JP5899351B2 - Certificate authority apparatus, certificate update apparatus, and certificate management method - Google Patents

Description

  The present invention relates to a technique for simplifying management of use registration, user identification information, and authentication information when a user receives an online service.

Conventionally, various services such as Web mail, online banking, and online shopping are provided via the Internet. In such an online service, a user may be requested to register for use. In use registration, the service provider obtains information necessary for providing the service such as the user's name and address, issues an ID for identifying the user, and verifies the identity of the user (authentication). Registration of authentication information when implementing The authentication information includes a password, a public key certificate, biometric information, and the like. Depending on the security policy of the service provider, which authentication information is used for identity verification is determined.

  When a user who has performed use registration uses a service, the service provider requests the user for an ID and authentication information, and performs user identification and user authentication. When user identification and user authentication are successful, the service assigned to the user is provided.

  Patent Document 1 proposes a user identification method and system that enables access to a site that provides an information providing service using identification information and authentication information for each access site stored in an IC card. . In the technique described in Patent Document 1, use registration is performed before using the access site. At the time of use registration, a public key certificate used as authentication information is issued, and further, identification information for each access site is registered in the IC card.

An example of an online service in the public field is also shown. The Japanese government is considering the establishment of an online service (My Portal) that allows citizens to check their own information held by government agencies via the Internet. When citizens access their information on My Portal, a public key certificate (certification certificate) for the purpose of "authentication" is used as authentication information to prevent spoofing threats. Become. On the other hand, in procedures involving electronic documents, such as electronic applications that are existing services, public key certificates (signing certificates) are used for the purpose of “electronic signatures” in order to prevent the threat of spoofing, falsification, and denial of electronic document creators. ) Is used. The signing certificate is also used in the application for use before using My Portal, and an authentication certificate to be used for future logins is provided.

  Non-patent document 1 shows the policy of the Japanese government.

JP 2006-172307 A

Inter-Technical Information Technology Working Group Interim Report, July 2011, [online], [searched September 27, 2011], Internet <URL: http://www.cas.go.jp/jp/seisaku/jouhouwg /renkei/cyukan/cyukan.pdf>

  In Patent Document 1, before receiving an information providing service, a user performs a procedure for requesting issuance of identification information for identifying the person in addition to a procedure for requesting issuance of a public key certificate used as authentication information. Is going.

  In addition, when receiving an information providing service from a plurality of sites, use registration is performed for each site and a request for issuing identification information of each site is made. Therefore, the user needs to download the identification information issued from the information providing server to the IC card before receiving the information providing service. Also, when receiving the information providing service, the user accesses the IC card from the IC card. A complicated mechanism is required to obtain identification information suitable for the site to be tried.

  As described above, when a user receives an online service at a plurality of sites using identification information and authentication information, use registration of the service, management of the user identification information and authentication information becomes complicated. There is a problem.

  An object of the present invention is to provide a technique that simplifies the management of use registration, user identification information, and authentication information when a user receives an online service.

  A typical example of the present invention is as follows. The certificate authority device according to the present invention receives, from the computer, a request for information specifying an authentication certificate one generation before the authentication certificate, including information specifying the authentication certificate, and receiving the information Based on the information for specifying the authentication certificate and the information for specifying the authentication certificate for each generation stored in the storage device, the information for specifying the authentication certificate for the previous generation is obtained, The acquired information is transmitted to the electronic computer.

  According to the present invention, a public key certificate issued to a user is used as information having both roles of user identification and user authentication, and as common information for a plurality of online services. By doing so, it is possible to simplify the use registration, user identification information, and authentication information management when the user receives the online service.

