JP5161053B2 - User authentication method, user authentication system, service providing apparatus, and authentication control apparatus - Google Patents

Description

  The present invention relates to a technical field for performing user authentication, and particularly to a single sign-on technology.

  When using a plurality of Web sites that require user authentication, the user usually has to input authentication information (ID, password, etc.) that differs for each Web site to the user terminal device and receive authentication. However, this requires complicated authentication information management and authentication procedures.

  There is a single sign-on (SSO) technique as a conventional technique for solving such a problem (see, for example, Non-Patent Documents 1 and 2). This technology is a technology that eliminates the need for authentication processing for each Web site by passing the result of authentication once performed to a plurality of Web sites. That is, in the case of a system using the single sign-on technology, a user can use a plurality of Web sites with only one authentication.

  A system using a single sign-on technology usually includes a user terminal device used by a user, one or more service providing devices that provide service information to the user terminal device on the assumption that user authentication has been performed, and a service provision And an authentication device for performing user authentication provided separately from the device. Here, in Liberty Alliance and SAML (Security Assertion Markup Language) (for example, see Non-Patent Document 1) which are examples of single sign-on technology, a server device provided on a network is an authentication device that authenticates each user. Become. In SASSO (for example, see Non-Patent Document 2) in which authentication processing is made stronger, a terminal device such as a mobile phone owned by a user is an authentication device.

FIG. 1 is a sequence diagram for illustrating a conventional single sign-on processing procedure. In this example, first, the user terminal device accesses the service providing device, transmits authentication request information AUTREQ, and requests user authentication. The service providing apparatus specifies a destination (URL: Uniform Resource Locator, etc.) of the authentication apparatus using a redirect function and transmits authentication request information AUTREQ to the user terminal apparatus. The user terminal device accesses the authentication device of the designated destination, and transmits authentication request information AUTREQ to the authentication device. Upon receiving the authentication request information AUTREQ, the authentication device transmits a presentation request for the user identifier ID (IDP) managed by the authentication device and the corresponding password PWD to the user terminal device. On the other hand, the user terminal device transmits information for presenting the identifier ID (IDP) and the password PWD to the authentication device by zero knowledge proof or the like. The authentication apparatus performs an authentication process using this information, and generates response information RES in which an electronic signature is added to the authentication result AUTR. The authentication device designates the destination of the service providing device using the redirect function and transmits response information RES to the user terminal device. The user terminal device accesses the service providing device of the designated destination, and transmits response information RES and a user identifier managed by the service providing device. The service providing apparatus verifies the response information RES. If the verification is successful, the service providing apparatus transmits service information SVC to the user terminal apparatus. If the verification fails, the service providing apparatus transmits error information to the user terminal apparatus.
“Liberty specification tutorial”, [online], [searched November 26, 2008], Internet <http://www.projectliberty.net/jp/resources/LAP_DIDW_Oct_15_2003_jp.pdf> “NTT's SASSO Turns a Mobile Phone into a Personal Identity Provider”, [online], [searched November 26, 2008], Internet <http://www.projectliberty.org/liberty/content/download/3960/26523 /file/NTT-SASSO%20liberty%20case%20study.pdf>

  As illustrated in FIG. 1, in any of the conventional single sign-on technologies, the user terminal device directly accesses the authentication device and makes an authentication request. In such an environment where the user device can directly access the authentication device, an unauthorized user device may access the authentication device and perform some attack on the authentication device such as a DoS attack, transmission of a computer virus, or unauthorized acquisition of secret information. is there.

  Further, in the case where the service providing apparatus uses the redirect function or the like to specify the destination of the authentication apparatus to the user terminal apparatus, at least the service providing apparatus also discloses the destination of the authentication apparatus. In this case, there is a possibility that an unauthorized service providing device or a device that has acquired the destination of the authentication device from the unauthorized device accesses the authentication device and performs some kind of attack on the authentication device. Alternatively, there is a possibility that an unauthorized service providing device that has acquired the address of the authentication device impersonates a legitimate service providing device and performs an illegal act (so-called phishing etc.) on the user terminal device. In addition, even when the user device designates the authentication device destination and the service providing device does not manage the authentication device destination, the unauthorized service providing device impersonates the authorized service providing device, and the user terminal device is fraudulent. There is also a possibility of doing.

  Further, a method in which the service providing device accesses the authentication device can be assumed. Even in this case, in order to identify each authentication device corresponding to each user, the user identifier managed by the service providing device is a user terminal device. The methods disclosed in other devices are not preferable from the viewpoint of personal information protection.

  The present invention has been made in view of such a point, and provides a single sign-on technology capable of suppressing fraudulent acts on a service providing apparatus and an authentication apparatus and protecting personal information of a user. Objective.

  In the present invention, the user terminal device transmits first authentication request information including the user identifier of the user who uses the user terminal device to the service providing device. The service providing device searches a first database including each user identifier for identifying each user to be provided with service and each anonymous identifier associated with each user identifier on a one-to-one basis, and first authentication request information The anonymous identifier associated with the user identifier included in is extracted. The service providing apparatus transmits second authentication request information including the extracted anonymous identifier to the authentication control apparatus. Next, the authentication control device searches the second database including each anonymous identifier included in the first database and the destination information of the authentication device associated with each anonymous identifier, and the anonymous included in the second authentication request information The destination information of the authentication device associated with the identifier is extracted. The authentication control device transmits third authentication request information to the authentication device whose destination is specified by the extracted destination information. The authentication device to which the third authentication request information is transmitted performs an authentication process for a user who uses the user terminal device.

  In the present invention, the user terminal device does not directly access the authentication device, but the user terminal device transmits the first authentication request information to the service providing device, and the service providing device transmits the second authentication request information to the authentication control device. The authentication control device transmits the third authentication request information to the authentication device, whereby an authentication request is made to the authentication device. In this case, it is not necessary to disclose the destination of the authentication device to the user terminal device or service providing device, and it is possible to suppress an unauthorized user device or service providing device from accessing the authentication device and making an attack.

  Further, in the present invention, since it is not necessary to disclose the address of the authentication device to the service providing device, it is possible to suppress an unauthorized service providing device from impersonating a valid service providing device and performing an illegal act on the user terminal device. .

  In the present invention, the service providing apparatus transmits, to the authentication control apparatus, the second authentication request information including the anonymous identifier associated with the user identifier in the first database, instead of the user identifier of the user terminal apparatus. The device specifies the destination information of the authentication device associated with the anonymous identifier in the second database. In this case, since the service providing device does not need to disclose the user identifier to the authentication control device or the authentication device, the personal information of the user can be protected.

  As described above, according to the present invention, fraudulent acts on the service providing device and the authentication device can be suppressed and personal information of the user can be protected.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
First, a first embodiment of the present invention will be described.

<Configuration>
FIG. 2 is a block diagram illustrating a functional configuration of the user authentication system 1 according to the first embodiment. FIG. 3 is a block diagram illustrating a functional configuration of the user terminal device 10 illustrated in FIG. FIG. 4 is a block diagram illustrating a functional configuration of the service providing apparatus 20 illustrated in FIG. FIG. 5 is a block diagram illustrating a functional configuration of the authentication control device 30 illustrated in FIG. FIG. 6 is a block diagram illustrating a functional configuration of the authentication device 40 illustrated in FIG.

  As illustrated in FIG. 2, the user authentication system 1 of this embodiment includes a user terminal device 10, a service providing device 20, an authentication control device 30, and an authentication device 40. The user terminal device 10 and the authentication device 40 of this embodiment are configured using a terminal device such as a mobile phone or a personal computer having a communication function possessed by the user. Further, the user terminal device 10 and the authentication device 40 may be configured in the same casing or may be configured in separate casings. For example, the user terminal device 10 and the authentication device 40 may be configured in one mobile phone, the user terminal device 10 may be configured by a personal computer, and the authentication device 40 may be configured by a mobile phone. On the other hand, the service providing apparatus 20 and the authentication control apparatus 30 according to the present embodiment are, for example, server apparatuses having a communication function in which a security policy is set to prevent specific secret information from leaking to each other. In addition, the service providing apparatus 20 and the authentication control apparatus 30 according to the present embodiment may be server apparatuses having communication functions managed by separate administrators. For simplification of explanation, FIG. 2 shows one user terminal device 10, service providing device 20, authentication control device 30, and authentication device 40, but each user terminal device 10, service providing device 20, A plurality of authentication devices 40 are provided.

