnecessary information, the node 2D certificate request information Each node operates as follows in order to reach it efficiently. It is assumed that each node has route information related to routes to other nodes in advance in order to build a circle of trust. For collecting the routing information, a proactive protocol is used as a routing protocol in the wireless ad hoc network. In the proactive type protocol, each node collects information related to the route to the other node constituting the communication system by periodically exchanging route information between the nodes, and the routing related to the route to the other node. Build and maintain a table.

  FIG. 16 shows the contents of the routing table possessed by the node 2A. “Destination Node” indicates a destination node. “Next Hop Node” indicates a node that passes next in a route reaching the destination node. When there is no node identification information in “Next Hop Node”, it indicates that the destination node can be reached without passing through another node. Such a routing table is stored in the storage unit 15 of each node.

Next, a method for constructing a routing table in each node will be described. The Proactive type protocol has the following basic functions.
(1) Neighboring node discovery process (2) Network topology construction process In the neighboring node discovery process, each node confirms the link state by exchanging hello messages between the nodes. In the network topology construction process, each node adds local link information to the topology control message, floods the entire ad hoc network, and the node itself that has obtained the information creates a routing table. At this time, a TTL, the number of hops, a message sequence number, and the like are written in the control packet to be flooded in order to prevent unnecessary flooding. After that, by periodically disseminating the difference information, the routing table of the entire network of each node is maintained and managed.

Next, the node 2A will be described the operation of each node to acquire a public key certificate for the public key K _D of the node 2D. In the node 2A, the control unit 16 reads out and refers to the routing table from the storage unit 15 (the routing table 200A in FIG. 17A). Since the node 2D cannot be reached directly, the control unit 16 determines that the certificate request information should be transmitted to a node trusted by the node 2A, and reads and references the trusted node list from the storage unit 15. . As shown in FIG. 15B, since the node 2A trusts the nodes 2B and 2E, the control unit 16 creates new certificate request information for these nodes.

  FIG. 17A shows the contents of information included in the certificate request information 201 created by the node 2A. The transit node information 201a is information of a transit node, and is information based on the routing table 200A. In this case, the nodes 2B and 2E trusted by the node 2A are designated as transit nodes, and the node 2F that is not directly trusted by the node 2A is designated as a transit node for passing through the node 2B. The authentication node information 201b indicates identification information of a node (in this case, the node 2A) that performs authentication. The to-be-authenticated node information 201c indicates identification information of a node (in this case, the node 2D) to be finally authenticated. The search limit number information 201d indicates the maximum number of nodes participating in the circle of trust that pass between the target final authentication target nodes.

  The control unit 16 outputs the created certificate request information to the communication unit 11. The communication unit 11 broadcasts certificate request information via the antenna 10. This certificate request information is received by the node 2E, the node 2F, and the node 2H that exist within the reach of the radio wave from the node 2A (see FIG. 20A). In each node, the communication unit 11 receives the certificate request information via the antenna 10 and outputs it to the control unit 16.

  The operation of the node 2H that has received the certificate request information is as follows. The control unit 16 of the node 2H refers to the authenticated node information in the certificate request information and determines whether the node 2H is an authenticated node. Since the node to be authenticated is the node 2D, the control unit 16 determines that the node 2H is not the node to be authenticated. Subsequently, the control unit 16 refers to the transit node information and determines whether or not the node 2H is a transit node. Since there is no identification information of the node 2H in the transit node information, the control unit 16 determines that the node 2H is not a transit node and rejects the certificate request information.

  The operation of the node 2E that has received the certificate request information from the node 2A is as follows. The control unit 16 of the node 2E refers to the authenticated node information in the certificate request information and determines that the node 2E is not an authenticated node. Subsequently, the control unit 16 refers to the transit node information in the certificate request information, and determines that it should participate in the construction of a trust circle because the transit node information includes the identification information of the node 2E. . The control unit 16 reads out and refers to the routing table (the routing table 200E in FIG. 17B) from the storage unit 15 and cannot directly reach the node 2D that is the authenticated node. Is specified as a transit node. Further, the control unit 16 designates the node 2A as a transit node for reaching the node 2F.