It is a figure which shows the structure of the user identification and authentication system based on Example 1, Example 2, and Example 3. FIG. 2 is a diagram illustrating a configuration of a terminal device 11. FIG. It is a figure which shows the structure of the service provision apparatus 12 based on Example 1, Example 2, and Example 3. FIG. 2 is a diagram illustrating a configuration of a certificate authority device 13. FIG. It is a figure which shows the structure of the user identification and authentication system based on Example 4. FIG. It is a figure which shows the structure of the service provision apparatus 12 based on Example 4. FIG. It is a figure which shows the structure of the joint signature verification apparatus 15 based on Example 4. FIG. 2 is a diagram illustrating an example of a hardware configuration of a terminal device 11, a service providing device 12, a certificate authority device 13, and a joint signature verification device 15. FIG. 7 is a diagram showing information in an account management database 70 stored in an account information holding unit 37 of the service providing apparatus 12. FIG. FIG. 10 is a diagram showing information of a signature management certificate authentication association management table 80 stored in the association information holding unit 48 of the certificate authority device 13. It is the figure which showed the information of the log | history management table 90 of the certification | authentication certificate preserve | saved in the correlation information holding | maintenance part 48 of the certification authority apparatus 13 based on Example 2. FIG. It is a sequence diagram which shows the service application process in the terminal device 11 and the service provision apparatus 12. It is a sequence diagram which shows the service application process in the service provision apparatus 12 and the certificate authority apparatus 13. FIG. 10 is a sequence diagram illustrating service application processing in the service providing apparatus 12 and the certificate authority apparatus 13 according to the third embodiment. It is a sequence diagram which shows the service request process in the terminal device 11 and the service provision apparatus 12. FIG. 10 is a sequence diagram showing service request processing in the service providing device 12 and the certificate authority device 13. FIG. 10 is a sequence diagram illustrating service request processing in the service providing apparatus 12 and the certificate authority apparatus 13 according to the second embodiment. FIG. 10 is a sequence diagram illustrating service application processing in the service providing apparatus 12 and the joint signature verification apparatus 15 according to the fourth embodiment. FIG. 10 is a sequence diagram illustrating a service reception process in the service providing apparatus 12 and the joint signature verification apparatus 15 according to the fourth embodiment.

  Hereinafter, an embodiment of the present invention in Example 1 will be described in detail with reference to the drawings.

  FIG. 1 is a diagram illustrating the configuration of the user identification / authentication system according to the first embodiment.

In the present embodiment, a plurality of terminal devices 11 ¹ to 11 ^m (collectively referred to as “terminal device 11”) that use services, and a service providing device 12 ¹ to service providing device 12 that provide services to the terminal device 11 are used. ^k (collectively referred to as “service providing device 12”), certificate authority device 13 ¹ to certificate authority device 13 ⁿ (collectively referred to as “certificate authority device 13”) that issues a certificate to the user, It comprises a network 14 such as Ethernet (registered trademark) that connects the service providing device 12 and the certificate authority device 13.

  Next, each device constituting the user identification / authentication system of FIG. 1 will be described.

  First, the terminal device 11 will be described with reference to FIG.

  The terminal device 11 includes a processing unit 20a, a storage unit 20b, an input / output unit 20c that receives an instruction from a user, and a communication unit 20d that communicates with other devices via the network 14.

  The processing unit 20a includes a service application unit 21 that applies to the service providing apparatus 12 to use an online service, an electronic signature generation unit 22 that performs an electronic signature on the service use application generated by the service application unit 21, and a service provision A service request unit 23 that requests a service for which application has been applied to the device 12, an authentication information generation unit 24 that generates authentication information to be attached at the time of the service request, and a service execution unit that executes a service provided as a result of the service request 25.

The storage unit 20b includes service / destination information in which a certificate / key holding unit 26 that holds a certificate / key used in the electronic signature generation unit 22 and the authentication information generation unit 24, and the address of the service providing device 12 are described. A service providing destination information holding unit 27 that holds Note that a tamper-resistant storage medium such as an IC card may be used as the certificate / key holding unit 26. In addition, the certificate authority 13 issues a signature certificate used for signing an electronic document such as a service use application and an authentication certificate used for authentication at the time of service request to the user. I will do it. However, in this embodiment, the form of the certificate issued to the user is not limited. It may be divided into a signature certificate and an authentication certificate, or a single certificate may serve two purposes.