[User terminal device]
As illustrated in FIG. 3, the user terminal device 10 according to the present embodiment includes a storage unit 11, a read / write unit 12 a, an authentication request generation unit 12 b, a communication processing unit 12 c, a reception unit 13, a transmission unit 14, a control unit 15, and temporary storage. Unit 16, output unit 17, and input unit 18. Examples of the storage unit 11 and the temporary storage unit 16 are RAM (random-access memory) and a magnetic recording medium, and examples of the read / write unit 12 are hardware that reads and writes data from and to the storage unit 11 and the temporary storage unit 16. is there. Further, examples of the authentication request generation unit 12b, the communication processing unit 12c, and the control unit 15 are calculation units configured by a predetermined program being read and executed by a central processing unit (CPU). Examples of the reception unit 13 and the transmission unit 14 are hardware such as a LAN card and a wireless communication module. An example of the output unit 17 is an output user interface such as a liquid crystal panel or a speaker, and an example of the input unit 18 is an input user interface such as an input key, a touch panel, or a microphone. Note that the user terminal device 10 executes each calculation under the control of the control unit 15. In addition, each calculation unit of the user terminal device 10 stores processing result data in the temporary storage unit 16 as necessary, and the data stored in the temporary storage unit 16 is read out to the calculation unit as necessary. Used for that process.

[Service Providing Device]
As illustrated in FIG. 4, the service providing apparatus 20 according to the present embodiment includes a storage unit 21, a read / write unit 22a, a search unit 22b, an authentication request generation unit 22c, a session management unit 22d, a communication processing unit 22e, a signature verification unit 22f, A receiving unit 23, a transmitting unit 24, a control unit 25, and a temporary storage unit 26 are included. Examples of the storage unit 21 and the temporary storage unit 26 are a RAM and a magnetic recording medium, and the example of the read / write unit 22 is hardware that reads and writes data from and to the storage unit 21 and the temporary storage unit 26. Further, examples of the search unit 22b, the authentication request generation unit 22c, the session management unit 22d, the communication processing unit 22e, the signature verification unit 22f, and the control unit 25 are configured by reading a predetermined program into the CPU and executing it. It is an arithmetic unit. Examples of the reception unit 23 and the transmission unit 24 are hardware such as a LAN card and a wireless communication module. Note that the service providing apparatus 20 executes each calculation under the control of the control unit 25. In addition, each calculation unit of the service providing apparatus 20 stores processing result data in the temporary storage unit 26 as necessary, and the data stored in the temporary storage unit 26 is read out to the calculation unit as necessary. Used for that process.

[Authentication control device]
As illustrated in FIG. 5, the authentication control apparatus 30 according to the present embodiment includes a storage unit 31, a read / write unit 32a, a search unit 32b, an authentication request generation unit 32c, a signature verification unit 32d, a signature generation unit 32e, and a response information generation unit 32f. A session management unit 32g, a communication processing unit 32h, a filtering processing unit 32i, a reception unit 33, a transmission unit 34, a control unit 35, and a temporary storage unit 36. Examples of the storage unit 31 and the temporary storage unit 36 are a RAM and a magnetic recording medium, and the example of the read / write unit 32a is hardware that reads and writes data from and to the storage unit 31 and the temporary storage unit 36. Examples of the search unit 32b, the authentication request generation unit 32c, the signature verification unit 32d, the signature generation unit 32e, the response information generation unit 32f, the session management unit 32g, the communication processing unit 32h, the filtering processing unit 32i, and the control unit 35 The calculation unit is configured by a CPU reading and executing a predetermined program. Examples of the reception unit 33 and the transmission unit 34 are hardware such as a LAN card and a wireless communication module. Note that the authentication control device 30 executes each calculation under the control of the control unit 35. Each calculation unit of the authentication control device 30 stores data as a processing result in the temporary storage unit 36 as necessary, and the data stored in the temporary storage unit 36 is read out to the calculation unit as necessary. Used for that process.

[Authentication device]
As illustrated in FIG. 6, the authentication device 40 according to the present embodiment includes a storage unit 41, a read / write unit 42a, an authentication processing unit 42b, a signature generation unit 42c, a response information generation unit 42d, a communication processing unit 42e, a reception unit 43, and a transmission. Unit 44, control unit 45, temporary storage unit 46, output unit 47, and input unit 48. Examples of the storage unit 41 and the temporary storage unit 46 are a RAM and a magnetic recording medium, and the example of the read / write unit 42a is hardware that reads and writes data from and to the storage unit 41 and the temporary storage unit 46. Further, examples of the authentication processing unit 42b, the signature generation unit 42c, the response information generation unit 42d, the communication processing unit 42e, and the control unit 45 are arithmetic units configured by reading and executing a predetermined program in the CPU. It is. Examples of the reception unit 43 and the transmission unit 44 are hardware such as a LAN card and a wireless communication module. An example of the output unit 47 is an output user interface such as a liquid crystal panel or a speaker, and an example of the input unit 48 is an input user interface such as an input key, a touch panel, a camera, or a microphone. The authentication device 40 executes each calculation under the control of the control unit 45. Each calculation unit of the authentication device 40 stores data as a processing result in the temporary storage unit 46 as necessary, and the data stored in the temporary storage unit 46 is read out to the calculation unit as necessary. Used for processing.

<User authentication method>
Next, a user authentication method according to this embodiment will be described.
FIG. 7 is a sequence diagram for explaining the user authentication method of the first embodiment. 8 to 11 are flowcharts for explaining the user authentication method of the first embodiment. Hereinafter, the user authentication method of this embodiment will be described with reference to these drawings.

[Preprocessing]
A user identifier ID (SP) is set for each user of the service providing apparatus 20 in advance. The user identifier ID (SP) is information including personal information of the user such as a character string selected by the user and a mail address of the user terminal device 10 used by the user. Also, each anonymous identifier ID (AN) corresponding to each user identifier is set. The anonymous identifier ID (AN) is information that does not include the user's personal information such as a random character string assigned so as not to overlap. Moreover, the authentication apparatus 40 which each user uses as an authentication apparatus is set. The authentication device 40 of this embodiment is configured using a terminal device having a communication function possessed by a user, and each user identifier ID (SP) corresponds to one of the authentication devices 40.

  The user identifier ID (SP) set as described above is given to each user. In addition, the first database including each set user identifier ID (SP) and each anonymous identifier ID (AN) associated with each user identifier ID (SP) one-to-one is stored in the service providing apparatus 20. Stored in the unit 21. By using this first database, each anonymous identifier ID (AN) corresponding to each user identifier ID (SP) can be specified.

  Further, the second database including each anonymous identifier ID (AN) included in the first database and the destination information LOC (IDP) of the authentication device 40 associated with each anonymous identifier ID (AN) is the authentication control device 30. Stored in the storage unit 31. The destination information LOC (IDP) associated with the anonymous identifier ID (AN) is the authentication device selected by the user corresponding to the user identifier ID (SP) associated with the anonymous identifier ID (AN) in the first database. 40 destination information LOC (IDP). In other words, the destination information LOC (IDP) associated with the anonymous identifier ID (AN) is the destination information LOC (IDP) of the authentication device 40 that authenticates the user corresponding to the anonymous identifier ID (AN). The destination information of a certain device is location information for specifying the location of the device on the network, and specific examples thereof include a URL (Uniform Resource Locator) and a mail address.