The control unit 16 creates certificate request information. FIG. 17B shows the contents of the certificate request information 202 transmitted by the node 2E. The contents of the transit node information 202a are as described above, and the contents of the authentication node information 202b and the authenticated node information 202c are the same as the contents of the certificate request information received from the node 2A. Since the node 2A has passed through the node 2E directly trusted, the number indicated by the search limit number information 202d is reduced by one. The above contents are the same as the certificate request information transmitted from the node 2A, but further, certificate information 202e including a public key certificate (K _E / S _A ) is added. The certificate information 202e is information necessary for verifying the public key by the node 2A that is the authentication node.

Since the control unit 16 determines that it should participate in the construction of the circle of trust, the control unit 16 reads out the necessary public key certificate from the certificate repository in the storage unit 15 and adds it to the certificate request information. In this case, the control unit 16 reads out the public key certificate (K _E / S _A ) issued by the node 2A as the authentication node from the certificate repository in the storage unit 15, and adds it to the certificate request information. If another public key certificate has already been added to the certificate request information, it can be seen that the node has already passed through the node indicated by the public key included in the public key certificate. Adds a public key certificate issued by the node. In addition, information specifying the node to which the public key certificate should be added next to the certificate request information is separately stored in the certificate request information, and the node receiving the certificate request information, based on the information, A necessary public key certificate may be added to the certificate request information.

  The control unit 16 outputs the created certificate request information to the communication unit 11. The communication unit 11 broadcasts certificate request information via the antenna 10. This certificate request information is received by the node 2A, the node 2G, and the node 2H that exist within the reach of radio waves from the node 2E (see FIG. 20B). Since the node 2G and the node 2H are not transit nodes, the certificate request information is rejected at these nodes. Further, since the node 2A is an authentication node and has already transmitted the certificate request information, the certificate request information is rejected.

  On the other hand, in FIG. 20A, the operation of the node 2F that has received the certificate request information from the node 2A is as follows. The control unit 16 of the node 2F refers to the authenticated node information in the certificate request information and determines that the node 2F is not an authenticated node. Subsequently, the control unit 16 refers to the transit node information in the certificate request information, and since the node 2F is designated as the transit node to the node 2B, the certificate request information must be delivered to the node 2B. Judge. The control unit 16 reads out and refers to the routing table (the routing table 200F in FIG. 18A) from the storage unit 15, and can directly reach the node 2B, and therefore designates the node 2B as a transit node. Since the node 2F is not a node directly trusted by the node 2A but a node for transferring certificate request information to a node trusted by the node 2A, the public key certificate is not added. The control unit 16 creates certificate request information (certificate request information 203 in FIG. 18A) and outputs it to the communication unit 11. The communication unit 11 broadcasts certificate request information via the antenna 10.

  This certificate request information is received by the node 2A and the node 2B that exist within the reach of the radio wave from the node 2F (see FIG. 21A). Since the node 2A is an authentication node and has already transmitted the certificate request information, the certificate request information is rejected. The operation of the node 2B that has received the certificate request information is as follows. The control unit 16 of the node 2B refers to the authenticated node information in the certificate request information and determines that the node 2B is not an authenticated node. Subsequently, the control unit 16 refers to the transit node information in the certificate request information, and determines that it should participate in the construction of the trust circle because the identification information of the node 2B is included in the transit node information. . The control unit 16 reads out and refers to the routing table (the routing table 200B in FIG. 18B) from the storage unit 15, and cannot directly reach the node 2D that is the authenticated node. Is specified as a transit node.