  In such a configuration, the user operates the service application unit 21 and the electronic signature generation unit 22 via the input / output unit 20c of the terminal device 11, and creates a service use application with an electronic signature. Furthermore, a service use application with an electronic signature is sent to the service providing apparatus 12 connected via the network 14 via the communication unit 20d.

  When the service use application is completed, the user operates the service request unit 23 via the input / output unit 20 c of the terminal device 11 to transmit a service request to the service providing device 12. When authentication is requested from the service providing apparatus 12, the authentication information generating unit 24 is operated via the input / output unit 20c to generate authentication information. Further, the authentication information is sent to the service providing apparatus 12. If the authentication is successful, the service execution unit 25 executes the online service based on the information sent from the service providing apparatus 12.

  Next, the service providing apparatus 12 will be described with reference to FIG.

  The service providing apparatus 12 includes a processing unit 30a, a storage unit 30b, an input / output unit 30c that receives an instruction from an operator of the service providing apparatus 12, and communication for communicating with other apparatuses via the network 14. Part 30d.

  The processing unit 30a performs management such as creating user-specific information (account information) for using the authentication certificate issued to the user for user identification and user authentication. 31, an electronic signature verification unit 32 that performs electronic signature verification of a service use application transmitted from a user, and a signature certificate used for the electronic signature issued to the same person (hereinafter referred to as a signature An authentication certificate information acquisition unit 33 for acquiring an authentication certificate (associated with the certificate) from the certificate authority 13, an identification unit 34 for identifying the user using the authentication information transmitted from the user, and authentication information. An authentication information verification unit 35 for verifying authentication, and a service providing unit 36 for providing a service to a user who has been successfully authenticated.

The storage unit 30b obtains the result of inquiring the account information holding unit 37, which holds account information for using the authentication certificate issued to the user for user identification and user authentication, and the certificate authority device 13. A certificate authority certificate holding unit 38 that holds a certificate authority certificate for verification
A certificate authority connection information holding unit 39 for holding certificate authority connection information in which the address of the certificate authority device 13 is described.

  In such a configuration, when the service providing device 12 receives a service use application form from the terminal device 11 connected via the network 14 via the communication unit 30d, the electronic signature verification unit 32 performs the service use application. The electronic signature attached to the certificate is verified, and further, an inquiry is made to the certificate authority apparatus 13 connected via the network 14 whether the signature certificate has expired. Further, the authentication certificate information acquisition unit 33 inquires of the certificate authority device 13 about the information of the authentication certificate associated with the signature certificate. When the processing of the electronic signature verification unit 32 and the authentication certificate information acquisition unit 33 ends normally, the account management unit 31 uses the authentication certificate issued to the user for user identification and user authentication. An account to be used as an account is generated and stored in the account information holding unit 37.

In addition, when the service providing apparatus 12 receives a service request from the terminal device 11 via the communication unit 30d, the service providing unit 36 confirms whether the user has been authenticated, and as a result, has not been authenticated. In this case, an authentication request is transmitted to the terminal device 11 via the communication unit 30d. When receiving the authentication information and the authentication certificate from the terminal device 11 via the communication unit 30d, the identification unit 34 includes the information (certification authority name) included in the authentication certificate and the authentication station for identifying the certificate authority. Extract the information (serial number) that identifies the certificate. Further, the account management unit 31 confirms from the certificate authority name, serial number, and account information in the account information holding unit 37 whether the user has already opened an account, using the information in the authentication certificate. Further, the authentication information verification unit 35 verifies the authentication information, and inquires the certificate authority apparatus 13 connected via the network 14 whether the authentication certificate has expired. Identification unit 34
When the processing of the authentication information verification unit 35 and the account management unit 31 ends normally, the service providing unit 36 provides the service requested from the terminal device 11.

  Next, the certificate authority apparatus 13 will be described with reference to FIG.

