JP5325061B2 - Key management apparatus and key management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a key management technology having resistance against the fraudulent acquisition of authentication information by spyware while securely managing a user's secret key. <P>SOLUTION: The key management device comprises a key management server device and a secret key management device having a tamper resistant property. The secret key management device manages a user's secret key, and generates an electronic signature (S108). The key management server device determines whether a site of the site identification information of a service providing device received from a terminal device is a fraudulent site (S104). In user authentication (S105), the key management server device transmits temporary authentication information to the terminal device through a second communication means different from a communication means that is usually used in communication with the terminal device, receives response information corresponding to the temporary authentication information from the terminal device through the communication means, compares the received response information with the temporary authentication information when the former corresponds to the latter, and copes with the fraudulent acquisition of authentication information by spyware. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to an encryption key management technique used for user authentication.

  With the advancement of information communication technology in recent years, information that needs to be kept secret is encrypted and exchanged over a network. Such exchange of information via a network can be easily performed at high speed even with a distant person, but there is also a threat that a communication partner impersonates another person. One method for preventing spoofing of a communication partner is an authentication method using an electronic certificate.

  For example, Patent Document 1 discloses a technique for detecting transmission of authentication data for the purpose of impersonation. In the disclosed technique, when a client logs in to an application server, the application server generates a session ID, stores the session ID in association with a common key, and generates encrypted communication data including the session ID. Then, the application server transmits the encrypted communication data as an authentication request to the authentication server using redirection via the client. The authentication server requests the client to input a password. If the password input in response to the request is valid, the authentication server executes an authentication process based on the authentication request. Next, the authentication server returns authentication data including the result of the authentication processing to the application server using redirection via the client. Then, the application server compares the session ID generated when the client logs on with the session ID in the returned authentication data. Based on the comparison result, if the session ID is different, it is determined to be spoofing.

JP 2001-186122 A

  However, in the technique described in Patent Literature 1, the application server generates a signature request message, an encryption function, a function for managing a certificate of the authentication server, and an authentication generated by the authentication server in order to generate an authentication request message. It is necessary to provide a decryption function and signature verification function for data. Therefore, in order to add each of the above functions to an application server that is already in actual use, there is a problem that it is necessary to modify the system at a development cost, and it takes time to introduce the system. In addition, since authentication of the client when using the key is performed with a password, there is a problem that if the user forgets the password, the key cannot be used. Furthermore, when the user has a plurality of different keys for each application, there is a problem that the user's convenience is impaired due to troublesome work that the key must be managed for each application.

  In addition, in order to perform authentication using an electronic certificate, it is necessary for the user to safely manage the private key. However, in the technique described in Patent Document 1, when a terminal device used by a user is infected with spyware, authentication information may be captured and used, and a secret key may be illegally leaked and misused. In addition, there is a possibility that an electronic signature unintended by the user may be circulated. As a method for safely managing the secret key, there is a method for storing the secret key in hardware having tamper resistance. However, this method has a problem that it is necessary to distribute hardware storing a secret key to the user, which is expensive and time consuming.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a key management technique that is resistant to unauthorized acquisition of authentication information by spyware while securely managing a user's private key.

  In order to solve the above problems, the present invention provides a key management device that manages a user's private key, and the service providing device responds to the service providing request from the terminal device used by the user for user authentication. The electronic data to be received and the site identification information of the service providing device are received from the terminal device, the site identification information is used to determine whether the site of the site identification information is an unauthorized site, and it is determined that the site is not an unauthorized site The encryption key generation condition information indicating the generation condition of the encryption key associated with the site identification information is extracted, the secret key associated with the extracted encryption key generation condition information is extracted, and the secret key is extracted. Is used to generate an electronic signature corresponding to the electronic data, and the generated electronic signature is output to a terminal device. In addition, the key management device includes second communication means different from communication means used for transmission / reception of site identification information and electronic signature with the terminal device, and the terminal device or the terminal device via the second communication means. Temporary authentication information is transmitted to the second terminal device used by the user of the user, response information corresponding to the temporary authentication information is received from the terminal device via the communication means, and the received response information is It is characterized by dealing with unauthorized acquisition of authentication information by spyware by comparing whether or not the information corresponds to the temporary authentication information.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to provide the key management technique provided with the tolerance with respect to unauthorized acquisition of the authentication information by spyware, managing a user's private key safely.

It is a figure which shows the outline | summary of the authentication process in this embodiment. It is a figure which shows the outline | summary of the encryption key generation process in this embodiment. It is a figure which shows the structural example of the key management system in this embodiment. It is a figure which shows the internal structural example of each apparatus which comprises a key management system. It is a figure which shows the function example of a key management server apparatus. It is a figure which shows the function example of a secret key management apparatus. It is a figure which shows the function example of a terminal device. It is a figure which shows an example of the site information memorize | stored in the memory | storage part of a key management server apparatus. It is a figure which shows an example of the user information memorize | stored in the memory | storage part of a key management server apparatus. It is a figure which shows an example of the user secret key memorize | stored in the memory | storage part of a secret key management apparatus. It is a figure which shows the flow of a service authentication process. It is a figure which shows the flow of a signature process (1/2). It is a figure which shows the flow of a signature process (2/2). It is a figure which shows the flow of a user authentication process. It is a figure which shows the flow of a user registration process. It is a figure which shows the flow of a certificate issuing process. It is a figure which shows the flow of a key generation process (1/2). It is a figure which shows the flow of a key generation process (2/2). It is a figure which shows the flow of a user information change process. It is a figure which shows the flow of a user information deletion process. It is a figure which shows the flow of a key deletion process (1/2). It is a figure which shows the flow of a key deletion process (2/2).

  Next, a mode for carrying out the present invention (hereinafter referred to as “the present embodiment”) will be described in detail with reference to the drawings as appropriate. First, an overview of authentication processing and an overview of encryption key generation processing in the present embodiment will be described.

≪Outline of authentication process≫
An overview of the authentication process in the present embodiment will be described with reference to FIG. In the authentication process, when a user accesses a service providing apparatus in order to enjoy the service, it is a process of authenticating whether or not the user or a terminal device used by the user is valid. As shown in FIG. 1, the authentication process is executed between the key management device, the terminal device, and the service providing device. The key management device includes a key management server device and a secret key management device. The key management server device transmits and receives information to and from the terminal device used by the user. Further, the secret key management device transmits and receives information to and from the key management server device, and manages the user's secret key. The secret key management device is configured with tamper-resistant hardware. Also, the terminal device transmits and receives information to and from the service providing device that provides a service in response to a service provision request from the terminal device.

  First, in step S101, the terminal device transmits a service providing request to the service providing device. In step S102, the service providing apparatus returns electronic data used for user authentication to the terminal apparatus that has transmitted the service providing request. In step S103, the terminal device transmits site identification information indicating the location of the service providing device on the network and the electronic data to the key management server device.

  In step S104, the key management server device uses the site identification information to determine whether the site of the site identification information is an unauthorized site. If it is determined that the determination result is not an unauthorized site, in step S105, user authentication is executed between the key management server device and the terminal device. Specifically, the key management server device generates temporary authentication information, and the terminal device or the terminal device via a second communication unit different from the communication unit used when receiving the electronic data and the site identification information Temporary authentication information is transmitted to the second terminal device used by the user. Then, the key management server device receives response information corresponding to the temporary authentication information from the terminal device via the communication means, and whether or not the response information is information corresponding to the temporary authentication information. To compare. In the comparison, when the response information is information corresponding to the temporary authentication information, it is determined that the user authentication is successful, and the process proceeds to step S106.

  In step S106, the key management server device extracts a key ID (identification information associated with the secret key) corresponding to the site identification information. In step S107, the key management server device outputs the key ID and the electronic data received in step S103 to the secret key management device. In step S108, the secret key management apparatus extracts a secret key corresponding to the key ID, and generates an electronic signature of the electronic data using the secret key. In step S109, the secret key management apparatus outputs the generated electronic signature to the key management server apparatus. In step S110, the key management server device transmits an electronic signature to the terminal device.

  In step S111, the terminal device transmits the electronic signature, the electronic data, the public key, and the user certificate of the public key authenticated by the authentication device described later to the service providing device. In step S112, the service providing apparatus performs public key verification using the user certificate, performs electronic signature verification using the electronic signature and the user certificate, and performs electronic data, public key, and electronic signature. Is used to verify whether or not tampering has occurred. In step S113, the service providing apparatus transmits the verification result as an authentication message to the terminal apparatus.

  As described above, in the authentication processing flow, the key management device manages the secret key in a tamper-resistant hardware so that the user can be identified. Therefore, the secret key is managed by the user while securely managing the secret key of the user. Can be substituted. Further, the key management apparatus can execute authentication processing only for a legitimate site and cope with unauthorized acquisition of authentication information by spyware in user authentication (step S105).

≪Overview of encryption key generation process≫
An outline of the encryption key generation process in this embodiment will be described with reference to FIG. The encryption key generation process is a process for generating an encryption key (hereinafter also simply referred to as a key) and accessing an authentication device provided in the certificate authority to create an electronic certificate corresponding to the generated public key. is there. The encryption key generation process is executed between the key management device, the terminal device, and the authentication device as shown in FIG. The key management device, the key management server device, the secret key management device, and the terminal device are the same as those in FIG. Note that the authentication device issues a certificate in response to a certificate issuance application request from the terminal device.