Subsequently, the control unit 16 creates certificate request information (certificate request information 204 in FIG. 18B). At this time, since the control unit 16 has determined that it should participate in the construction of the circle of trust, the control unit 16 reads out the necessary public key certificate from the certificate repository in the storage unit 15 and adds it to the certificate request information. The control unit 16 reads the public key certificate (K _B / S _A ) issued by the node 2A from the certificate repository in the storage unit 15 and adds it to the certificate request information.

  The control unit 16 outputs the created certificate request information to the communication unit 11. The communication unit 11 broadcasts certificate request information via the antenna 10. This certificate request information is received by the node 2F and the node 2C existing within the range where radio waves reach from the node 2B (see FIG. 21B). Since the node 2F is not a transit node, the certificate request information is rejected. The operation of the node 2C that has received the certificate request information is as follows.

  The control unit 16 of the node 2C refers to the authenticated node information in the certificate request information, and determines that the node 2C is not an authenticated node. Subsequently, the control unit 16 refers to the transit node information in the certificate request information and determines that it should participate in the construction of the trust circle because the transit node information includes the identification information of the node 2C. . The control unit 16 reads and references the routing table (the routing table 200C in FIG. 19A) from the storage unit 15 and can directly reach the node 2D that is the node to be authenticated, so that the node 2D is the destination node. specify.

Subsequently, the control unit 16 creates certificate request information (certificate request information 205 in FIG. 19A). At this time, since the control unit 16 has determined that it should participate in the construction of the circle of trust, the control unit 16 reads out the necessary public key certificate from the certificate repository in the storage unit 15 and adds it to the certificate request information. Since the public key certificate (K _B / S _A ) has already been added to the certificate request information received from the node 2B, the control unit 16 requests a certificate for the public key certificate issued by the node 2B. It is determined that it should be added to the information. The control unit 16 reads the public key certificate (K _C / S _B ) from the certificate repository of the storage unit 15 and adds it to the certificate request information.

The control unit 16 outputs the created certificate request information to the communication unit 11. The communication unit 11 transmits the certificate request information to the node 2D via the antenna 10 (see FIG. 22A). The node 2D receives this certificate request information. The control unit 16 of the node 2D refers to the authenticated node information in the certificate request information and determines that the node 2D is an authenticated node. Therefore, the control unit 16 creates reply information for replying to the node 2A (reply information 206 in FIG. 19B). Since the public key certificate (K _B / S _A ) and (K _C / S _B ) are added to the certificate request information received from the node 2C, the control unit 16 is issued by the node 2C. It is determined that the public key certificate should be added to the reply information.

The control unit 16 reads the public key certificate (K _D / S _C ) from the certificate repository of the storage unit 15 and adds it to the reply information. In this reply information, identification information of an authenticated node (node 2D) as a transmission source and identification information of an authentication node (node 2A) as a transmission destination are stored. The control unit 16 outputs the created reply information to the communication unit 11. The communication unit 11 transmits the return information to the node 2A via the antenna 10 (see FIG. 22B). There is no limitation on the route for returning the reply information.

The node 2A receives this reply information. The operation of the node 2A that has received the reply information is the same as in the above-described embodiment. That is, the node 2A verifies the validity of the public key K _D of the node 2D by using a public key certificate added to the reply information. If the verification is successful the validity of the public key K _D, the node 2A starts node 2D and encrypted communication.

Since the node 2C has the public key certificate (K _D / S _C ) issued to the node 2D by itself in the certificate repository of the storage unit 15, the node 2C returns the reply information to the node 2A. You may make it reply. That is, when the node that possesses the public key certificate for the public key of the authenticated node receives the certificate request information, it creates reply information and transmits it to the node 2A, and the public key for the public key of the authenticated node A node that does not possess a certificate designates a transit node based on the routing table and transmits certificate request information to another node.