  The certificate authority device 13 includes a processing unit 40a, a storage unit 40b, an input / output unit 40c that receives instructions from an operator of the certificate authority device 13, and communication for communicating with other devices via the network 14. 40d.

  The processing unit 40a is issued by a certificate registration unit 41 that performs user registration in response to a certificate issuance request from a user, an issuing unit 42 that issues a certificate to a user who has registered the user, and a certificate authority 13 A revocation information providing unit 43 that provides revocation information relating to the certificate, a certificate issued by the certificate authority 13, and a linking information providing unit 44 that provides information on the certificate issued to the same person. Have.

The storage unit 40b includes a certificate holding unit 45 that holds a certificate within the expiration date issued by the certificate authority 13, an issue destination management information holding unit 46 that manages information of the issued user, and an issued expiration date Revocation information holding unit 47 that holds information on a revoked certificate, and a linkage information holding unit that links and manages issued certificates and certificates issued to the same principal 48. Note that the linking information holding unit 48 manages, for example, a certificate having a different use such as a signature certificate and an authentication certificate issued to the same person, or for each generation issued to the same person. It is managed by linking certificates.

  Further, the terminal device 11, the service providing device 12, and the certificate authority device 13, for example, as shown in FIG. 8, a CPU 61, a memory 62, an external storage device 63 such as a hard disk, and other devices via the network 15. A communication device 64 for performing communication, an input device 65 such as a keyboard and a mouse, an output device 66 such as a monitor and a printer, and a reading device 67 for reading information from a portable storage medium 68 such as a CD-ROM It can be constructed on a general electronic computer (computer) having an internal communication line 80 for transmitting and receiving data between these devices.

  Then, the CPU 61 executes a predetermined program loaded on the memory 62 from the external storage device 63, thereby realizing each processing unit described above. That is, the communication units 20d, 30d, and 40d use the communication device 64 by the CPU 61, and the input / output units 20c, 30c, and 40c use the input device 65, the output device 66, and the reading device 67 by the CPU 61. And the memory | storage parts 20b, 30b, and 40b are implement | achieved when CPU61 uses the memory 62 and the external storage device 63. FIG. The processing unit 20a is realized as a process of the CPU 61.

  The predetermined program may be stored in the external storage device 63 in advance, or is stored in the storage medium 68 that can be used by the electronic computer, and is read out as necessary via the reading device 67. Alternatively, it is downloaded as necessary from the network, which is a communication medium that can be used by the electronic computer, or another device connected to the communication device 64 that uses a carrier wave propagating on the network, to the external storage device 63. It may be introduced.

Next, the account management database 70 stored in the account information holding unit 37 of the service providing apparatus 12 will be described with reference to FIG. The account management database 70 is generated in the account management unit 31 when a service application is made by a user. Alternatively, the account management database 70 is generated by the operator of the service providing apparatus 12 via the input / output unit 30d. The account management database 70 includes, as account information, a user ID 71 that uniquely identifies a user registered as a service user, and the certification authority name of the user authentication certificate acquired from the authentication certificate information acquisition unit 33. (Name of the certificate authority that issued the authentication certificate) and serial number (information that uniquely identifies the authentication certificate) 72 and address information of the area allocated to the user provided to the user when using the service (
A plurality of (user resources) 73 are stored. The area allocated to the user is, for example, a user file or program storage area.

  Next, with reference to FIG. 10, the signature certificate and authentication certificate association management table 80 stored in the association information holding unit 48 of the certificate authority device 13 will be described. The association management table 80 for the signature certificate and the authentication certificate is edited by the certificate issuing unit 42 when the certificate authority 13 issues a certificate, or by the operator of the certificate authority apparatus 13. Editing is performed via the input / output unit 40c. For each subject who issued the certificate, the certificate authority name in the column 81, the issuer information in the column 82, the serial number of the signature certificate in the column 83, and the authentication certificate in the column 84 Enter the serial number. It is to be noted that, for each certificate authority apparatus 13, a signature certificate and authentication certificate linking management table 80 is configured, and a plurality of certificate authority apparatuses 13 collectively collect a signature certificate and an authentication certificate. The association management table 80 may be configured, and FIG. 10 is the latter.