  First, in step S201, the terminal device transmits a certificate issuance application request to the authentication device in order to apply for issuance of a user certificate corresponding to the public key. In step S202, the authentication apparatus returns electronic data (including an encryption key generation algorithm and a key length) used for issuing a certificate. In step S203, the terminal device transmits site identification information and electronic data to the key management server device.

  In step S204, as in step S104, the key management server device uses the site identification information to determine whether the site of the site identification information is an unauthorized site. If it is determined that the determination result is not an unauthorized site, in step S205, user authentication is executed between the key management server device and the terminal device, as in step S105. If the user authentication is successful, the process proceeds to step S206.

  In step S206, the key management server device outputs electronic data used for certificate issuance to the secret key management device. In step S207, the secret key management device generates a secret key and a public key corresponding to the secret key, generates a key ID, and stores the key ID and the secret key in association with each other. In step S208, the secret key management device outputs the key ID and the public key to the key management server device. In step S209, the key management server device transmits the public key to the terminal device.

  In step S210, the terminal device generates signature target data by combining the application request data to the authentication device and the public key. In step S211, processing similar to that in steps S103 to S110 is executed among the terminal device, the key management server device, and the secret key management device, and the terminal device receives the electronic signature.

  In step S212, the terminal device generates application data using the signature target data and the electronic signature. In step S213, the terminal device transmits application data to the authentication device. In step S214, the authentication device verifies the electronic signature using the public key included in the application data. If it is determined that there is no fraud in the verification result, in step S215, the authentication device transmits a user certificate to the terminal device.

  As described above, in the flow of the encryption key generation process, the secret key is generated by a hardware secret key management device having tamper resistance and is managed so as to be able to identify the user, so that the user does not need to manage the secret key. . In addition, authentication processing is executed only in the case of a legitimate site, and it is possible to cope with unauthorized acquisition of authentication information by spyware in user authentication (steps S205 and S211).

≪Configuration of key management system≫
Next, the configuration of the key management system 300 will be described with reference to FIG. The key management system 300 is configured by connecting a key management device 310, a service providing device 320, an authentication device 330, a terminal device 700, and a second terminal device 800 to a network 340. The key management apparatus 310 includes a key management server apparatus 500 and a secret key management apparatus 600 having tamper resistance. The key management server device 500 transmits / receives information to / from the terminal device 700 used by the user via the network 340. The secret key management apparatus 600 generates an electronic signature and an encryption key based on information acquired from the key management server apparatus 500, and manages the secret key. The terminal device 700 is, for example, a PC (Personal Computer) or the like, and is operated by a user. The second terminal device (such as a mobile phone) 800 is another communication means (second communication means) owned by the user of the terminal device 700. The service providing device 320 provides a service corresponding to the service providing request from the terminal device 700 via the network 340. When the service providing device 320 receives the service providing request, the service providing device 320 returns electronic data used for user authentication to the terminal device 700. The authentication device 330 is installed in a certificate authority and issues a certificate in response to a certificate issuance application request from the terminal device 700 via the network 340. When the authentication device 330 receives the certificate issuance application request, the authentication device 330 returns electronic data (such as an encryption key generation algorithm and key length) used for issuing the certificate to the terminal device 700.

  In FIG. 3, only one key management device 310, service providing device 320, authentication device 330, key management server device 500, secret key management device 600, terminal device 700, and second terminal device 800 are provided. Although not described, two or more units may be used. When the terminal device 700 includes a communication unit using TCP / IP (Transmission Control Protocol / Internet Protocol) and another communication method such as e-mail as a second communication unit different from the communication unit. The second terminal device 800 may not be provided.

  The internal configurations of the key management device 310, the service providing device 320, the authentication device 330, the key management server device 500, the secret key management device 600, and the terminal device 700 will be described with reference to FIG. 4 (see FIG. 3 as appropriate). Each of the devices includes a CPU (Central Processing Unit) 410, a memory 420 as a main storage device, an HDD (Hard Disk Drive) 430 as an external storage device, a NIC (Network Interface Card) for connecting to a network, and the like. Communication I / F (Interface) 450, an output I / F 460 for connecting an output device such as a display, an input I / F 470 for connecting an input device such as a keyboard and a mouse, a DVD (Digital Versatile Disk), a CD ( It can be realized by a general computer provided with a reading device 480 that reads and writes information from and to a portable storage medium such as a compact disk.

  For example, the CPU 410 can implement the functions of each device by loading a predetermined program stored in the HDD 430 into the memory 420 and executing the program by the CPU 410. The predetermined program is downloaded to the HDD 430 from a storage medium via the reading device 480 or from the network 340 via the communication I / F 450, and then loaded onto the memory 420 and executed by the CPU 410. You may make it do. Alternatively, the program may be directly loaded on the memory 420 from the storage medium via the reading device 480 or from the network 340 via the communication I / F 450 and executed by the CPU 410.

  The tamper detection device 440 shown in FIG. 4 is provided in the secret key management device 600. The tamper detection device 440 detects a fraudulent operation when the secret key management device 600 is physically improperly operated, such as prying open, erases the user's secret key, and Prevent key leakage.

  The second terminal apparatus 800 has the same internal configuration as the terminal apparatus 700 when it is a PC. Further, when the second terminal device 800 is a mobile phone, it is only necessary to be able to use e-mail, and it is only necessary to have a known internal configuration.

≪Key management server function≫
The function of the key management server device 500 will be described with reference to FIG. 5 (see FIG. 3 as appropriate). As illustrated in FIG. 5, the key management server device 500 includes a control unit 510, a storage unit 520, an input unit 530, an output unit 540, and a communication unit 550. The control unit 510 corresponds to the CPU 410 and the memory 420 shown in FIG. 4, the storage unit 520 corresponds to the HDD 430 shown in FIG. 4, the input unit 530 corresponds to the input I / F 470 shown in FIG. 4, and the output unit 540. Corresponds to the output I / F 460 shown in FIG. 4, and the communication unit 550 corresponds to the communication I / F 450 shown in FIG.

  The control unit 510 includes an overall control unit 511, a key management service providing unit 512, and a site information management unit 513.

  The overall control unit 511 controls the overall processing of the key management server device 500. For example, the overall control unit 511 executes processing such as file management, process management, and device management.

  The key management service providing unit 512 provides a user secret key management service via the network 340. For example, the management service is described as being configured by a Web server program and a Web application program, but is not limited to the Web form, and may be configured by a dedicated application. Also, the key management service providing unit 512 executes encryption processing necessary for performing SSL (Secure Socket Layer) communication or TLS (Transport Layer Security) communication, and management of keys and certificates.

  Note that the key management service providing unit 512 transmits authentication information to the terminal device 700 via the second communication unit 553 using a communication unit or protocol different from the Web during user authentication. . For example, a case where an electronic mail is used as another communication means or protocol will be described, but a dedicated application may be used in addition to the electronic mail. When electronic mail is used, the key management service providing unit 512 executes authentication processing with the mail server and encryption processing necessary for performing S / MIME (Secure Multipurpose Internet Mail Extensions) communication.

  The site information management unit 513 includes a site determination unit 5131 and a key ID extraction unit 5132. When the site determination unit 5131 receives an electronic signature generation request from the terminal device 700, the site determination unit 5131 executes processing for confirming that the service providing device 320 to which the user intends to present an electronic signature is not an unauthorized site. The key ID extraction unit 5132 executes processing for extracting a key ID associated with the secret key using the site identification information in order to select a secret key suitable for the service providing apparatus 320. In addition, the site information management unit 513 executes processing for receiving a determination condition set by the operator of the key management server apparatus 500 for determining whether the site is an unauthorized site and a key selection condition suitable for each service. .

  The storage unit 520 includes a server certificate 521, a server secret key 522, site information 523, user information 524, and management authentication information 525. The server certificate 521 stores a server certificate necessary for SSL or TLS and all certificate authority certificates that are higher than the server certificate. The server private key 522 stores a private key corresponding to the public key of the server certificate stored in the server certificate 521.

  The site information 523 stores information related to a determination condition for determining whether or not an unauthorized site is used by the site information management unit 513 and information related to a selection condition of a key suitable for each service.

  The user information 524 includes, for each user of the service provided by the key management server device 500, a user ID for identifying the user, attribute information of the user, all key IDs usable by the user, and the user Signature generation request information sent by the user including the session ID generated for each access, the signature target data and the URI (Uniform Resource Identifier) of the service providing device 320, and temporary authentication necessary for user authentication of the user Information and information specifying the access authority of the user for each service are stored.

  The management authentication information 525 stores management authentication information used when accessing the secret key stored in the secret key management apparatus 600. The management authentication information is the same management authentication information stored in the secret key management apparatus 600. Note that the management authentication information is an access authority given to access from the operator of the key management server device 500 and the key management service providing unit 512. For example, the access information by the overall control unit 511 It is stored in a protected form by control or general cryptographic software.

  The input unit 530 receives input of information. The output unit 540 outputs information. In addition, the transmission unit 551 of the communication unit 550 executes transmission of information via the network 340, and the reception unit 552 of the communication unit 550 executes reception of information via the network 340. Note that the second communication unit 553 transmits and receives information using a communication method different from that of the transmission unit 551 and the reception unit 552 of the communication unit 550. In the present embodiment, it is assumed that the transmission unit 551 and the reception unit 552 of the communication unit 550 perform communication using the Web method, whereas the second communication unit 553 performs communication using electronic mail.