Similarly to the above-described embodiment, the node 2A receives the public key certificate (K _D / S _C ) from the node 2D before communication, and the signature of the electronic signature included in the signature information of the public key certificate The node 2C, which is a user, may be the authenticated node. In addition, each node does not broadcast certificate request information, but sends it to a node that it trusts by unicast, or sends it to a transit node on the route that reaches the node that it trusts. May be.

  Also in the present embodiment described above, as in the embodiment described above, when there is a need to authenticate the public key of the node that is the communication partner, only the necessary nodes from the nodes that construct the circle of trust Since the public key certificate is obtained, communication resources and resources of each node are wasted compared to the conventional public key distributed management method in which each node manages the public keys of all nodes participating in the network. Without using it, the management cost of public keys can be reduced.

  Also, when each node sends certificate request information, the routing table is referred to, and the route node of the certificate request information is determined based on the information about the route to the authenticated node and the route to the node trusted by itself. By deciding, a circle of trust can be constructed efficiently. Furthermore, there is a transit node (for example, the node 2F) that transfers certificate request information to another node that should participate in the construction of the trust circle even if the node that participated in the construction of the trust circle is not trusted. Thus, the certificate request information is more reliably transferred to the authenticated node.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings, but the specific configuration is not limited to these embodiments, and includes design changes and the like within a scope not departing from the gist of the present invention. It is. For example, in the above embodiment, the communication system is a wireless ad hoc network. However, all the nodes may not be connected to each other by wireless communication. In other words, some nodes may be wired by communication cables, or all nodes may be wired. The present invention can be widely applied to a network having no certificate authority (CA).

  As an application example of the present invention, there is an application to construction of a public key infrastructure in a wireless ad hoc network. In addition, the present invention is not limited to a wireless network, and can be applied to a network that is configured by nodes that are partly or wholly connected by wire and does not have a certificate authority (CA).

It is a schematic block diagram which shows the structure of the communication system by one Embodiment of this invention. It is a block diagram which shows the structure of a node. It is a schematic reference figure which shows the mode of communication in a 1st operation example. It is a flowchart which shows operation | movement of the authentication node in a 1st operation example. It is a flowchart which shows operation | movement of the authentication node in a 1st operation example. It is a flowchart which shows the operation | movement of the relay node in a 1st operation example. It is a schematic reference figure which shows the mode of communication in a 2nd operation example. It is a flowchart which shows operation | movement of the relay node in a 2nd operation example. It is a schematic reference figure which shows the mode of communication in a 3rd operation example. It is a schematic reference drawing for demonstrating the selection method of a surrounding node. It is a schematic reference drawing for demonstrating the selection method of a surrounding node. 11 is a reference diagram illustrating a display example by the display unit 13. FIG. 12 is a reference diagram illustrating another display example by the display unit 13. FIG. 12 is a reference diagram illustrating another display example by the display unit 13. FIG. It is a schematic block diagram which shows the structure of the communication system by other embodiment of this invention. It is a reference figure showing the contents of a routing table. It is a reference figure which shows the content of a routing table and certificate request information. It is a reference figure which shows the content of a routing table and certificate request information. It is a reference figure which shows the content of a routing table and certificate request information. It is a schematic reference figure which shows the mode of transmission of certificate request information. It is a schematic reference figure which shows the mode of transmission of certificate request information. It is a schematic reference figure which shows the mode of transmission of certificate request information.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Node, 10 ... Antenna, 11 ... Communication part, 12 ... Operation part, 13 ... Display part, 14 ... Temporary storage part, 15 ... Storage part, 16 * ..Control part.