  In this embodiment, a key pair of a public key cryptosystem secret key SK (IDXP) and a public key PK (IDXP) such as RSA is set for the authentication control device 30. Also, a key pair of a public key cryptosystem secret key SK (IDP) and a public key PK (IDP) is set for each authentication device 40. The secret key SK (IDXP) is stored in the storage unit 31 of the certificate control device 30, and the public key PK (IDXP) is stored in the storage unit 21 of each service providing device 20. The storage unit 41 of each authentication device 40 stores a secret key SK (IDP) set for itself. Each public key PK (IDP) is stored in the storage unit 31 of the authentication control device 30 in association with the destination information LOC (IDP) of the corresponding authentication device 40. That is, in the second database of this embodiment, each anonymous identifier ID (AN), destination information LOC (IDP) of each authentication device 40, and each public key PK (IDP) are associated with each user.

  The storage unit 11 of the user terminal device 10 stores the destination information LOC (UT) of the user terminal device 10 and the destination information LOC (SP) of the service providing device 20, and the storage unit 21 of the service providing device 20 stores the destination information LOC (UT). Stores destination information LOC (SP) of the service providing device 20 and destination information LOC (IDXP) of the authentication control device 30. In addition, the storage unit 31 of the authentication control device 30 includes a permission including each service providing device 20 permitted to access the authentication control device 30 and each destination information LOC (SP) and LOC (IDP) of each authentication device 40. A table is stored. The authentication control device 30 is configured to reject access from other than the service providing device 20 and the authentication device 40 that permit these accesses.

[Authentication process]
A user who wants to receive service information from the service providing device 20 connects to the service providing device 20 using the user terminal device 10. The session management unit 22d of the service providing apparatus 20 connected to the user terminal apparatus 10 generates a session identifier SID for the session. The generated session identifier SID is transmitted to the user terminal device 10 and stored in the storage unit 11 of the user terminal device 10. In the following, the session identifier SID generated for the user terminal device 10 is expressed as a session identifier SID _U.

Thereafter, the user identifier ID (SP) of the user who uses the user terminal device 10 is input to the input unit 18 of the user terminal device 10 (FIG. 3), and is stored in the storage unit 11 by the read / write unit 12a. Hereinafter, a user identifier ID (SP) of a user who uses the user terminal device 10 is expressed as a user identifier ID _U (SP). If the user identifier ID _U (SP) has already been stored in the storage unit 11, the user identifier ID _U (SP) input process is not necessary. Next, the read / write unit 12a reads from the storage unit 11 the destination information LOC (UT) of the user terminal device 10, the destination information LOC (SP) of the service providing device 20, the user identifier ID _U (SP), and the session identifier. Read SID _U. Then, the authentication request generating unit 12b includes the first authentication request information AUTREQ1 = [transmission destination information, transmission destination information, user identifier, session identifier] = [LOC (SP), LOC (UT ), ID _U (SP), SID _U ] is generated (step S11). The first authentication request information AUTREQ1 is sent to the communication processing unit 12c, and is transmitted from the transmission unit 14 to the service providing apparatus 20 under the control of the communication processing unit 12c (step S12).

The first authentication request information AUTREQ1 is received by the receiving unit 23 of the service providing apparatus 20 (FIG. 4) (step S13) and stored in the storage unit 21 by the read / write unit 22a. Next, the search unit 22b searches the first database stored in the storage unit 21, and extracts the anonymous identifier ID (AN) associated with the user identifier ID _U (SP) included in the first authentication request information AUTREQ1. (Step S14). Hereinafter, the anonymous identifier ID (AN) associated with the user identifier ID _U (SP) is expressed as an anonymous identifier ID _U (AN). Further, the read / write unit 22a receives the destination information LOC (IDXP) of the authentication control device 30 from the storage unit 21, the destination information LOC (SP) of the service providing device 20, and the session identifier SID _U included in the first authentication request information AUTREQ1. Is read. The authentication request generation unit 22c uses the user identifier ID _U (SP) extracted by the search unit 22b, the destination information LOC (IDXP) read by the read / write unit 22a, the destination information LOC (SP), and the session identifier SID _U. Second authentication request information AUTREQ2 = [destination destination information, source destination information, anonymous identifier, session identifier] = [LOC (IDXP), LOC (SP), ID _U (AN), SID _U ] is generated (step S15). The second authentication request information AUTREQ2 is sent to the communication processing unit 22e, and is transmitted from the transmission unit 24 to the authentication control device 30 under the control of the communication processing unit 22e (step S16).

  The second authentication request information AUTREQ2 is received by the receiving unit 33 of the authentication control device 30 (FIG. 5) (step S17) and sent to the filtering processing unit 32i. The filtering processing unit 32i determines whether the destination information LOC (SP) of the transmission source of the second authentication request information AUTREQ2 matches the elements [LOC (SP), LOC (IDP)] of the permission table stored in the storage unit 31. A filtering process for determining whether or not is performed (step S18). Here, if they do not match, the filtering processing unit 32i discards the second authentication request information AUTREQ2 and denies access (step S19).

On the other hand, if they match, the read / write unit 32a stores the second authentication request information AUTREQ2 in the storage unit 31. Next, the search unit 32b searches the second database stored in the storage unit 31, and the destination information LOC (IDP) of the authentication device 40 corresponding to the anonymous identifier ID _U (AN) included in the second authentication request information AUTREQ2 Is extracted (step S20). Hereinafter, the destination information LOC (IDP) of the authentication device 40 corresponding to the anonymous identifier ID _U (AN) is expressed as LOC _U (IDP). Next, the read / write unit 32a reads the destination information LOC (IDXP) of the authentication control device 30 and the session identifier SID _U included in the second authentication request information AUTREQ2 from the storage unit 31. Then, the authentication request generation unit 32c uses the destination information LOC _U (IDP) extracted by the search unit 32b, the destination information LOC (IDXP) read by the read / write unit 32a, and the session identifier SID _U. Authentication request information AUTREQ3 = [destination destination information, source destination information, session identifier] = [LOC _U (IDP), LOC (IDXP), SID _U ] is generated (step S21)
. The third authentication request information AUTREQ3 is sent to the communication processing unit 32h, and is transmitted from the transmission unit 34 to the authentication device 40 whose destination is specified by the destination information LOC _U (IDP) under the control of the communication processing unit 32h. (Step S22).

  The third authentication request information AUTREQ3 is received by the receiving unit 43 of the authentication device 40 (FIG. 6) (step S23) and stored in the storage unit 41 by the read / write unit 42a. With this as an opportunity, the authentication processing unit 42b performs user authentication processing (step S24). Various methods can be used for the user authentication process. For example, since the authentication device 40 of the present embodiment is a device possessed by the user, the authentication processing unit 42b outputs an output requesting input such as “Do you want to execute authentication processing?” The user authentication can be performed when there is an input from the input unit 48 to execute the authentication process. In such a user authentication method, it is assumed that it is a legitimate user possessing the authentication device 40 that can input and output information using the user interface of the output unit 47 and the input unit 48. It is. Alternatively, a method of performing user authentication by inputting a password from the input unit 48 and authenticating the password is also possible. In addition, user authentication may be performed by inputting a password by voice or inputting an image. The authentication result AUTR1 = [pass or fail] output from the authentication processing unit 42b is stored in the storage unit 41 by the read / write unit 42a.