≪Function of private key management device≫
The function of the secret key management apparatus 600 will be described with reference to FIG. 6 (see FIG. 3 as appropriate). As illustrated in FIG. 6, the secret key management apparatus 600 includes a control unit 610, a storage unit 620, an input unit 630, an output unit 640, and a communication unit 650. The control unit 610 corresponds to the CPU 410 and the memory 420 shown in FIG. 4, the storage unit 620 corresponds to the HDD 430 shown in FIG. 4, the input unit 630 corresponds to the input I / F 470 shown in FIG. Corresponds to the output I / F 460 shown in FIG. 4, and the communication unit 650 corresponds to the communication I / F 450 shown in FIG.

  The control unit 610 includes an overall control unit 611, a key management unit 612, and a tamper detection processing unit 613. The tamper detection processing unit 613 corresponds to the tamper detection device 440 shown in FIG.

  The overall control unit 611 controls the overall processing of the secret key management apparatus 600. For example, processing such as file management, process management, and device management is executed.

  The key management unit 612 includes a signature generation unit 6121, a key generation unit 6122, a key ID generation unit 6123, and a secret key extraction unit 6124. The key management unit 612 receives an encryption processing request that requires the user's private key from the key management server device 500, performs authentication of the request source, confirms access authority to the private key, manages key deletion, etc. And the execution result is returned to the key management server apparatus 500. In addition, the signature generation unit 6121 generates an electronic signature. The key generation unit 6122 generates an encryption key (a set of a secret key and a public key corresponding to the secret key). The key ID generation unit 6123 generates a key ID for identifying the generated encryption key, and stores the key ID and the encryption key in the user secret key 621 in association with each other. The secret key extraction unit 6124 extracts the secret key stored in the user secret key 621 using the key ID.

  The tamper detection processing unit 613 detects the illegal operation when the secret key management device 600 is physically illegally operated such as opening the secret key, and stores the secret stored in the user secret key 621. Erase the key to prevent leakage of the private key.

  The storage unit 620 includes a user secret key 621 and management authentication information 622. The user secret key 621 stores a plurality of user secret keys and a key ID that identifies the secret key. The management authentication information 622 stores authentication information for management for accessing the secret key of the user secret key 621.

  The input unit 630 receives information input. The output unit 640 outputs information. In addition, the communication unit 650 transmits and receives information to and from the key management server device 500.

≪Terminal device functions≫
The function of the terminal device 700 will be described with reference to FIG. 7 (see FIG. 3 as appropriate). As illustrated in FIG. 7, the terminal device 700 includes a control unit 710, a storage unit 720, an input unit 730, an output unit 740, and a communication unit 750. Note that the control unit 710 corresponds to the CPU 410 and the memory 420 shown in FIG. 4, the storage unit 720 corresponds to the HDD 430 shown in FIG. 4, the input unit 730 corresponds to the input I / F 470 shown in FIG. Corresponds to the output I / F 460 shown in FIG. 4, and the communication unit 750 corresponds to the communication I / F 450 shown in FIG.

  The control unit 710 includes an overall control unit 711, a service use unit 712, and an authentication unit 713.

  The overall control unit 711 controls the overall processing of the terminal device 700. For example, processing such as file management, process management, and device management is executed.

  The service using unit 712 executes processing for receiving service provision from the service providing apparatus 320 via the network 340. For example, the service is described as being provided on the Web, but the service need not be limited to the Web form. The service using unit 712 performs processing using a Web browser, downloads an HTML (HyperText Markup Language) file, an image file, a music file, etc. released to a Web server on the network 340, analyzes the layout, and displays or displays it. It is possible to perform reproduction, etc., and it is also possible for the user to transmit data to a Web server using a form, or to run a program described in Java (registered trademark) or the like. Further, the service using unit 712 executes encryption processing necessary for performing SSL or TLS communication and management of keys and certificates.

  In addition, the service using unit 712 receives authentication information from the key management server device 500 via the second communication unit 751 by using a communication means or protocol different from the Web during user authentication. To do. For example, a case where an electronic mail is used as another communication means or protocol will be described, but a dedicated application may be used in addition to the electronic mail. When using e-mail, the service using unit 712 performs processing using a mailer, downloads e-mail addressed to the user's account stored in the mail server on the network 340, and displays it. Further, the service using unit 712 executes authentication processing with a mail server, encryption processing necessary for performing S / MIME (Secure Multipurpose Internet Mail Extensions) communication, management of keys and user certificates.

  The authentication unit 713 receives a cryptographic processing request that requires the user's private key from the service utilization unit 712, receives the processing result from the key management server device 500, and transmits the processing result to the processing request source.

  The storage unit 720 includes a user certificate 721 and key management service information 722. The user certificate 721 stores a user certificate necessary for using the service provided by the service providing apparatus 320 and all certificate authority certificates corresponding to the user certificate. Note that the user certificate is issued by the authentication device 330. The key management service information 722 stores information used in the key management service provided by the key management server device 500. For example, information specifying the user's access such as a user ID for identifying the user and a session ID generated for each access from the user is stored.

  The input unit 730 receives information input. The output unit 740 outputs information. The communication unit 750 transmits and receives information via the network 340. Note that the second communication unit 751 transmits and receives information using a communication method different from that of the communication unit 750. In the present embodiment, the communication unit 750 performs communication using the Web method, whereas the second communication unit 751 performs communication using electronic mail.

≪Service providing device functions≫
Although the function of the service providing apparatus 320 is not illustrated, it will be briefly described. The service providing device 320 provides a service corresponding to the service providing request from the terminal device 700 via the network 340. For example, the description will be made assuming that the program is composed of a web server program and a web application program, but a dedicated application may be used. Further, the service providing device 320 returns electronic data used for user authentication to the terminal device that has transmitted the service providing request, verifies the electronic signature, the user certificate, and the like transmitted from the terminal device, The access right of the user specified by the user ID for identifying the user or the attribute information of the user is authorized.

≪Authentication device function≫
Although the function of the authentication device 330 is not shown, it will be described briefly. The authentication device 330 associates, for example, a user's identification name (user ID) and the public key owned by the user with respect to a certain user, and applies a digital signature to the associated information using the authentication device private key. Process to issue a certificate (public key certificate). Further, the authentication device 330 manages the user certificate issued by itself, and the authentication device 330 includes a list of information on the revoked user certificate (public key certificate) regarding the user certificate (public key certificate). It also generates certificate revocation information with an electronic signature using a private key. In the present embodiment, it is assumed that the authentication device 330 issues a certificate authority certificate that is a root certificate and a user certificate. In the present embodiment, the description will be made with two layers of a root certificate and a user certificate, but the authentication hierarchical structure may be three or more layers.

  Further, the authentication device 330 transmits certificate revocation information in response to a request for verifying the public key certificate. For example, in the present embodiment, description will be made assuming that the authentication device 330 also has a function of an LDAP (Lightweight Directory Access Protocol) server and the certificate revocation information is a certificate revocation list (CRL). However, the authentication apparatus 330 is not limited to such a mode, and processing such as an online certificate status protocol (OCSP) that accepts a request for certificate validity confirmation and returns a response in response to the request. May be performed.

≪Example of site information≫
Here, an example of the site information 523 in the storage unit 520 of the key management server device 500 illustrated in FIG. 5 will be described with reference to FIG. 8 (see FIG. 5 as appropriate).

  The site information 523 shown in FIG. 8 is set in advance by the operator of the key management server device 500 via the site information management unit 513. The unauthorized site information 810 stores site identification information of unauthorized sites. The legitimate site information 820 stores site identification information of legitimate sites. The unauthorized site information 810 or the authorized site information 820 is referred to in step S104 (unauthorized site determination) shown in FIG. 1 to confirm that the service providing apparatus 320 is not an unauthorized site. In this fraudulent site determination, a setting for determining whether a site registered in the fraudulent site information 810 is a fraudulent site or a site other than a site registered in the legitimate site information 820 is also determined as a fraudulent site. It is assumed that it is set by the operator via the site information management unit 513. The unauthorized site information 810 and the legitimate site information 820 are referred to as site determination information in the claims.

  The site key condition correspondence information 830 stores site identification information, algorithm type, key length, and certification authority name supported by the service providing apparatus 320 in association with each other. Then, the key ID extraction unit 5132 refers to the site key condition correspondence information 830 in step S106 (key ID extraction corresponding to the site identification information) shown in FIG. If it exists in 830, encryption key generation condition information relating to conditions such as the algorithm type, key length, and certificate authority name of the existing line is extracted.

≪Example of user information≫
Next, an example of the user information 524 in the storage unit 520 of the key management server apparatus 500 illustrated in FIG. 5 will be described with reference to FIG. 9 (see FIG. 5 as appropriate). The user information 524 stores key selection information 910 that associates a user ID, key ID, algorithm type, key length, certification authority name, usage priority, and the like. When the encryption key generation condition information is extracted, the key ID extraction unit 5132 refers to the key selection information 910 and extracts it in step S106 (extraction of the key ID corresponding to the site identification information) shown in FIG. The key ID satisfying the condition matching the encryption key generation condition information is extracted. If the user ID is acquired in addition to the encryption key generation condition information, the key ID extraction unit 5132 refers to the key selection information 910 using the user ID and the encryption key generation condition information, and A key ID that satisfies the ID and encryption key generation condition information is extracted.

≪Example of user secret key≫
Next, an example of the user secret key 621 in the storage unit 620 of the secret key management apparatus 600 shown in FIG. 6 will be described with reference to FIG. 10 (see FIG. 6 as appropriate). The user secret key 621 stores secret key information 1000 that associates a key ID with a secret key. The secret key extraction unit 6124 extracts the secret key by referring to the secret key information 1000 using the key ID extracted by the key ID extraction unit 5132.