Claims (20)

In a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key;
The authentication terminal is
First transmission means for transmitting request information for requesting information necessary for verification of the public key;
First receiving means for receiving verification information including the information from the relay terminal;
Verification means for verifying the public key based on the verification information;
Comprising
The relay terminal is
If the information requested by the request information is not possessed, the request information is transmitted to another relay terminal, and if the information requested by the request information is possessed, the information is included. Second transmitting means for transmitting verification information to the authentication terminal or another relay terminal;
A communication system characterized by comprising: In a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key;
The authentication terminal is
First transmission means for broadcasting request information for requesting first certificate information necessary for verification of the public key;
First receiving means for receiving verification information including the first certificate information from the relay terminal;
Verification means for verifying the public key based on the verification information;
Comprising
The relay terminal is
First storage means for storing certificate information;
Second receiving means for receiving the request information;
Determination means for determining whether the first certificate information is stored in the first storage means based on the request information;
When it is determined that it is not stored, the certificate information stored in the first storage means is added to the request information, the request information is broadcast, and it is determined that it is stored A second transmission unit configured to transmit verification information including the certificate information added to the request information and the first certificate information to the authentication terminal;
A communication system characterized by comprising: The first transmission means broadcasts request information including route information for requesting first certificate information necessary for verification of the public key;
The second transmission means includes
If it is determined that the first certificate information is not stored in the first storage means, the route information included in the request information is updated, and the request information is broadcast.
When it is determined that the first certificate information is stored in the first storage unit, the verification information including the first certificate information and return route information indicating a terminal through which the first certificate information is stored. To the authentication terminal or the relay terminal indicated by the return route information,
When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. The communication system according to claim 2. The authentication terminal further comprises second storage means for storing a reliable relay terminal,
The first transmission means transmits request information for requesting first certificate information necessary for verification of the public key to the relay terminal stored in the second storage means,
The first storage means stores certificate information and other relay terminals to be trusted,
The second transmission means includes
When it is determined that the first certificate information is not stored in the first storage unit, the certificate information stored in the first storage unit is added to the request information, and Transmitting the request information to the relay terminal stored in the first storage means;
When it is determined that the first certificate information is stored in the first storage unit, the verification information includes the certificate information added to the request information and the first certificate information. The communication system according to claim 2, wherein information is transmitted to the authentication terminal. The first transmission means stores the request information including the route information for requesting the first certificate information necessary for the verification of the public key by the second storage means. Send to
The second transmission means includes
When it is determined that the first certificate information is not stored in the first storage unit, the route information included in the request information is updated and stored in the first storage unit. Transmitting the request information to the relay terminal,
When it is determined that the first certificate information is stored in the first storage unit, the verification information including the first certificate information and return route information indicating a terminal through which the first certificate information is stored. To the authentication terminal or the relay terminal indicated by the return route information,
When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. The communication system according to claim 4. The first receiving means further receives in advance second certificate information proving the public key from the authenticated terminal,
The said 1st certificate information proves the public key required for verification of the signature information contained in the said 2nd certificate information. The statement in any one of Claims 1-5 characterized by the above-mentioned. Communication system. The first receiving means further receives in advance from the authenticated terminal the public key and trusted information relating to a terminal that trusts the authenticated terminal,
The first certificate information proves the public key;
The communication system according to any one of claims 1 to 5, wherein the request information indicates that the first certificate information is obtained from a terminal indicated by the trusted information. . In a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key;
The authentication terminal is
Sending request information for requesting information necessary for verification of the public key to another terminal;
Receiving verification information including information necessary for verification of the public key from another terminal;
Verifying the public key based on the verification information;
The relay terminal is
Store in advance the identification information of the terminal that it trusts and the route information about the route to reach the other terminal,
When the request information is received from another terminal that does not trust itself and the terminal is designated as the terminal through which the request information passes , the route information includes information necessary for verifying the public key. Based on this, generate new request information including information specifying arrival at another relay terminal or the authenticated terminal ,