Next, the read / write unit 42a reads the secret key SK (IDP) and the authentication result AUTR1 from the storage unit 41, and the signature generation unit 42c uses the secret key SK (IDP) to sign the electronic signature Sign (AUTR1 of the authentication result AUTR1. ) (Corresponding to “first electronic signature”) is generated (step S25). The electronic signature Sign (AUTR1) may be generated by a publicly known method.For example, a ciphertext obtained by encrypting the hash value H (AUTR1) of the authentication result AUTR1 using a secret key SK (IDP) by a public key cryptosystem is used. The electronic signature is Sign (AUTR1). The generated electronic signature Sign (AUTR1) is stored in the storage unit 41. Next, the read / write unit 42a receives the destination information LOC (IDXP) of the authentication control device 30 included in the third authentication request information AUTREQ3 from the storage unit 41, the destination information LOC _U (IDP) of the authentication device 40, and the session identifier SID _U. Then, the authentication result AUTR1 in step S24 and its electronic signature Sign (AUTR1) are read out. Then, the response information generation unit 42d includes the first response information RES1 = [destination destination information, source destination information, authentication result, electronic signature, session identifier] = [LOC (IDXP), LOC _U ( IDP), AUTR1, Sign (AUTR1), SID _U ] are generated (step S26), and the read / write unit 42a stores them in the storage unit 41. Thereafter, the first response information RES1 is read by the read / write unit 42a and sent to the communication processing unit 42e, and the destination is specified by the destination information LOC (IDXP) from the transmission unit 44 under the control of the communication processing unit 42e. Is transmitted to the authentication control device 30 (step S27).

The first response information RES1 is received by the receiving unit 33 of the authentication control device 30 (FIG. 5) (step S28) and sent to the filtering processing unit 32i. The filtering processing unit 32i confirms whether the destination information LOC _U (IDP) of the transmission source of the first response information RES1 matches the elements [LOC (SP), LOC (IDP)] of the permission table stored in the storage unit 31. A filtering process is performed to determine whether or not (step S29). Here, if they do not match, the filtering processing unit 32i discards the first response information RES1 and denies access (step S30).

On the other hand, if they match, the read / write unit 32a stores the first response information RES1 in the storage unit 31. Next, the search unit 32b searches the second database stored in the storage unit 31, and extracts the public key PK (IDP) associated with the destination information LOC _U (IDP) included in the first response information RES1. . In the following description, expressed as destination information LOC publish _U public key PK associated with (IDP) (IDP) key PK _U (IDP). Further, reading and writing portion 32a is authenticated first response information RES1 stored in the storage unit 31 includes a result AUTR1 and the read digital signature Sign (AUTR1), the signature verification unit 32d is, the public key PK _U and (IDP) Authentication The result AUTR1 is used to verify the electronic signature Sign (AUTR1). This verification is verification that the authentication result AUTR1 = [pass] and that the electronic signature Sign (AUTR1) is pass. That is, the signature verification unit 32d according to the present embodiment passes the authentication result AUTR1 = [pass], and if the electronic signature Sign (AUTR1) is determined to be valid, the electronic signature Sign (AUTR1) passes. In other cases, it is determined to be unacceptable. If the electronic signature Sign (AUTR1) is a ciphertext obtained by encrypting the hash value H (AUTR1) with the secret key SK (IDP) using the public key cryptosystem, the electronic signature Sign (AUTR1) is the public key PK _U. When the decryption result decrypted using (IDP) is equal to the hash value H (AUTR1) of the authentication result AUTR1, it is determined that the electronic signature Sign (AUTR1) is valid. The verification result AUTR2 output from the signature verification unit 32d is stored in the storage unit 31 by the read / write unit 32a (step S31).

Next, the read / write unit 32a reads the secret key SK (IDXP) and the verification result AUTR2 = [pass or fail] from the storage unit 31, and the signature generation unit 32e uses the secret key SK (IDXP) to verify the verification result. An electronic signature Sign (AUTR2) (corresponding to “second electronic signature”) of AUTR2 is generated (step S32), and the read / write unit 32a stores the electronic signature Sign (AUTR2) in the storage unit 31. The electronic signature Sign (AUTR2) is generated by a known method as described above. Next, the search unit 32b searches the second database stored in the storage unit 31, and is associated with the destination information LOC _U (IDP) of the authentication device 40 included in the first response information RES1 stored in the storage unit 31. Anonymous identifier ID _U (AK) is extracted. Further, the session management unit 32g searches the storage unit 31 and specifies the second authentication request information AUTREQ2 including the session identifier SID _U included in the first response information RES1. The read / write unit 32a then sends the destination information LOC (SP) of the service providing device 20 included in the second authentication request information AUTREQ2, the session identifier SID _U, and the destination information LOC of the authentication control device 30 stored in the storage unit 31. (IDXP), verification result AUTR2, and electronic signature Sign (AUTR2) are read. The response information generation unit 32f includes the second response information RES2 = [transmission destination information, transmission destination information, verification result, electronic signature, anonymous identifier, session identifier] = [LOC (SP), LOC (IDXP), AUTR2, Sign (AUTR2), ID U (aN), generates a SID _U], the second response information RES2 are stored in the storage unit 31 by the reading section 32a. Thereafter, the second response information RES2 is read from the storage unit 31 by the read / write unit 32a and sent to the communication processing unit 32h. Under the control of the communication processing unit 32h, the second response information RES2 is transmitted from the transmission unit 34 to the destination information LOC (SP). It is transmitted to the service providing apparatus 20 whose destination is specified (step S34).

The second response information RES2 is received by the receiving unit 23 of the service providing apparatus 20 (FIG. 4). The read / write unit 22a searches the first database stored in the storage unit 21, identifies the user identifier ID _U (SP) associated with the anonymous identifier ID _U (AN) included in the second response information RES2, and The second response information RES2 is stored in association with it (step S35).

Next, the read / write unit 22a reads the public key PK (IDXP) of the authentication control device 30 stored in the storage unit 21, the verification result AUTR2 and the electronic signature Sign (AUTR2) included in the second response information RES2, and the signature The verification unit 22f verifies the electronic signature Sign (AUTR2) using the public key PK (IDXP) and the verification result AUTR2 (step S36). This verification is verification that the verification result AUTR2 = [pass] and that the electronic signature Sign (AUTR2) is pass. That is, the signature verification unit 22f of the present embodiment passes the authentication result AUTR2 = [pass], and if the electronic signature Sign (AUTR2) is determined to be valid, the electronic signature Sign (AUTR2) passes. And the verification result AUTR3 = [pass] is output, otherwise it is determined that the verification is failed and the verification result AUTR3 = [fail] is output (step S37). Here, when the verification result AUTR3 = [passed] by the signature verification unit 22f, the read / write unit 22a reads the second response information RES2 associated with the anonymous identifier ID _U (AN) of the first database in the storage unit 21. Are stored in association with the verification result AUTR3 = [pass] (step S38). On the other hand, when the verification result AUTR3 = [failed] of the signature verification unit 22f, the read / write unit 22a outputs the second response information RES2 associated with the anonymous identifier ID _U (AN) of the first database in the storage unit 21. Are stored in association with the verification result AUTR3 = [failed] (step S39).

After that, triggered by an update input from the input unit 18 of the user terminal device 10 (FIG. 3), the read / write unit 12a receives the destination information LOC (UT) of the user terminal device 10 and the destination information of the service providing device 20 from the storage unit 11. The LOC (SP) and the session identifier SID _U are read, and the communication processing unit 12c includes the request information SVCREC = [destination destination information, source destination information, session identifier] = [LOC (SP), LOC (UT), SID _U ] is generated. The request information SVCREC is transmitted from the transmission unit 14 to the service providing apparatus 20 (step S40). In addition, the example of the procedure which operates step S40 after implementation of step S38, S39 is as follows.

[Method 1]
After the execution of the process of step S27 (after the transmission of the first response information RES1 from the authentication device 40 to the authentication control device 30), the output unit 47 of the authentication device 40 reads “The authentication procedure at the authentication device has been completed. Click the "Update" button on the terminal device screen "to display a comment. On the other hand, the user inputs information for performing update processing from the input unit 48 of the authentication device 40. At this time, if the process of step S38 or S39 has been executed, the process of step S40 is executed.