≪Service authentication process flow≫
Next, the flow of service authentication processing will be described with reference to FIG. 11 (see FIGS. 3 and 7 as appropriate). The flow of the service authentication process shown in FIG. 11 represents the flow of the authentication process shown in FIG. 1 in another format. It is assumed that the service provided by the service providing device 320 and the service provided by the key management server device 500 have security such as encryption by SSL or TLS communication.

  First, in step S1010, the service use unit 712 of the terminal device 700 inputs a URL (Uniform Resource Locator) for use of the service provided by the service providing device 320, which is input by the user via the input unit 730. And an access request (service provision request) is transmitted to the service providing apparatus 320 via the communication unit 750. In step S <b> 1020, service providing apparatus 320 receives an access request (service providing request) from terminal apparatus 700.

  In step S1030, the service providing apparatus 320 returns an authentication (signature) request necessary for user authentication to the terminal apparatus 700. The authentication (signature) request includes signature target data (electronic data) such as a random number newly generated for each authentication. The signature target data is, for example, a handshake message transmitted from the server when SSL or TLS client authentication is performed. In step S 1040, the service using unit 712 of the terminal device 700 receives authentication (signature) request data from the service providing device 320 via the communication unit 750.

  In step S1050, the terminal device 700 uses the received authentication (signature) request data to perform a series of processing from a signature request to a signature response with the key management server device 500 (signature processing in FIGS. 12 and 13). Execute.

  In step S1060, the service utilization unit 712 of the terminal device 700 uses the signature response acquired in step S1050 as an authentication (signature) response, and transmits the authentication (signature) response to the service providing device 320 via the communication unit 750. In step S1070, the service providing apparatus 320 receives the authentication (signature) response transmitted by the terminal apparatus 700. The authentication (signature) response includes an electronic signature signed with the user's private key and a user certificate.

  In step S1080, the service providing apparatus 320 performs verification using the received authentication (signature) response. Specifically, the service providing apparatus 320 verifies the electronic signature included in the authentication (signature) response using the user certificate, and obtains the user certificate in accordance with the general PKI (Public Key Infrastructure) specifications. Verifying and authorizing the user.

  In step S1090, the service providing apparatus 320 generates an authentication message after verification according to the verification result in step S1080, and transmits the authentication message to the terminal apparatus 700. In step S <b> 1100, the service utilization unit 712 of the terminal device 700 receives the authentication message via the communication unit 750 and outputs the received authentication message to the output unit 740.

≪Signing process flow≫
Next, the signature processing flow executed in step S1050 of FIG. 11 will be described with reference to FIGS. 12 and 13 (see FIGS. 3 and 5 to 9 as appropriate).

  First, in step S2010, the authentication unit 713 of the terminal device 700 acquires the authentication request source information received by the service using unit 712. The authentication request source information is the site identification information (the service URI of the service providing apparatus 320) included in the authentication (signature) request in step S1040. In addition to the site identification information, the authentication request source information includes, for example, the title of the received service window, a parameter indicating user attribute information included in the received HTML data, and the user input in the inquiry from the service providing apparatus 320 side. ID and account number. In particular, the user ID and account number can be used for key selection in Internet banking or the like.

  In step S2020, the authentication unit 713 of the terminal device 700 transmits a signature request to the key management server device 500 via the service use unit 712. The signature request includes the signature target data included in the authentication (signature) request data received in step S1040, the site identification information of the authentication request source information acquired in step S2010, and the IP address of the terminal device 700. Further, when the user ID is already stored in the key management service information 722, the signature request includes the user ID. In step S2030, the key management service providing unit 512 of the key management server device 500 receives the signature request via the receiving unit 552 of the communication unit 550.

  In step S2040, the site determination unit 5131 of the site information management unit 513 of the key management server device 500 refers to the unauthorized site information 810 of the site information 523 using the site identification information of the received authentication request source information, and performs an authentication request. Determine if the original site is an unauthorized site. If the authentication request source site is an unauthorized site (“illegal” in step S2040), the site determination unit 5131 transmits a signature rejection message for rejecting the signature request to the terminal device 700. In step S2041, the terminal device 700 The authentication unit 713 receives the signature rejection message and outputs the content of the signature rejection message to the output unit 740. In the present embodiment, the processing ends when this step S2041 is reached.

  If the authentication request source site is not an unauthorized site (“not unauthorized” in step S2040), in step S2050, the key management service providing unit 512 of the key management server device 500 responds to the signature request received in step S2030. Session ID is generated, and the session ID is associated with the signature target data included in the signature request, the site identification information of the authentication request source information, and the user ID (if present in the signature request). Store in user information 524.

  In step S2060, the key management service providing unit 512 of the key management server device 500 checks whether the user ID exists in the signature request received in step S2030. If the user ID exists (“exists” in step S2060), the user ID is assumed to be used after this step, and the process advances to S2120 in FIG. If the user ID does not exist (“does not exist” in step S2060), it is necessary to specify the user ID when using the key management service, and the process advances to step S2070.

  In step S2070, the key management service providing unit 512 of the key management server device 500 transmits to the terminal device 700 a user ID request indicating input screen information that prompts the user to specify a user ID. At this time, the session ID generated in step S2050 is also transmitted. In step S2080, the authentication unit 713 of the terminal device 700 acquires the user ID request via the service use unit 712, and outputs the user ID input screen information to the output unit 740. Further, the authentication unit 713 stores the received session ID in the key management service information 722.

  In step S2090, the authentication unit 713 of the terminal device 700 receives an input of a user ID using the input screen via the input unit 730. In step S2100, the authentication unit 713 of the terminal device 700 transmits the user ID input in step S2090 and the session ID stored in step S2080 to the key management server device 500 via the service use unit 712. In step S2110, the key management service providing unit 512 of the key management server device 500 receives the received user ID and session ID via the communication unit 550.

  In step S2120 illustrated in FIG. 13, the key management service providing unit 512 of the key management server device 500 performs user authentication (user authentication processing in FIG. 14) based on the identified user ID. Details will be described later. Here, assuming that the user authentication is successful, the process proceeds to step S2130.

  In step S2130, the key ID extraction unit 5132 of the site information management unit 513 of the key management server device 500 is suitable for the site of the authentication request source based on the site identification information of the authentication request source information received in step S2030. Select the key. Specifically, first, the site identification information of the authentication request source site is referenced with reference to the site key condition correspondence information 830 shown in FIG. 8 using the site identification information of the authentication request source information stored in step S2050 as a search key. Check if is registered. If the site identification information of the site of the authentication request source exists in the site key condition correspondence information 830, an encryption key generation indicating an encryption key generation condition such as the algorithm type, key length, and certificate authority name of the existing line Extract condition information. Subsequently, the user ID and / or encryption key generation condition information shown in FIG. 9 is referred to using the user ID and / or encryption key generation condition information specified in step S2060 or step S2110 as a search key, and the user ID and / or encryption key generation condition information is referred to. Get all key ID candidates associated with.

  Here, if the number of key ID candidates can be narrowed down to one (“one candidate” in step S2130), the key ID is assumed to be used thereafter, and the process proceeds to step S2190. If there are a plurality of key ID candidates (“multiple candidates” in step S2130), a key ID list of candidate keys is acquired, and the process proceeds to step S2140. If the site identification information of the authentication request source site does not exist in the site key condition correspondence information 830, the key selection information 910 is searched using the user ID as a search key and associated with the user ID. A list of all existing key IDs is acquired, and the process proceeds to step S2140.

  If there is no key ID that meets the conditions (“cannot be selected” in step S2130), it is determined that there is no usable key, a signature rejection message is transmitted to the terminal device 700, and the process proceeds to step S2131. In step S 2131, the authentication unit 713 of the terminal device 700 receives the signature rejection message and outputs the content of the signature rejection message to the output unit 740. In the present embodiment, the processing ends when this step S2131 is reached.

  In step S2140, the key management service providing unit 512 of the key management server device 500 uses the input screen information prompting the user to select one key ID from the list of key IDs acquired in step S2130 as a key ID request, To device 700. In step S2150, the authentication unit 713 of the terminal device 700 receives the key ID request and outputs a key ID input screen to the output unit 740. In step S2060, the authentication unit 713 of the terminal device 700 receives an input of one key ID via the input unit 730.

  In step S2170, the authentication unit 713 of the terminal device 700 transmits the key ID received in step S2160 to the key management server device 500. The session ID stored in step S2080 is also transmitted. In step S2180, the key management service providing unit 512 of the key management server device 500 receives the key ID and the session ID via the communication unit 550.

  In step S2190, the key management service providing unit 512 of the key management server apparatus 500 transmits a signature generation request for generating an electronic signature for the data to be signed to the secret key management apparatus 600. The signature generation request includes the key ID, signature target data, and management authentication information stored in the management authentication information 525. Note that the signature target data is acquired in step S2050 in association with the session ID. In step S <b> 2200, the key management unit 612 of the secret key management apparatus 600 receives a signature generation request via the communication unit 650.