Sending the request information to another terminal;
The authenticated terminal is
When the request information is received, the verification information including the information necessary for verifying the public key included in the request information and the information necessary for verifying the public key owned by itself is generated. And transmitting to the authentication terminal. The new request information generated by the relay terminal includes certificate information proving its own public key generated by another relay terminal through which the request information has passed or the authentication terminal,
The verification information generated by the terminal to be authenticated includes certificate information of the relay terminal added to the request information and a certificate certifying its own public key generated by the relay terminal through which the request information has passed. The communication system according to claim 8, further comprising: document information. In a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals, and performs encrypted communication with the authenticated terminal using the verified public key;
The authentication terminal is
Sending request information for requesting information necessary for verification of the public key to another terminal;
Receiving verification information including information necessary for verification of the public key from another terminal;
Verifying the public key based on the verification information;
The relay terminal is
Store in advance the identification information of the terminal that it trusts and the route information about the route to reach the other terminal,
When the request information is received from another terminal that does not trust itself, the terminal is specified as the terminal through which the request information passes, and the certificate information that proves the public key of the authenticated terminal is not possessed Includes certificate information for certifying its own public key, generated by another relay terminal or the authentication terminal through which the request information has passed, and based on the path information, the other relay terminal or the authenticated terminal Generate new request information including information specifying arrival at the terminal and send it to other terminals,
When receiving the request information and possessing certificate information that proves the public key of the authenticated terminal, the request information is generated by another relay terminal or the authentication terminal through which the request information passes. Generating the verification information including certificate information that certifies a public key, the certificate information added to the request information, and the certificate information that certifies the public key of the authenticated terminal. A communication system characterized by transmitting to a terminal. In a communication terminal used in a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key.
As the authentication terminal,
First transmission means for transmitting request information for requesting information necessary for verification of the public key;
First receiving means for receiving verification information including the information from the relay terminal;
Verification means for verifying the public key based on the verification information;
Comprising
As the relay terminal,
If the information requested by the request information is not possessed, the request information is transmitted to another relay terminal, and if the information requested by the request information is possessed, the information is included. Second transmitting means for transmitting verification information to the authentication terminal or another relay terminal;
A communication terminal characterized by comprising: In a communication terminal used in a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key.
As the authentication terminal,
First transmission means for broadcasting request information for requesting first certificate information necessary for verification of the public key;
First receiving means for receiving verification information including the first certificate information from the relay terminal;
Verification means for verifying the public key based on the verification information;
Comprising
As the relay terminal,
First storage means for storing certificate information;
Second receiving means for receiving the request information;
Determination means for determining whether the first certificate information is stored in the first storage means based on the request information;
When it is determined that it is not stored, the certificate information stored in the first storage means is added to the request information, the request information is broadcast, and it is determined that it is stored A second transmission unit configured to transmit verification information including the certificate information added to the request information and the first certificate information to the authentication terminal;
A communication terminal characterized by comprising: The first transmission means broadcasts request information including route information for requesting first certificate information necessary for verification of the public key;
The second transmission means includes
If it is determined that the first certificate information is not stored in the first storage means, the route information included in the request information is updated, and the request information is broadcast.
When it is determined that the first certificate information is stored in the first storage unit, the verification information including the first certificate information and return route information indicating a terminal through which the first certificate information is stored. To the authentication terminal or the relay terminal indicated by the return route information,
When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. The communication terminal according to claim 12 . The authentication terminal further includes second storage means for storing a reliable relay terminal,
The first transmission means transmits request information for requesting first certificate information necessary for verification of the public key to the relay terminal stored in the second storage means,
The first storage means stores certificate information and other relay terminals to be trusted,
The second transmission means includes
When it is determined that the first certificate information is not stored in the first storage unit, the certificate information stored in the first storage unit is added to the request information, and Transmitting the request information to the relay terminal stored in the first storage means;