[Method 2]
After execution of the process of step S27, the user terminal device 10 transmits inquiry information as to whether or not user authentication has been periodically ended to the service providing device 20. When the user authentication is completed, the service providing apparatus 20 returns the response of Step S38 or S39 as a response to the inquiry information, and the process of Step S40 is executed.

[Method 3]
The service providing device 20 has a function of notifying the user terminal device 10 of the verification result in step S38 or S39. After the notification in step S38 or S39, the user terminal device 10 automatically updates the screen, and the process in step S40 is executed.

The request information SVCREC is received by the receiving unit 23 of the service providing apparatus 20 (FIG. 4) and stored in the storage unit 21 by the read / write unit 22a (step S41). In response to this, the search unit 22b searches the first database stored in the storage unit 21, and the verification result AUTR3 associated with the second response information RES2 including the session identifier SID _U included in the request information SVCREC is [passed]. ] (Step S42).

Here, when it is determined that AUTR3 = [pass], the read / write unit 22a receives the destination information LOC (UT) of the user terminal device 10 included in the request information SVCREC from the storage unit 21 and the destination information LOC ( SP), the user identifier ID _U (SP) associated with the second response information RES2 in the first database, and the service information SVC are read. Then, the communication processing unit 22e includes the third response information RES3 = [destination destination information, source destination information, user identifier, service information] = [LOC (UT), LOC (SP), ID _U (SP), SVC] is generated, and the transmission unit 24 transmits the third response information RES3 to the user terminal device 10 (step S43). On the other hand, if it is determined that AUTR3 = [failed], the communication processing unit 22e generates error information indicating an error, and the transmission unit 24 transmits the error information to the user terminal device 10 (step S44). ).

  The information transmitted in step S43 or S44 is received by the receiving unit 13 of the user terminal device 10, and the service information SVC included in the third response information RES3 and the error display indicated by the error information are output from the output unit 17 (step S45).

<Features of this embodiment>
As described above, in this embodiment, the user terminal device 10 does not directly access the authentication device 40, but the user terminal device 10 transmits the first authentication request information AUTREQ1 to the service providing device 20, and the service providing device 20 2 The authentication request information AUTREQ2 is transmitted to the authentication control apparatus 30, and the authentication control apparatus 30 transmits the third authentication request information AUTREQ3 to the authentication apparatus 40, whereby an authentication request is made to the authentication apparatus 40. In this case, it is not necessary to disclose the destination of the authentication device 40 to other than the authentication control device 30, and it is possible to prevent an unauthorized user terminal device or service providing device from accessing the authentication device 40 and making an attack.

  Further, in this embodiment, since it is not necessary to disclose the destination of the authentication device to the service providing device 20, it is also possible to prevent an unauthorized service providing device from impersonating a legitimate service providing device and performing an illegal act on the user terminal device. it can.

In this embodiment, the service providing device 20 is not the user identifier ID _U (SP) of the user terminal device 10 but the anonymous identifier ID _U (AN) associated with the user identifier ID _U (SP) in the first database. Is sent to the authentication control device 30, and the authentication control device 30 specifies the destination information of the authentication device 40 associated with the anonymous identifier ID _U (AN) in the second database. In this case, since the service providing device 20 does not need to disclose the user identifier ID _U (SP) to the authentication control device 30 or the authentication device 40, the personal information of the user can be protected.

Further, the service providing apparatus 20 searches the first database and extracts an anonymous identifier ID _U (AN) corresponding to the user identifier ID _U (SP) included in the first authentication request information AUTREQ1. Here, if the processing is terminated when the anonymous identifier ID _U (AN) corresponding to the user identifier ID _U (SP) included in the first authentication request information AUTREQ1 does not exist, the attacker performs random first authentication. It is possible to block an attack that sends a large amount of request information to the service providing apparatus 20 and suppress the influence of the attack on the authentication control apparatus 30 and the authentication apparatus 40.

  In this embodiment, the authentication device 40 generates an electronic signature Sign (AUTR1) for the information AUTR1 indicating the result of the authentication process, and the first response information RES1 including the electronic signature Sign (AUTR1) is used as the authentication control device 30. Send to. Then, the authentication control device 30 verifies the electronic signature Sign (AUTR1) included in the first response information RES1, generates an electronic signature Sign (AUTR2) for the information AUTR2 indicating the verification result, and generates an electronic signature Sign (AUTR2 ) Including the second response information RES2 including (). Then, the service providing apparatus 20 verifies the electronic signature Sign (AUTR2) included in the second response information RES2. In this case, the service providing apparatus 20 can know the user authentication result not by the electronic signature Sign (AUTR1) of the authentication apparatus 40 but by the authentication control apparatus 30 electronic signature Sign (AUTR2). Therefore, it is not necessary to transmit the electronic signature Sign (AUTR1) of the authentication device 40 to the service providing device 20. Since the electronic signature Sign (AUTR1) of the authentication device 40 is information for specifying the authentication device 40, not sending the electronic signature Sign (AUTR1) of the authentication device 40 to the service providing device 20 means that the information of the authentication device 40 is used. This is preferable in that it does not leak to the service providing apparatus 20.

  Further, the authentication control device 30 of the present embodiment is a device that denies access from other than the service providing device and the authentication device to which access is permitted. Thereby, the attack which an attacker's apparatus accesses by accessing the authentication control apparatus 30 can be prevented.

  In this embodiment, the destination information LOC (IDXP) of the authentication control device 30 is stored in advance in the storage unit 21 of the service providing device 20, and the service providing device 20 uses the destination information LOC (IDXP) to 2 The authentication request information AUTREQ2 is transmitted to the authentication control device 30. Therefore, an unauthorized service providing device in which the destination information LOC (IDXP) of the authentication control device 30 is not stored in advance is impersonated as a legitimate service providing device, and an unauthorized act (such as a phishing scam) is performed on the user terminal device 10. Can be suppressed.

[Variation 1 of the first embodiment]
Next, Modification 1 of the first embodiment will be described. In the first embodiment described above, the electronic signature Sign (AUTR1) of the authentication result AUTR1 generated by the authentication device 40 is verified by the authentication control device 30, and the authentication control device 30 verifies the electronic signature Sign (AUTR2) of the verification result AUTR2. The service providing apparatus 20 verifies the electronic signature Sign (AUTR2), and the service providing apparatus 20 determines whether the user authentication is successful. However, in the first modification, the service providing apparatus 20 determines pass / fail of user authentication by verifying the electronic signature Sign (AUTR1) of the authentication result AUTR1 generated by the authentication apparatus 40. Below, it demonstrates focusing on the difference of 1st Embodiment.

  FIG. 12 is a block diagram illustrating a functional configuration of the user authentication system 100 according to the first modification of the first embodiment.

  The difference of the user authentication system 100 from the user authentication system 1 is that the authentication control device 30 is replaced with an authentication control device 130. Further, the authentication control device 130 has a configuration in which the signature generation unit 32e is removed from the authentication control device 30.

  FIG. 13 is a sequence diagram for explaining a user authentication method according to the first modification of the first embodiment. 14 and 15 are flowcharts for explaining a user authentication method according to the first modification of the first embodiment. Hereinafter, the user authentication method of this embodiment will be described with reference to these drawings.

  In this modification, in the pre-processing, the service providing apparatus 20 can specify each public key PK (IDP) of the authentication apparatus 40 corresponding to each user. For example, the public key PK (IDP) of the authentication device 40 corresponding to each user identifier ID (SP) is associated with the first database stored in the storage unit 21 of the service providing device 20.

In the user authentication process, first, the process described in steps S11 to S30 of the first embodiment is executed. In the determination in step S29, the destination information LOC _U (IDP) of the transmission source of the first response information RES1 is stored in the storage unit 31. When it is determined that it matches the elements [LOC (SP), LOC (IDP)] of the permission table stored in, the read / write unit 32a of the authentication control device 130 stores the first response information RES1 in the storage unit 31.