  In step S2210, an electronic signature for the signature target data received in step S2200 is generated. As the procedure, the key management unit 612 of the secret key management apparatus 600 accesses the key by comparing the management authentication information received in step S2200 with the management authentication information stored in the management authentication information 622. Authenticate if you have rights. If the authentication is successful, the secret key extraction unit 6124 refers to the secret key information 1000 using the key ID received in step S2200, and extracts the secret key associated with the key ID. Next, the signature generation unit 6121 generates an electronic signature for the signature target data received in step S2200, using the extracted secret key. If access right authentication is not successful, it is assumed that signature generation has failed.

  In step S2220, the key management unit 612 of the secret key management apparatus 600 transmits the signature (electronic signature) generated in step S2210 or a message indicating that signature generation has failed to the key management server apparatus 500. When transmitting the signature, the user ID is also transmitted. In step S2230, the key management service providing unit 512 of the key management server apparatus 500 receives a message indicating a signature or signature generation failure. When the user ID is also received, the user ID is stored in the user information 524.

  In step S2240, the key management service providing unit 512 of the key management server device 500 transmits the signature (electronic signature) received in step S2230 or a message indicating that signature generation has failed to the terminal device 700 as a signature response. . In step S2250, the key management service providing unit 512 of the key management server device 500 stores the session ID stored in step S2050, signature target data associated with the session ID, authentication request source information, and user ID (signature). In the request) is deleted from the user information 524. In step S2260, authentication unit 713 of terminal device 700 receives the signature (electronic signature) transmitted in step S2240 or a message indicating that signature generation has failed. The authentication unit 713 of the terminal device 700 proceeds to the next step when receiving a signature (electronic signature), and outputs the content of the message when receiving a message that the signature generation has failed. The data is output to the unit 740, and the process ends.

≪User authentication process flow≫
Next, the flow of user authentication processing will be described with reference to FIG. 14 (see FIGS. 3, 5 and 7 as appropriate). It is assumed that the key management service information 722 of the terminal device 700 stores a session ID that identifies the process among the steps executed before this process.

  In step S3010, the key management service providing unit 512 of the key management server device 500 generates temporary authentication information corresponding to the user ID already specified. In the present embodiment, the temporary authentication information is, for example, a one-time password. The temporary authentication information is stored in the user information 524 in association with the already specified session ID and the temporary authentication information.

  In step S3020, the key management service providing unit 512 of the key management server device 500 transmits an authentication information request indicating input screen information prompting the terminal device 700 to input response information corresponding to temporary authentication information. Subsequently, in step S3030, the key management service providing unit 512 of the key management server device 500 transmits the temporary authentication information or information for deriving the temporary authentication information to the terminal device 700 or the second terminal device. To 800. Note that it is assumed that the user selects in advance whether to transmit to either the terminal device 700 or the second terminal device 800 and what communication means to transmit.

  The communication means here is assumed to be a communication means different from the method used for communication between the terminal device 700 and the key management server device 500 until the previous step. In the present embodiment, there are a case where an e-mail is transmitted via the second communication unit 751 of the terminal device 700 and a case where an e-mail is transmitted to the second terminal device 800. When transmitting temporary authentication information to the terminal device 700 by e-mail, the temporary authentication information is transmitted in a form that is difficult for a program inside the computer to automatically identify. For example, a method of transmitting image data by distorting the shape of characters used in temporary authentication information, a representation of characters used in temporary authentication information in a tabular format, and temporary authentication information from the table A method of transmitting a question to be derived as a set, or a method of transmitting a question sentence for an answer that can be relatively easily and uniquely derived by a user, such as “1 + 1 answer”.

  In step S3040, authentication unit 713 of terminal device 700 receives the authentication information request transmitted in step S3020, and outputs a temporary authentication information input screen to output unit 540. In step S3050, authentication unit 713 of terminal device 700 receives temporary authentication information or information for deriving the temporary authentication information, and outputs the content of the information to output unit 740. Alternatively, in step S3051, second terminal apparatus 800 receives temporary authentication information or information for deriving the temporary authentication information, and outputs the content of the information to a display device (not shown).

  In step S3060, the authentication unit 713 of the terminal device 700 responds to the temporary authentication information received in step S3050 or S3051 or the information for deriving temporary authentication information by the user. The input of response information corresponding to temporary authentication information input via the input unit 730 is accepted.

  In step S3070, the authentication unit 713 of the terminal device 700 transmits the response information input in step S3060 to the key management server device 500. The stored session ID is also transmitted. In step S3080, the key management service providing unit 512 of the key management server device 500 receives the response information and the session ID transmitted in step S3070.

  In step S3090, the key management service providing unit 512 of the key management server device 500, based on the session ID received in step S3080, the response information received in step S3080 corresponds to the temporary authentication information in step S3010. Verify whether it is information. If the verification is successful (“success” in step S3090), the IP address of the terminal device 700 is stored as the access history in the user information 524 in association with the user ID. If the verification fails (“failure” in step S3090), a message indicating that the verification has failed is generated and transmitted to the terminal device 700 as a verification failure message, and the process proceeds to step S3091. In step S3091, the authentication unit 713 of the terminal device 700 receives the verification failure message and outputs the content of the verification failure message to the output unit 740. In the present embodiment, the process ends when the process reaches step S3091.

  As described above, the key management apparatus 310 (see FIG. 3) manages the secret key by using the user ID for identifying the user and the key ID associated with the site identification information by performing the procedures of FIGS. Therefore, management of the secret key by the user can be performed while safely managing the secret key of the user. Therefore, it is unnecessary to distribute hardware for key management to the user, and an authentication mechanism having PKI level security can be provided. Further, the key management apparatus 310 can execute user authentication processing only in the case of a legitimate site, and cope with unauthorized acquisition of authentication information by spyware by user authentication (step S2120). Further, if the service provider side uses an existing authentication mechanism such as SSL or TLS, it is not necessary to modify the service providing apparatus.

≪User registration process flow≫
Next, the flow of user registration processing for registering user information will be described with reference to FIG. 15 (see FIGS. 3, 5 and 7 as appropriate).

  In step S4010, the service using unit 712 of the terminal device 700 receives an input of a URL for using the user registration service provided by the key management server device 500 via the input unit 730, and receives the input via the communication unit 750. Then, a user registration request is transmitted to the key management server device 500. In step S4020, the key management service providing unit 512 of the key management server device 500 receives the user registration request transmitted by the terminal device 700.

  In step S4030, the key management service providing unit 512 of the key management server device 500 transmits a user information request indicating input screen information for prompting input of user information necessary for using the key management service to the terminal device 700. At this time, the key management service providing unit 512 generates a session ID, stores it in the user information 524, and transmits the generated session ID to the terminal device 700 together with a user information request. In step S4040, the service utilization unit 712 of the terminal device 700 receives the user information request transmitted in step S4030, and outputs the content of the user information request to the output unit 740. Also, the service using unit 712 stores the received session ID in the key management service information 722.

  In step S4050, the service use unit 712 of the terminal device 700 receives input of user information necessary for using the key management service via the input unit 730. In this embodiment, as user information to be input, in addition to information such as the user's name, address, and telephone number, the user ID when the user uses the key management service (when assigned on the key management server device 500 side) Unnecessary), information on billing when using a key management service such as a credit card number, temporary authentication information notification means (for example, e-mail, etc.), and temporary authentication information notification destination (for example, For example, an e-mail address used in the second terminal device 800).

  In step S4060, the service using unit 712 of the terminal device 700 transmits the user information input in step S4050 to the key management server device 500. At this time, the session ID stored in step S4040 is also transmitted. In step S4070, the key management service providing unit 512 of the key management server apparatus 500 receives the user information and session ID transmitted in step S4060. In step S4080, the key management service providing unit 512 of the key management server device 500 associates the user information received in step S4070 with the session ID, and stores them in the user information 524 in the form of temporary registration. In step S4050, if the user does not input the user ID, the key management service providing unit 512 automatically generates and assigns the user ID, and stores the user ID in the user information 524.

  In step S4090, the key management service providing unit 512 of the key management server device 500 executes the user authentication process of FIG. 14 based on the information stored in step S4080. Here, assuming that the user authentication is successful, the process proceeds to step S4100. In step S4100, the key management service providing unit 512 of the key management server device 500 stores the user information stored in step S4080 in the user information 524 in the form of main registration.

  In step S <b> 4110, the key management service providing unit 512 of the key management server device 500 transmits a user registration completion notification, which is a message indicating notification of completion of user registration, to the terminal device 700. At this time, the user ID is also transmitted. In step S4120, the service using unit 712 of the terminal device 700 receives the user registration completion notification and user ID transmitted in step S4110, and outputs the content of the user registration completion notification to the output unit 740. In step S4130, the service utilization unit 712 of the terminal device 700 stores the user ID received in step S4120 in the key management service information 722.

≪Certificate issuance process flow≫
Next, the flow of the certificate issuing process will be described with reference to FIG. 16 (refer to FIGS. 3, 5 and 7 as appropriate). Note that it is assumed that user information has been registered as a precondition for receiving a certificate.

  In step S5010, the service using unit 712 of the terminal device 700 receives an input of a URL for using the certificate issuing service provided by the authentication device 330 via the input unit 730, and authenticates via the communication unit 750. A certificate issuance application request is transmitted to the device 330. In step S5020, the authentication device 330 receives the certificate issuance application request transmitted by the terminal device 700.

  In step S5030, authentication apparatus 330 transmits to terminal apparatus 700 an application data request for requesting application data (CSR: Certificate Signing Request) necessary for issuing a certificate. The application data request includes the algorithm type and key length of the encryption key necessary for issuing the certificate. In step S5040, the service utilization unit 712 of the terminal device 700 receives the application data request transmitted in step S5030.