When it is determined that the first certificate information is stored in the first storage unit, the verification information includes the certificate information added to the request information and the first certificate information. Information is transmitted to the said authentication terminal. The communication terminal of Claim 12 characterized by the above-mentioned. The first transmission means stores the request information including the route information for requesting the first certificate information necessary for the verification of the public key by the second storage means. Send to
The second transmission means includes
When it is determined that the first certificate information is not stored in the first storage unit, the route information included in the request information is updated and stored in the first storage unit. Transmitting the request information to the relay terminal,
When it is determined that the first certificate information is stored in the first storage unit, the verification information including the first certificate information and return route information indicating a terminal through which the first certificate information is stored. To the authentication terminal or the relay terminal indicated by the return route information,
When the verification information is received, the certificate information stored in the first storage unit is added to the request information, and transmitted to the authentication terminal or the relay terminal indicated by the return route information. The communication terminal according to claim 14 . The first receiving means further receives in advance second certificate information proving the public key from the authenticated terminal,
The first certificate information, according to any one of claims 11 to claim 15, wherein the certifying a public key required to verify the signature information contained in the second certificate information Communication terminal. The first receiving means further receives in advance from the authenticated terminal the public key and trusted information relating to a terminal that trusts the authenticated terminal,
The first certificate information proves the public key;
The communication terminal according to any one of claims 11 to 15 , wherein the request information indicates that the first certificate information is acquired from a terminal indicated by the trusted information. . In a communication terminal used in a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key.
As the authentication terminal,
First transmission means for transmitting request information for requesting information necessary for verification of the public key to another terminal;
First receiving means for receiving verification information including information necessary for verification of the public key from another terminal;
Verification means for verifying the public key based on the received verification information;
Comprising
As the relay terminal,
Storage means for preliminarily storing identification information of a terminal that it trusts and route information about a route that reaches another terminal;
Second receiving means for receiving the request information;
When the request information is received from another terminal that does not trust itself and the terminal is designated as the terminal through which the request information passes , the route information includes information necessary for verifying the public key. First information generating means for generating new request information including information specifying arrival at another relay terminal or the authenticated terminal ,
Second transmission means for transmitting the request information to another terminal;
Comprising
As the authenticated terminal,
Third receiving means for receiving the request information;
Second information generation for generating the verification information including the information necessary for verifying the public key included in the received request information and the information necessary for verifying the public key owned by itself Means,
Third transmitting means for transmitting the verification information to the authentication terminal;
A communication terminal comprising: The new request information generated by the first information generation means includes certificate information that proves its own public key, generated by another relay terminal through which the request information passes or the authentication terminal,
The verification information generated by the second information generation means includes the certificate information of the relay terminal added to the request information and the public key generated by the relay terminal through which the request information has passed. The communication terminal according to claim 18 , further comprising certificate information to be certified. In a communication terminal used in a communication system in which an authentication terminal verifies a public key of an authenticated terminal via one or more relay terminals and performs encrypted communication with the authenticated terminal using the verified public key.
As the authentication terminal,
First transmission means for transmitting request information for requesting information necessary for verification of the public key to another terminal;
First receiving means for receiving verification information including information necessary for verification of the public key from another terminal;
Verification means for verifying the public key based on the received verification information;
Comprising
As the relay terminal,
Storage means for preliminarily storing identification information of a terminal that it trusts and route information about a route that reaches another terminal;
Second receiving means for receiving the request information;
When the request information is received from another terminal that does not trust itself, the terminal is specified as the terminal through which the request information passes, and the certificate information that proves the public key of the authenticated terminal is not possessed Includes certificate information for certifying its own public key, generated by another relay terminal or the authentication terminal through which the request information has passed, and based on the path information, the other relay terminal or the authenticated terminal When generating new request information including information specifying arrival at the terminal and possessing certificate information that proves the public key of the authenticated terminal, another relay terminal through which the request information has passed Or certificate information generated by the authentication terminal for certifying its own public key, the certificate information added to the request information, and the certificate information for certifying the public key of the authenticated terminal. Include A first information generation means for generating the serial information for verification,
A third transmission means for transmitting new request information to another terminal and transmitting the verification information to the authentication terminal;
A communication terminal comprising:

Images