Next, the search unit 32b is, retrieves the second database stored in the storage unit 31, the public key PK _U (IDP) associated with the destination information LOC _U to first response information RES1 comprises (IDP) Extraction To do. Further, reading and writing portion 32a is authenticated first response information RES1 stored in the storage unit 31 includes a result AUTR1 and the read digital signature Sign (AUTR1), the signature verification unit 32d is, the public key PK _U and (IDP) Authentication The electronic signature Sign (AUTR1) is verified using the result AUTR1 (step S131). This verification is verification that the authentication result AUTR1 = [pass] and that the electronic signature Sign (AUTR1) is pass. That is, the signature verification unit 32d according to the present embodiment passes the authentication result AUTR1 = [pass], and if the electronic signature Sign (AUTR1) is determined to be valid, the electronic signature Sign (AUTR1) passes. In other cases, it is determined to be unacceptable. Here, if the electronic signature Sign (AUTR1) fails, the filtering processing unit 32i discards the first response information RES1 and denies access (step S30). On the other hand, if the electronic signature Sign (AUTR1) is acceptable, the following processing in step S133 is executed. Note that the verification process in step S131 is not executed, and in the determination in step S29, the destination information LOC _U (IDP) of the transmission source of the first response information RES1 is stored in the storage unit 31 as the element [LOC (SP ), LOC (IDP)], the following processing in step S133 may be executed.

In step S133, the search unit 32b searches the second database stored in the storage unit 31, and associates it with the destination information LOC _U (IDP) of the authentication device 40 included in the first response information RES1 stored in the storage unit 31. Extracted anonymous identifier ID _U (AK). Further, the session management unit 32g searches the storage unit 31 and specifies the second authentication request information AUTREQ2 including the session identifier SID _U included in the first response information RES1. The read / write unit 32a then sends the destination information LOC (SP) of the service providing device 20 included in the second authentication request information AUTREQ2, the session identifier SID _U, and the destination information LOC of the authentication control device 30 stored in the storage unit 31. (IDXP), verification result AUTR1, and electronic signature Sign (AUTR1) are read. The response information generation unit 32f includes second response information RES11 = [transmission destination information, transmission destination information, verification result, electronic signature, anonymous identifier, session identifier] = [LOC (SP), LOC (IDXP), AUTR1, Sign (AUTR1), ID _U (AN), SID _U ] are generated, and the second response information RES11 is stored in the storage unit 31 by the read / write unit 32a. Thereafter, the second response information RES11 is read from the storage unit 31 by the read / write unit 32a and sent to the communication processing unit 32h. Under the control of the communication processing unit 32h, the second response information RES11 is transmitted from the transmission unit 34 to the destination information LOC (SP). It is transmitted to the service providing apparatus 20 whose destination is specified (step S134).

The second response information RES11 is received by the receiving unit 23 of the service providing apparatus 20 (FIG. 4). The read / write unit 22a searches the first database stored in the storage unit 21, identifies the user identifier ID _U (SP) associated with the anonymous identifier ID _U (AN) included in the second response information RES11, and The second response information RES11 is stored in association with it (step S135).

Next, the search unit 22b searches the first database stored in the storage unit 21, extracts the public key PK _U (IDP) of the authentication device 40 associated with the user identifier ID _U (SP), and reads and writes part 22a reads a verification result AUTR1 and the electronic signature Sign the second response information RES11 including (AUTR1), the signature verification unit 22f is a public key PK _U (IDP) and the verification results electronic signature by using the AUTR1 Sign ( AUTR1) is verified (step S136). This verification is verification that the verification result AUTR1 = [pass] and that the electronic signature Sign (AUTR1) is pass. That is, the signature verification unit 22f according to the present embodiment passes the authentication result AUTR1 = [pass], and if the electronic signature Sign (AUTR1) is determined to be valid, the electronic signature Sign (AUTR1) passes. And the verification result AUTR3 = [pass] is output, otherwise it is determined that the verification is failed and the verification result AUTR3 = [fail] is output (step S137). Then, the process of step S38-S45 demonstrated by 1st Embodiment is performed.

[Modification 2 of the first embodiment]
Next, Modification 2 of the first embodiment will be described. In the first embodiment, the destination information LOC (IDXP) of one authentication control device 30 is stored in the storage unit 21 of the service providing device 20, and the destination of the service providing device 20 is specified by the destination information LOC (IDXP). The authentication control device 30 is accessed. However, in Modification 2 of the first embodiment, the first database is associated with each user identifier ID (SP) for identifying each user to be provided with the service and each user identifier ID (SP) on a one-to-one basis. The database includes each anonymous identifier ID (AN) and destination information LOC (IDXP) of the authentication control device 30 associated with each user identifier ID (SP). Then, the service providing apparatus 20 searches the first database, and sends destination information LOC (IDXP) (user identifier ID) of the authentication control apparatus 30 associated with the user identifier ID _U (SP) included in the first authentication request information AUTREQ1. _U destination information associated with the (SP) LOC the (IDXP) expressed as LOC _U (IDXP)) was further extracted destination information LOC _U (using IDXP), the second authentication request information AUTREQ2 destination information LOC It is transmitted to the authentication control device 30 whose destination is specified by _U (IDXP). Thereby, since the authentication control device can be made different for each user, even if the authentication control device corresponding to any user leaks to the attacker, the destination of the authentication control device corresponding to another user is It is unknown to the attacker. As a result, it is possible to more effectively prevent an illegal act such as a phishing scam performed by an attacker impersonating a legitimate service providing apparatus. Below, it demonstrates centering on difference with 1st Embodiment.

  FIG. 16 is a block diagram illustrating a functional configuration of the service providing apparatus 220 according to the second modification of the first embodiment.

  The difference in the configuration of this modification from the first embodiment is that the service providing apparatus 20 is replaced with the service providing apparatus 220. In addition, as illustrated in FIG. 16, the difference between the service providing device 20 and the service providing device 220 is that the data configuration of the first database stored in the storage unit 21 is different, and the search unit 22b is the search unit 222b. It is a point to be replaced with. As shown in FIG. 16, the first database of this modified example further includes, for each user identifier ID (SP), destination information LOC (IDXP) of each authentication control device 30 corresponding to each user identifier ID (SP). ) Are associated.

  FIG. 17 is a flowchart for explaining a user authentication method according to the second modification of the first embodiment.

In this user authentication process, first, the processes of steps S11 to S13 of the first embodiment are executed. Next, the search unit 222b searches the first database stored in the storage unit 21, and an anonymous identifier ID _U (AN) associated with the user identifier ID _U (SP) included in the first authentication request information AUTREQ1 Then, the destination information LOC _U (IDXP) of the authentication control device 30 is extracted (step S214). Further, the read / write unit 22a reads the destination information LOC (SP) of the service providing apparatus 20 and the session identifier SID _U included in the first authentication request information AUTREQ1 from the storage unit 21. The authentication request generating unit 22c uses the user identifier ID _U (SP) and destination information LOC _U (IDXP) extracted by the search unit 22b, the destination information LOC (SP) read by the read / write unit 22a, and the session identifier SID _U. Second authentication request information AUTREQ2 = [destination destination information, source destination information, anonymous identifier, session identifier] = [LOC _U (IDXP), LOC (SP), ID _U (AN), SID _U ] is generated (step S215). Thereafter, the processes of steps S16 to S45 described in the first embodiment are executed.