  In step S5050, the terminal device 700 uses the application data request received in step S5040 to perform a series of processing from key generation request to response with the key management server device 500 (key generation in FIGS. 17 and 18). Process). Details of step S5050 will be described later. Subsequently, if the key generation is successful in step S5050, in step S5060, the terminal device 700 performs a series of processing from the signature request to the signature response with the key management server device 500 (the signatures in FIGS. 12 and 13). Process).

  Next, in step S5070, the service using unit 712 of the terminal device 700 generates application data (CSR) by combining the signature target data generated in step S5060 and the electronic signature received in step S5060. In step S5080, the service utilization unit 712 of the terminal device 700 transmits the application data (CSR) generated in step S5070 to the authentication device 330. In step S5090, the authentication device 330 receives the application data (CSR) transmitted from the terminal device 700.

  Subsequently, in step S5100, the authentication device 330 verifies the application data (CSR) received in step S5090, and executes issuance examination. Specifically, the application data of the user is verified according to a general PKI specification such that the electronic signature included in the application data is verified using the public key of the user included in the application data. As for the certificate issuance examination, in this embodiment, it is assumed that the application data format is incomplete and then the process proceeds to step S5110. However, when the examination person in the certification authority conducts the examination visually or the like. Returns a message indicating that application data has been accepted to the terminal device 700, and notifies the user of the certificate acquisition destination by e-mail or the like when the examination is completed. In response to the access, the process may proceed to step S5110.

  In step S5110, if the verification in step S5100 is successful, the authentication device 330 generates a user certificate based on the application data and transmits the user certificate to the terminal device 700. If the examination fails, an examination message indicating that the examination has failed is transmitted to the terminal device 700. In step S5120, when the service use unit 712 of the terminal device 700 receives the user certificate, the service use unit 712 stores the user certificate in the user certificate 721, and when receiving the review message, outputs the content of the review message to the output unit 740. To do.

≪Key generation process flow≫
Next, the flow of key generation processing will be described with reference to FIGS. 17 and 18 (see FIGS. 3 and 5 to 7 as appropriate).

  In step S6010, the authentication unit 713 of the terminal device 700 acquires the service URI of the service providing device 320, which is the transmission source of the application data received in step S5040, from the service use unit 712 as key generation request source information. .

  In step S6020, the authentication unit 713 of the terminal device 700 transmits a key generation request for requesting the key management server device 500 to generate an encryption key. The key generation request includes the algorithm type and key length of the encryption key received in step S5040, the key generation request source information acquired in step S6010, and the IP address of the terminal device 700. Furthermore, when the user ID is already stored in the key management service information 722, the key generation request includes the user ID. In step S6030, the key management service providing unit 512 of the key management server device 500 receives the key generation request transmitted by the terminal device 700.

  In step S6040, the site determination unit 5131 of the key management server device 500 determines whether or not the key generation request source site is an unauthorized site. If the key generation request source site is an unauthorized site (“illegal” in step S6040), the site determination unit 5131 generates a key generation rejection message for rejecting key generation and transmits the generated key generation rejection message to the terminal device 700. . In step S6041, the authentication unit 713 of the terminal device 700 receives the key generation rejection message transmitted in step S6040, and outputs the content of the key generation rejection message to the output unit 740. In the present embodiment, the process ends when this step S6041 is reached.

  If the key generation request source site is not an unauthorized site (“not unauthorized” in step S6040), the process proceeds to step S6050. In step S6050, the key management service providing unit 512 of the key management server device 500 generates a session ID in response to the key generation request in step S6030, and the session ID is included in the key generation request received in step S6030. The algorithm type and key length of the encryption key, the key generation request source information, and the user ID (when present in the key generation request) are associated with each other and stored in the user information 524.

  The processing in steps S6060 to S6110 is similar to the processing in steps S2060 to S2110 in FIG. In step S6120, the user authentication process shown in FIG. 14 is executed. Here, assuming that the user authentication is successful, the process proceeds to step S6130.

  In step S6130 shown in FIG. 18, the key management service providing unit 512 of the key management server apparatus 500 transmits a key generation request for generating a pair of the user's private key and public key to the private key management apparatus 600. The key generation request includes the algorithm type and key length of the encryption key, and the management authentication information acquired from the management authentication information 525. In step S6140, the key management unit 612 of the secret key management apparatus 600 receives the key generation request transmitted in step S6130 via the communication unit 650.

  In step S 6150, the key management unit 612 of the secret key management device 600 receives the management authentication information received in step S 6140 and the management authentication information stored in the management authentication information 622 of the secret key management device 600. By comparing, it is authenticated whether or not there is an access right to the key. If the access right authentication is successful, in step S6150, the key generation unit 6122 of the key management unit 612 determines the encryption key (private key) based on the algorithm type and key length in the key generation request received in step S6140. And a public key corresponding to the secret key). The key ID generation unit 6123 generates a unique key ID in the secret key management device 600. The generated key and key ID are stored in the user secret key 621 in association with each other. If access right authentication is not successful, it is assumed that key generation has failed.

  In step S6160, the key management unit 612 of the secret key management apparatus 600 sends the key ID associated with the secret key generated in step S6150 and the public key corresponding to the secret key to the key management server apparatus 500. Send. If the key generation has failed in step S6150, a key generation failure message indicating that the key generation has failed is transmitted to the key management server device 500. In step S6170, the key management service providing unit 512 of the key management server device 500 receives the key ID and public key transmitted in step S6160, or the key generation failure message.

  In step S6180, if the key management service providing unit 512 of the key management server device 500 has received the key ID in step S6170, the key ID is associated with the user ID specified in step S6060 or S6110. Store in information 524.

  In step S6190, when the key management service providing unit 512 of the key management server apparatus 500 receives the key ID and the public key in step S6170, the key generation completion message indicating that the key generation has been completed, or in step S6170. When the key generation failure message is received at, the key generation failure message is transmitted to the terminal device 700 as a public key response. In step S6200, the key management service providing unit 512 of the key management server device 500 stores the session ID stored in step S2050, the algorithm type and key length of the encryption key associated with the session ID, and key generation request source information. And the user ID (if present in the key generation request) are deleted from the user information 524. In step S6210, authentication unit 713 of terminal device 700 receives the public key response transmitted in step S6190. If the public key response is a key generation completion message, the process proceeds to the next step. If the key generation response is a key generation failure message, the content indicating the key generation failure message is output to the output unit 740, and the process ends.

≪User information change process flow≫
Next, the flow of the user information change process will be described with reference to FIG. 19 (see FIGS. 3, 5, and 7 as appropriate).

  First, in step S <b> 7010, the service using unit 712 of the terminal device 700 receives an input of a URL for using the user change service provided by the key management server device 500 via the input unit 730, and the communication unit 750. Then, a user information change request is transmitted to the key management server device 500. When the user ID is stored in the key management service information 722, the user ID is also included in the user information change request. In step S7020, the key management service providing unit 512 of the key management server device 500 receives the user information change request transmitted by the terminal device 700.

  Next, steps S7030 to S7080 are the same as steps S2060 to S2110 shown in FIG. In step S7090, the key management service providing unit 512 of the key management server device 500 executes the user authentication process shown in FIG.

  In step S7100, the key management service providing unit 512 of the key management server device 500 transmits to the terminal device 700 a change information request indicating a user information change input screen necessary for changing user information. At this time, the session ID received in S7090 is also transmitted together with the change information request. In step S7110, the service using unit 712 of the terminal device 700 receives the change information request transmitted in step S7100, and outputs a user information change input screen to the output unit 740.

  In step S <b> 7120, the service using unit 712 of the terminal device 700 accepts input of change information necessary for changing user information via the input unit 730. In this embodiment, the change information to be input includes information related to billing when using a key management service such as a credit card number and temporary authentication information notification means (in addition to the user's name, address, and telephone number). For example, an e-mail or the like) and a temporary authentication information notification destination (for example, an e-mail address or the like used in the second terminal device 800).

  In step S 7130, the service using unit 712 of the terminal device 700 transmits the change information input in step S 7120 to the key management server device 500. In addition, the session ID stored in step S7050 is also transmitted. In step S7140, the key management service providing unit 512 of the key management server device 500 receives the change information and the session ID transmitted in step S7130.

  In step S7150, the key management service providing unit 512 of the key management server device 500 transmits a change completion notification, which is a message indicating a notification that the change of user information is completed, to the terminal device 700. In step S7160, the service using unit 712 of the terminal device 700 receives the change completion notification transmitted in step S7150, and outputs the content of the change completion notification to the output unit 740.

≪User information deletion process flow≫
Next, the flow of user information deletion processing will be described with reference to FIG. 20 (see FIGS. 3, 5 and 7 as appropriate).

  First, in step S8010, the service use unit 712 of the terminal device 700 receives an input of a URL for using the user deletion service provided by the key management server device 500 via the input unit 730, and the communication unit 750. Then, a user information deletion request is transmitted to the key management server device 500. When the user ID is stored in the key management service information 722, the user ID is transmitted in the user information deletion request. In step S8020, the key management service providing unit 512 of the key management server device 500 receives the user information deletion request transmitted by the terminal device 700.

  Next, in step S8030, the key management service providing unit 512 of the key management server device 500, based on the user information deletion request received in step S8020, the key management server device 500, the secret key management device 600, and the terminal device. A series of key deletion processing (the key deletion processing in S9030 to S9250 in FIGS. 21 and 22) is executed between 700 and the second terminal device 800. Details of step S8030 will be described later.