[Modification 3 of the first embodiment]
In the first embodiment, regardless of whether the authentication result AUTR1 at the authentication device 40 is acceptable or not, the authentication device 40 uses the private key SK (IDP) to sign the electronic signature Sign (AUTR1 of the authentication result AUTR1. ) And the first response information RES1 including it is transmitted to the authentication control device 30. However, only when the authentication result AUTR1 in the authentication device 40 is acceptable, the authentication device 40 generates the electronic signature Sign (AUTR1) of the authentication result AUTR1 using the secret key SK (IDP) and includes the first The response information RES1 may be transmitted to the authentication control apparatus 30, and error information may be transmitted to the authentication control apparatus 30 when the authentication result AUTR1 in the authentication apparatus 40 fails. In this case, the authentication control apparatus 30 can confirm whether or not the user authentication has been passed only by verifying whether or not the electronic signature Sign (AUTR1) is valid. Similarly, only when the verification result AUTR2 in the authentication control device 30 is acceptable, the authentication control device 30 generates the electronic signature Sign (AUTR2) of the authentication result AUTR2 using the secret key SK (IDXP), The second response information RES2 may be transmitted to the service providing apparatus 20, and if the verification result AUTR2 in the authentication control apparatus 30 is unacceptable, error information may be transmitted to the service providing apparatus 20. In this case, the service providing apparatus 20 can confirm whether or not the user authentication has been passed only by verifying whether or not the electronic signature Sign (AUTR2) is valid.

[Second Embodiment]
Next, a second embodiment of the present invention will be described. This embodiment is a modification of the first embodiment, in which an authentication device is configured using a server device provided on a network, and each user inputs and outputs information to and from the direct authentication device using a user interface. It is a form that cannot be done. Below, it demonstrates centering around difference with 1st Embodiment, and abbreviate | omits description about the matter which is common in 1st Embodiment.

<Configuration>
FIG. 18 is a block diagram illustrating a functional configuration of the user authentication system 300 according to the second embodiment. FIG. 19 is a block diagram illustrating the functional configuration of the authentication control apparatus 330 illustrated in FIG. 18. FIG. 20 is a block diagram illustrating the functional configuration of the authentication apparatus 340 illustrated in FIG.

  As illustrated in FIG. 18, the user authentication system 300 of the second embodiment replaces the authentication control device 30 of the user authentication system 1 of the first embodiment with an authentication control device 330, and replaces the authentication device 40 with the authentication device 340. It is a replacement. Further, as illustrated in FIG. 19, the authentication control device 330 according to the present embodiment is obtained by changing the data configuration of the second database by replacing the search unit 32b of the authentication control device 30 of the first embodiment with the search unit 332b. It is. The second database of this embodiment includes each anonymous identifier ID (AN) included in the first database, destination information LOC (IDP) of the authentication device associated with each anonymous identifier ID (AN), and each anonymous identifier. An authentication identifier ID (IDP) for each user associated with the ID (AN) is associated with the ID (AN). As illustrated in FIG. 20, in the authentication device 340 of this embodiment, the authentication processing unit 42 b of the authentication device 40 of the first embodiment is replaced with the authentication processing unit 342 b, and an authentication identifier for each user is stored in the storage unit 41. An ID (IDP) and a password PWD are stored in association with each other.

  FIG. 21 is a flowchart for explaining the user authentication method of the second embodiment.

In the user authentication processing of this embodiment, first, the processing of steps S11 to S19 described in the first embodiment is executed, and in step S18, the destination information LOC (SP) of the transmission source of the second authentication request information AUTREQ2 is stored in the storage unit. When it is determined that the element [LOC (SP), LOC (IDP)] of the permission table stored in 31 matches, the read / write unit 32a stores the second authentication request information AUTREQ2 in the storage unit 31. Then, the search unit 332b searches the second database stored in the storage unit 31, and the destination information LOC (IDP) of the authentication device 40 corresponding to the anonymous identifier ID _U (AN) included in the second authentication request information AUTREQ2 An authentication identifier ID (IDP) is extracted (step S320). Hereinafter, the identifier ID (IDP) corresponding to the anonymous identifier ID _U (AN) is expressed as ID _U (IDP). Next, the read / write unit 32a reads the destination information LOC (IDXP) of the authentication control device 30 and the session identifier SID _U included in the second authentication request information AUTREQ2 from the storage unit 31. Then, the authentication request generation unit 32c includes the destination information LOC _U (IDP) and authentication identifier ID (IDP) extracted by the search unit 332b, the destination information LOC (IDXP) read by the read / write unit 32a, the session The third authentication request information AUTREQ3 = [destination destination information, transmission destination information, authentication identifier, session identifier] = [LOC _U (IDP), LOC (IDXP), including the identifier SID _U ID _U (IDP), SID _U ] is generated (step S321). Thereafter, processing similar to steps S23 to S45 of the first embodiment is executed. However, the authentication process performed by the authentication apparatus 340 in step S24 of the present embodiment is performed by the authentication processing unit 342b of the authentication apparatus 340 to which the third authentication request information AUTREQ3 is transmitted, the authentication identifier ID included in the third authentication request information AUTREQ3. _U (IDP) is used to perform authentication processing for a user who uses the user terminal device 10. For example, in step S24, the authentication device 340 causes the user terminal device 10 to transmit information corresponding to the password PWD by zero knowledge proof or the like, and the authentication processing unit 342b includes the authentication identifier ID _U (included in the third authentication request information AUTREQ3. PWD corresponding to (IDP) is extracted from the storage unit 41, and it is verified whether or not the information corresponding to the password PWD transmitted from the user terminal device 10 is correct.

[Modification 1 of Second Embodiment]
Next, Modification 1 of the second embodiment will be described. In the first modification of the second embodiment, the user terminal device performs simple password authentication with the service providing device, and a strong authentication process in the authentication device is executed only when the password authentication is successful. The Thereby, an unauthorized act of an unauthorized user terminal device sending unauthorized information such as a random character string to the authentication device 40 via the service providing device and the authentication control device can be prevented.

  FIG. 22 is a block diagram illustrating a functional configuration of the user terminal device 410 according to Modification 1 of the second embodiment. FIG. 23 is a block diagram illustrating a functional configuration of the service providing apparatus 420 according to the first modification of the second embodiment.

The user authentication system of this modification is obtained by replacing the user terminal device 10 of the user authentication system 1 of the first embodiment with a user terminal device 410 and replacing the service providing device 20 with a service providing device 420. As illustrated in FIG. 22, the user terminal device 410 is obtained by replacing the authentication request generation unit 12b of the service providing device according to the first and second embodiments with an authentication request generation unit 412b. Also,
As illustrated in FIG. 23, the service providing apparatus 420 includes a password associated with each user identifier ID (SP) in the first database and a password authentication unit 422g. This is different from the service providing apparatus according to the first and second embodiments.

  FIG. 24 is a flowchart for explaining a user authentication method according to the first modification of the second embodiment.

In the user authentication process of this modification, first, the user identifier ID (SP) and password PWD of the user who uses the user terminal device 410 are input to the input unit 18 of the user terminal device 410 (FIG. 22), and the read / write unit 12a. Is stored in the storage unit 11. Next, the read / write unit 12a reads from the storage unit 11 the destination information LOC (UT) of the user terminal device 410, the destination information LOC (SP) of the service providing device 420, the password PWD, and the user identifier ID _U (SP). And the session identifier SID _U is read out. Then, the authentication request generator 412b includes the first authentication request information AUTREQ1 = [transmission destination information, transmission destination information, password, user identifier, session identifier] = [LOC (SP), LOC (UT), PWD, ID _U (SP), SID _U ] are generated (step S411). Thereafter, after the processing of steps S12 and S13 described in the first embodiment is executed, the password authentication unit 422g of the service providing apparatus 420 (FIG. 23) searches the first database stored in the storage unit 21, It is determined whether or not the password PWD associated with the user identifier ID _U (SP) included in the first authentication request information AUTREQ1 matches the password PWD included in the first authentication request information AUTREQ1 (step S414). Here, if they do not match, the error information is transmitted from the transmission unit 24 to the user terminal device 410 (step S45). On the other hand, if they match, the processes in steps S14 to S45 described in the first embodiment are executed. Note that the password authentication process in step S414 may be performed using zero knowledge proof, and the first authentication request information AUTREQ1 may not include the password PWD itself.