  In step S8040, the key management service providing unit 512 of the key management server device 500 deletes the user ID specified in step S8030 and all the information associated with the user ID from the user information 524. In step S 8050, the key management service providing unit 512 of the key management server device 500 transmits a deletion completion notification, which is a message indicating a notification that the deletion of user information has been completed, to the terminal device 700. In step S8060, the service using unit 712 of the terminal device 700 receives the deletion completion notification transmitted in step S8050, and outputs the content of the deletion completion notification to the output unit 740. Subsequently, in step S8070, the service using unit 712 of the terminal device 700 deletes all information associated with the user ID in the key management service information 722.

≪Key deletion process flow≫
Next, the flow of the key deletion process will be described with reference to FIGS. 21 and 22 (see FIGS. 3 and 5 to 7 as appropriate).

  First, in step S9010, the authentication unit 713 of the terminal device 700 transmits a key deletion request to the key management server device 500 via the communication unit 750. The key deletion request includes the IP address of the terminal device 700 and, when the user ID is stored in the key management service information 722, the user ID and the key deletion method. The key deletion method is designated by the authentication unit 713. When this deletion processing is executed from the step of FIG. 20, batch deletion is specified, and when the key deletion processing procedure starts from step S9010, individual deletion is specified. In step S9020, the key management service providing unit 512 of the key management server device 500 receives the key deletion request transmitted by the terminal device 700.

  In step S9030, the key management service providing unit 512 of the key management server device 500 generates a session ID in response to the key deletion request in step S9020, and the session ID, the access source IP address, and the user ID (key deletion). And the key deletion method are associated with each other and stored in the user information 524.

  Next, the processing in steps S9040 to S9090 is the same as the processing in steps S2060 to S2110 in FIG. In step S9100, the user authentication process shown in FIG. 14 is executed. Here, assuming that the user authentication is successful, the process proceeds to step S9110.

  In step S9110 shown in FIG. 22, the key management service providing unit 512 of the key management server apparatus 500 determines a key deletion method. When the key deletion method stored in step S9030 is batch deletion (“collective deletion” in step S9110), the key ID associated with the user ID specified in step S9040 or S9080 is determined from the user information 524. One is automatically selected in the registered order or the like, and the process advances to step S9170. If the key deletion method stored in step S9030 is individual deletion (“individual deletion” in step S9110), the key associated with the user ID specified in step S9040 or S9080 from user information 524 A list of IDs is acquired, and the process proceeds to step S9120. If no key ID is associated with the user ID (“No deletion target” in step S9110), it is determined that the key has been deleted, and the process advances to step S9230.

  In step S9120, the key management service providing unit 512 of the key management server device 500 causes the terminal device 700 to display a selection screen information that prompts the user to select a key ID to be deleted from the list of key IDs acquired in step S9110. Send an ID request. In step S 9130, authentication unit 713 of terminal device 700 receives the key ID request transmitted in step S 9120, and outputs a key ID request selection screen to output unit 740. In step S 9140, authentication unit 713 of terminal device 700 accepts input of the key ID of the key to be deleted via input unit 730.

  In step S 9150, the authentication unit 713 of the terminal device 700 transmits the key ID input in step S 9140 to the key management server device 500. At this time, the session ID stored in step S9060 is also transmitted. In step S9160, the key management service providing unit 512 of the key management server device 500 receives the key ID and session ID transmitted in step S9150.

  In step S 9170, the key management service providing unit 512 of the key management server device 500 deletes the secret key associated with the key ID based on the key ID selected in steps S 9110 to S 9160. Is transmitted to the secret key management apparatus 600. The key deletion request includes the key ID and management authentication information stored in the management authentication information 525. In step S9180, the key management unit 612 of the secret key management apparatus 600 receives the key deletion request transmitted in step S9170.

  In step S 9190, the key management unit 612 of the secret key management apparatus 600 compares the management authentication information received in step S 9180 with the management authentication information stored in the management authentication information 622, thereby storing the key. Authenticate if you have access rights. If the access right authentication is successful, the key ID received in step S9180 and the secret key associated with the key ID are deleted from the user secret key 621.

  In step S9200, the key management unit 612 of the secret key management apparatus 600 sends a key deletion response, which is a message indicating that the key deletion has succeeded or failed, to the key management server apparatus 500 based on the processing result of step S9190. Send. In step S9210, the key management service providing unit 512 of the key management server device 500 receives the key deletion response transmitted in step S9200.

  In step S9220, the key management service providing unit 512 of the key management server device 500 determines a key deletion method. If the key deletion method stored in step S9030 is batch deletion, one of the key IDs associated with the user ID is automatically selected from the user information 524 in the order of registration. Returning to step S 9170, the key deletion is continued. If the key deletion method stored in step S9030 is individual deletion, or if the key deletion response received in step S9210 is a message indicating that key deletion has failed, the process proceeds to step S9230. .

  In step S9230, the key management service providing unit 512 of the key management server device 500 transmits to the terminal device 700 a key deletion response that is a message indicating that the key deletion has been completed or the key deletion has failed. In step S 9240, the key management service providing unit 512 of the key management server device 500 stores the session ID stored in step S 9230, information associated with the session, and the key ID of the key deleted in the key deletion process. , The information related to the key ID is deleted from the user information 524. In step S9250, authentication unit 713 of terminal device 700 receives the key deletion response transmitted in step S9230.

  When the key deletion process is executed through step S8020 in FIG. 20, the process returns to step S8040 in FIG. If the key deletion process starts from step S9010 in FIG. 21, the process ends when the process reaches step S9250. When the terminal device 700 receives a message indicating that the key deletion has failed, the content of the message is output to the output unit 740, and the process ends.

  As described above, the key management device 310 (a set of the key management server device 500 and the secret key management device 600) described in the present embodiment generates a key in the key generation unit 6122 and manages the secret key instead of the user. Therefore, it is not necessary to distribute authentication hardware to the user, and the security of the key can be ensured. Further, in user authentication (see FIG. 14), temporary authentication information or information for deriving temporary authentication information is notified by another communication means (second communication unit 553) every time the key is accessed. Therefore, resistance against unauthorized acquisition of authentication information by spyware can be provided. Furthermore, in user authentication, the user can send the temporary authentication information generated in step S3010 of FIG. 14, so that there is no need to worry about forgetting the password.

  Further, when the key is used, by transmitting the site identification information of the authentication request source information from the terminal device 700 to the key management server device 500, in order to avoid phishing or the like that had to be performed by the conventional user himself / herself. This makes it possible to simplify or omit the operation of determining a fraudulent site and selecting a key (certificate) suitable for authentication of the service providing apparatus 320. Further, since it is not necessary to provide the service providing apparatus 320 with a signature function, an encryption function, a function for managing the certificate of the authentication server, a decryption function, and a signature verification function, the service providing apparatus 320 does not need to be modified. It becomes easy for the service provider to introduce the key management system 300 of the present embodiment.

  In the present embodiment, the user of the terminal device 700 has been described as having the second terminal device 800. However, the terminal device 700 itself may be a window terminal on the service provider side, or the user may own the second terminal device 800. Alternatively, the user may use only the terminal device 700.

  In step S2040, the site determination unit 5131 of the site information management unit 513 of the key management server device 500 refers to the unauthorized site information 810 of the site information 523 using the site identification information of the received authentication request source information, It has been described as determining whether the authentication request source site is an unauthorized site. However, for example, use of a legitimate site approved by the operator of the key management server device 500 may be permitted. In this case, referring to the legitimate site information 820 shown in FIG. 8, if the site identification information exists, the process may proceed to step S2050.

  In the present embodiment, as shown in FIG. 3, the key management device 310 is described as a set of the key management server device 500 and the secret key management device 600. However, the key management server device 500, the secret key management device 600, and the like. You may comprise by the apparatus which integrated.

  In this embodiment, steps S1040 and S1060 shown in FIG. 11 and step S5040 shown in FIG. 16 may be executed by redirection via the terminal device 700.

DESCRIPTION OF SYMBOLS 300 Key management system 310 Key management apparatus 320 Service provision apparatus 330 Authentication apparatus 340 Network 440 Tamper detection apparatus 500 Key management server apparatus 510 Control part 520 Storage part 523 Site information 524 User information 550 Communication part 551 Transmission means 552 Reception means 553 2nd Communication unit 600 secret key management device 610 control unit 612 key management unit 613 tamper detection processing unit 620 storage unit 621 user secret key 700 terminal device 710 control unit 720 storage unit 750 communication unit 751 second communication unit 800 second terminal Device 810 Unauthorized site information 820 Legitimate site information 830 Site key condition correspondence information 910 Key selection information 1000 Private key information 5131 Site determination unit 5132 Key ID extraction unit 6121 Signature generation unit 6122 Key generation unit 6123 Key I D generator 6124 Private key extractor

Claims (15)