[Other variations, etc.]
The present invention is not limited to the above-described embodiment. For example, the modification described in the first embodiment may be combined with the second embodiment. In addition, the various processes described above are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. In addition, it goes without saying that the configuration of information transmitted and received between devices and the session management method can be appropriately changed without departing from the spirit of the present invention.

  Further, when the above-described configuration is realized by a computer, processing contents of functions that each device should have are described by a program. The processing functions are realized on the computer by executing the program on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. As the computer-readable recording medium, for example, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.

  The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, the computer reads a program stored in its own recording medium and executes a process according to the read program. As another execution form of the program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer. Each time, the processing according to the received program may be executed sequentially. Also, the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good. Note that the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).

  In this embodiment, the present apparatus is configured by executing a predetermined program on a computer. However, at least a part of these processing contents may be realized by hardware.

  As an application field of the present invention, for example, a single sign-on system used for an online bank, an online shop, or the like can be exemplified.

The sequence diagram for illustrating the processing procedure of the conventional single sign-on. The block diagram which illustrated the functional composition of the user authentication system of a 1st embodiment. The block diagram which illustrated the functional composition of the user terminal unit illustrated in Drawing 2. FIG. 3 is a block diagram illustrating a functional configuration of the service providing apparatus illustrated in FIG. 2. FIG. 3 is a block diagram illustrating a functional configuration of the authentication control apparatus illustrated in FIG. 2. FIG. 3 is a block diagram illustrating a functional configuration of the authentication device illustrated in FIG. 2. The sequence diagram for demonstrating the user authentication method of 1st Embodiment. The flowchart for demonstrating the user authentication method of 1st Embodiment. The flowchart for demonstrating the user authentication method of 1st Embodiment. The flowchart for demonstrating the user authentication method of 1st Embodiment. The flowchart for demonstrating the user authentication method of 1st Embodiment. The block diagram which illustrated the functional composition of the user authentication system in modification 1 of a 1st embodiment. The sequence diagram for demonstrating the user authentication method of the modification 1 of 1st Embodiment. The flowchart for demonstrating the user authentication method of the modification 1 of 1st Embodiment. The flowchart for demonstrating the user authentication method of the modification 1 of 1st Embodiment. The block diagram which illustrated the functional composition of the service providing device in modification 2 of a 1st embodiment. The flowchart for demonstrating the user authentication method of the modification 2 of 1st Embodiment. The block diagram which illustrated the functional composition of the user authentication system of a 2nd embodiment. FIG. 19 is a block diagram illustrating a functional configuration of the authentication control apparatus illustrated in FIG. 18. FIG. 19 is a block diagram illustrating a functional configuration of the authentication device illustrated in FIG. 18. The flowchart for demonstrating the user authentication method of 2nd Embodiment. The block diagram which illustrated the functional composition of the user terminal unit in modification 1 of a 2nd embodiment. The block diagram which illustrated the functional composition of the service providing device in modification 1 of a 2nd embodiment. The flowchart for demonstrating the user authentication method of the modification 1 of 2nd Embodiment.

Explanation of symbols

1,100,300 User authentication system

Claims (10)

(A) a transmitting unit of a user terminal device transmitting first authentication request information including a user identifier of a user who uses the user terminal device to the service providing device;
(B) The search unit of the service providing apparatus searches a first database including each user identifier for identifying each user to be provided with service and each anonymous identifier associated with each user identifier on a one-to-one basis. Extracting an anonymous identifier associated with a user identifier included in the first authentication request information;
(C) a step of transmitting the second authentication request information including the anonymous identifier extracted in step (B) to the authentication control device by the transmission unit of the service providing device;
(D) The search unit of the authentication control device searches the second database including each anonymous identifier included in the first database and destination information of the authentication device associated with each anonymous identifier, and the second database Extracting destination information of the authentication device associated with the anonymous identifier included in the authentication request information;
(E) a step of transmitting third authentication request information to an authentication device whose destination is specified by the destination information extracted in step (D), by a transmission unit of the authentication control device;
(F) an authentication processing unit of the authentication device to which the third authentication request information is transmitted performs an authentication process of a user who uses the user terminal device;
A user authentication method. The user authentication method according to claim 1, comprising:
(G) a step of generating a first electronic signature for information indicating a result of the authentication process performed in step (F) by a signature generation unit of the authentication device;
(H) a transmitting unit of the authentication device transmitting first response information including the first electronic signature generated in the step (G) to the authentication control device;
(I) the signature verification unit of the authentication control device verifies the first electronic signature included in the first response information, and generates a second electronic signature for information indicating the verification result;
(J) a step of transmitting a second response information including the second electronic signature generated in step (I) to the service providing apparatus, wherein the transmitting unit of the authentication control apparatus;
(K) a step of verifying a second electronic signature included in the second response information by a signature verification unit of the service providing apparatus;
A user authentication method further comprising: The user authentication method according to claim 1 or 2,
The authentication control device is a device that denies access from other than the service providing device and the authentication device.
The user authentication method characterized by the above-mentioned. The user authentication method according to any one of claims 1 to 3,
In the step (C), the transmission unit of the service providing device uses the destination information of the authentication control device stored in advance in the storage unit of the service providing device, and sends the second authentication request information to the authentication control device. Is the sending step,
The user authentication method characterized by the above-mentioned. The user authentication method according to any one of claims 1 to 4,
The first database includes each user identifier for identifying each user to be provided with service, each anonymous identifier associated with each user identifier on a one-to-one basis, and a destination of an authentication control apparatus associated with each user identifier. A database containing information,
The step (B) is a step of searching the first database and further extracting destination information of an authentication control device associated with a user identifier included in the first authentication request information,
In the step (C), the transmission unit of the service providing apparatus transmits the second authentication request information to the authentication control apparatus using the destination information of the authentication control apparatus extracted in the step (B). Is,
The user authentication method characterized by the above-mentioned. A user terminal device, a service providing device, an authentication control device, and an authentication device;
The service providing apparatus includes a first storage unit storing a first database including each user identifier for identifying each user to be provided with a service, and each anonymous identifier associated with each user identifier on a one-to-one basis. Including
The authentication control device includes a second storage unit storing a second database including each anonymous identifier included in the first database and destination information of the authentication device associated with each anonymous identifier,
The user terminal device includes a first transmission unit that transmits first authentication request information including a user identifier of a user who uses the user terminal device to the service providing device,
The service providing apparatus searches the first database, extracts a first identifier associated with a user identifier included in the first authentication request information, and anonymity extracted by the first search unit A second transmitter for transmitting second authentication request information including the identifier to the authentication control device,
The authentication control device searches the second database and extracts destination information of the authentication device associated with the anonymous identifier included in the second authentication request information, and the second search unit A third transmitter for transmitting third authentication request information to an authentication device whose destination is specified by the extracted destination information,
The authentication device includes an authentication processing unit that performs authentication processing of a user who uses the user terminal device, triggered by the transmission of the third authentication request information.
A user authentication system. A storage unit storing a database including each user identifier for identifying each user to be provided with service, and each anonymous identifier associated with each user identifier on a one-to-one basis,
A receiving unit for receiving first authentication request information including a user identifier of a user who uses the user terminal device transmitted from the user terminal device;
A search unit that searches the database and extracts an anonymous identifier associated with a user identifier included in the first authentication request information;
A transmission unit that transmits second authentication request information including the anonymous identifier extracted by the search unit to the authentication control device;
A service providing apparatus. A storage unit that stores a database including each anonymous identifier and destination information of an authentication device associated with each anonymous identifier,
A receiving unit for receiving first authentication request information including the anonymous identifier transmitted from the service providing device;
The authentication control device searches the database and extracts destination information of the authentication device associated with the anonymous identifier included in the first authentication request information; and
A transmitting unit that transmits second authentication request information to an authentication device whose destination is specified by the destination information extracted by the search unit;
An authentication control device.   A program for causing a computer to function as the service providing apparatus according to claim 7.   A program for causing a computer to function as the authentication control device according to claim 8.

Images