A key management device that is communicably connected to a terminal device used by a user and generates an electronic signature for electronic data received from the terminal device,
The key management device includes:
Site key condition correspondence information associating site identification information indicating a network location of a service providing apparatus that provides a service in response to a service provision request from the terminal apparatus and encryption key generation condition information indicating an encryption key generation condition The site identification information storing information for determining whether the site identified by the site identification information is an unauthorized site, the key ID for identifying the encryption key, and the encryption key generation condition information A storage unit that stores the key selection information and the secret key information that associates the key ID with the secret key;
A receiving unit of a communication unit that receives from the terminal device the electronic data that the service providing device returns for user authentication in response to a service provision request from the terminal device, and site identification information of the service providing device; ,
A site determination unit that refers to the site determination information using the site identification information and determines whether the site of the site identification information is an unauthorized site; and
When the site determination unit determines that the site of the site identification information is not an unauthorized site, the site identification information is used to refer to the site key condition correspondence information and generate an encryption key associated with the site identification information A key ID extraction unit that extracts condition information, refers to the key selection information using the extracted encryption key generation condition information, and extracts a key ID associated with the extracted encryption key generation condition information;
A secret key extraction unit that refers to the secret key information using the extracted key ID and extracts a secret key associated with the extracted key ID;
A signature generation unit that generates an electronic signature corresponding to the electronic data using the extracted secret key;
Transmitting means of the communication unit for outputting the generated electronic signature to the terminal device;
A key management device comprising: The key management device further includes:
A communication unit that communicates with the terminal device or a second terminal device used by a user of the terminal device via a second communication unit having a communication unit different from the communication unit;
When the site determination unit determines that the site of the site identification information is not an unauthorized site,
Generate temporary authentication information, and output the temporary authentication information to the terminal device or the second terminal device via the second communication unit,
Response information corresponding to the temporary authentication information output is received from the terminal device operated by the user in response to the output via the communication unit, and the received response information is If the response information is information corresponding to the temporary authentication information in the comparison result, the secret key extraction unit, the signature generation unit, and The key management apparatus according to claim 1, wherein processing in a transmission unit of the communication unit is executed. The key management device further includes a hardware cryptographic module having tamper resistance,
The tamper-resistant hardware cryptographic module stores at least the secret key information, and executes the processes of the secret key extraction unit and the signature generation unit. 2. The key management device according to 2. The encryption key generation condition information is any one or a combination of algorithm type, key length, and certificate authority information for generating an encryption key, according to any one of claims 1 to 3. Key management device. The receiving unit of the communication unit of the key management device further receives the algorithm type and key length for generating the encryption key from the terminal device,
The hardware cryptographic module having tamper resistance is:
When the site determination unit determines that the site of the site identification information is not an unauthorized site, a secret key and a public key corresponding to the secret key are obtained using the algorithm type and key length for generating the encryption key. A key generation unit to generate,
A key ID generation unit that generates the key ID, associates the key ID with the secret key, and stores the key ID in the secret key information;
The key management device according to claim 4, comprising: The key management device includes:
When the site determination unit determines that the site of the site identification information is not an unauthorized site,
Generate temporary authentication information, and output the temporary authentication information to the terminal device or the second terminal device via the second communication unit,
From the terminal device, the response information corresponding to the output of the temporary authentication information is received via the communication unit, and whether the received response information is the same as the temporary authentication information, 6. The key management device according to claim 5, wherein when the response information is the same as the temporary authentication information in the comparison result, processing in the key generation unit and the key ID generation unit is executed. . The key ID extraction unit
When a plurality of secret keys associated with the extracted key ID are extracted,
Output the input screen information that can be selected and input one of the plurality of extracted key IDs to the terminal device via the transmission means of the communication unit,
The key management apparatus according to claim 1, wherein a key ID selected and input from the terminal apparatus using the input screen information is received via a receiving unit of the communication unit. A key management device that is communicably connected to a terminal device used by a user and generates an electronic signature for electronic data received from the terminal device,
The key management device includes:
Site key condition correspondence information associating site identification information indicating a network location of a service providing apparatus that provides a service in response to a service provision request from the terminal apparatus and encryption key generation condition information indicating an encryption key generation condition Site determination information storing information for determining whether or not the site identified by the site identification information is an unauthorized site, a user ID for identifying a user, a key ID for identifying the encryption key, and the encryption A storage unit for storing key selection information associated with key generation condition information, and secret key information associated with the key ID and a secret key;
Communication that accepts from the terminal device the electronic data that the service providing device returns for user authentication in response to a service provision request from the terminal device, site identification information of the service providing device, and the user ID Part receiving means;
A site determination unit that refers to the site determination information using the site identification information and determines whether the site of the site identification information is an unauthorized site; and
When the site determination unit determines that the site of the site identification information is not an unauthorized site, the site identification information is used to refer to the site key condition correspondence information and generate an encryption key associated with the site identification information Extract condition information, refer to the key selection information using the extracted encryption key generation condition information and the user ID, and extract the extracted encryption key generation condition information and the key ID associated with the user ID A key ID extraction unit;
A secret key extraction unit that refers to the secret key information using the extracted key ID and extracts a secret key associated with the extracted key ID;
A signature generation unit that generates an electronic signature corresponding to the electronic data using the extracted secret key;
Transmitting means of the communication unit for outputting the generated electronic signature to the terminal device;
A key management device comprising: The key management device includes:
When the user ID is not accepted by the communication unit,
The input screen information capable of inputting the user ID is output to the terminal device via the transmission unit of the communication unit,
The key management apparatus according to claim 8, wherein a user ID input from the terminal device using the input screen information is received via a receiving unit of the communication unit. A key management method used in a key management device that is communicably connected to a terminal device used by a user and generates an electronic signature for electronic data received from the terminal device,
The key management device includes:
Site key condition correspondence information associating site identification information indicating a network location of a service providing apparatus that provides a service in response to a service provision request from the terminal apparatus and encryption key generation condition information indicating an encryption key generation condition , Site determination information storing information for determining whether or not the site identified by the site identification information is an unauthorized site, a key that associates the key ID for identifying the encryption key and the encryption key generation condition information A storage unit that stores selection information and secret key information that associates the key ID and the secret key, and a communication unit that transmits and receives information to and from the terminal device,
The electronic data returned by the service providing apparatus for user authentication in response to a service provision request from the terminal apparatus and site identification information of the service providing apparatus are received from the terminal apparatus via the communication unit. A reception step;
Referring to the site determination information using the site identification information, and determining whether the site of the site identification information is an unauthorized site; and
When it is determined that the site of the site identification information is not an unauthorized site, the site key condition correspondence information is referenced using the site identification information, and encryption key generation condition information associated with the site identification information is extracted. A key ID extraction step of referring to the key selection information using the extracted encryption key generation condition information and extracting a key ID associated with the extracted encryption key generation condition information;
A secret key extracting step of referring to the secret key information using the extracted key ID and extracting a secret key associated with the extracted key ID;
A signature generation step of generating an electronic signature corresponding to the electronic data using the extracted secret key;
A key management method comprising: performing an output step of outputting the generated electronic signature to the terminal device via the communication unit. The key management device further includes:
A communication unit that communicates with the terminal device or a second terminal device used by a user of the terminal device via a second communication unit having a communication unit different from the communication unit;
When the site determination unit determines that the site of the site identification information is not an unauthorized site,
Generate temporary authentication information, and output the temporary authentication information to the terminal device or the second terminal device via the second communication unit,
Response information corresponding to the temporary authentication information output is received from the terminal device operated by the user in response to the output via the communication unit, and the received response information is If the response information is information corresponding to the temporary authentication information, the secret key extraction step, the signature generation step, and The key management method according to claim 10, wherein the processing in the output step is executed. The key management device further includes a hardware cryptographic module having tamper resistance,
11. The hardware cryptographic module having tamper resistance stores at least the secret key information, and executes the processes in the secret key extraction step and the signature generation step. 11. The key management method according to 11. The encryption key generation condition information is any one or a combination of an algorithm type for generating a encryption key, a key length, and certificate authority information. Key management method. In the receiving step, the algorithm type for generating the encryption key and the key length are further received from the terminal device,
The hardware cryptographic module having tamper resistance is:
When the site determination unit determines that the site of the site identification information is not an unauthorized site, a secret key and a public key corresponding to the secret key are obtained using the algorithm type and key length for generating the encryption key. A key generation step to generate;
Generating a key ID, associating the key ID with the secret key and storing the key ID in the secret key information; and
The key management method according to claim 13, wherein: A key management method used in a key management device that is communicably connected to a terminal device used by a user and generates an electronic signature for electronic data received from the terminal device,
The key management device includes:
Site key associated with site identification information indicating the location of the service providing device on the network that provides the service in response to a service provision request from the terminal device used by the user and encryption key generation condition information indicating the generation condition of the encryption key Condition determination information, site determination information storing information for determining whether or not the site identified by the site identification information is an unauthorized site, a user ID for identifying a user, and a key ID for identifying the encryption key And a storage unit that stores key selection information that associates the encryption key generation condition information with the key ID and secret key information that associates the key ID with the secret key,
Acceptance for accepting, from the terminal device, the electronic data returned by the service providing device for user authentication in response to a service provision request from the terminal device, site identification information of the service providing device, and the user ID Steps,
Referring to the site determination information using the site identification information, and determining whether the site of the site identification information is an unauthorized site; and
When it is determined that the site of the site identification information is not an unauthorized site, the site key condition correspondence information is referenced using the site identification information, and encryption key generation condition information associated with the site identification information is extracted. , Referring to the key selection information using the extracted encryption key generation condition information and the user ID, extracting the extracted encryption key generation condition information and the key ID associated with the user ID, and extracting the extracted key A key ID extraction step of referring to the secret key information using an ID and extracting a secret key associated with the extracted key ID;
A signature generation step of generating an electronic signature corresponding to the electronic data using the extracted secret key;
A key management method comprising: executing a transmission step of outputting the generated electronic signature to the terminal device.

Images