Next, an authentication certificate history management table 90 stored in the association information holding unit 48 of the certificate authority device 13 will be described with reference to FIG. The authentication certificate history management table 90 is edited by the certificate issuing unit 42 when the certificate authority 13 issues a certificate, or the operator of the certificate authority apparatus 13 sets the input / output unit 40c. Is edited through. For each subject who issued the certificate, the CA name is in the column 91, the issue destination information is 93, 94 in the column 92.
, 95 column describes the serial number of the authentication certificate for each generation. Note that there are cases where the authentication certificate history management table 90 is configured for each certificate authority device 13, and cases where the authentication certificate history management table 90 is configured collectively by a plurality of certificate authority devices 13. FIG. 10 shows the latter.

  Next, in FIG. 12, FIG. 13, FIG. 15, and FIG. 16, an exemplary process between the terminal device 11 and the service providing apparatus 12 and an exemplary process between the service providing apparatus 12 and the certificate authority apparatus 13 will be described in detail. To do.

  First, the processing when the terminal device 11 performs a service use application to the service providing device 12 will be described with reference to FIG.

The service application unit 21 of the terminal device 11 creates a service application in response to an input from the user (step S101). The service application form includes information on the user such as name, address, telephone number, and mail address, and the name of the service requested by the user. Next, the electronic signature generation unit 22 responds to the service use application created in step S101 with the signature certificate and the key corresponding to the signature certificate held in the certificate / key holding unit 26. Thus, the electronic signature is executed (step S102). Further, the service application unit 21 transmits the service use application form, the electronic signature, and the signature certificate used to generate the electronic signature generated in steps S101 and S102 to the service providing apparatus 12 (step S103). ).

Upon receipt of the service use application, electronic signature, and signature certificate (step S104), the service providing apparatus 12 performs verification of the electronic signature in the processes from A to B, and determines whether to create an account. To do. The processing from A to B will be described in detail with reference to FIG. If the account creation is successful, an account creation success notification is sent, whereas if the account creation fails, an account creation failure notification is sent from the service providing device 12 to the terminal device 11 (step S105). ).

  The service application unit 21 of the terminal device 11 receives an account creation success notification or an account creation failure notification (step S106).

Next, FIG. 13 shows processing when the service providing apparatus 12 makes an inquiry to the certificate authority apparatus 13 and creates account information of the user who has accepted the use application.

The electronic signature verification unit 32 of the service providing apparatus 12 verifies the electronic signature received in step S104 using the signature certificate (step S201). Furthermore, the electronic signature verification unit 3
2 verifies the electronic signature of the signature certificate using the certificate authority certificate held in the certificate authority certificate holding unit 38 (step S202). Subsequently, in order to confirm whether the status of the signature certificate is valid, the electronic signature verification unit 32 obtains the signature certificate received in step S104 (FIG. 12) from the certificate authority connection information holding unit 39. The address of the issued certificate authority device 13 is acquired, and the certificate authority device 13 is requested to confirm the validity of the signature certificate (step S203).

When the certificate authority device 13 receives the validity check request for the signing certificate, the revocation information providing unit 43 checks the revocation information held in the revocation information holding unit 47 to check the status of the signature certificate. Is confirmed (step S204). Further, the revocation information providing unit 43 creates a validity check result of the signature certificate to which the digital signature of the certificate authority device 13 is attached, and responds to the service providing device 12 (step S205). In addition, as a method for performing the validity check processing of the signature certificate, there is a case where a certificate revocation list managed by the certificate authority device 13 is returned to the request source.

Upon receiving the signature certificate validity check result, the electronic signature verification unit 32 of the service providing apparatus 12 verifies the digital signature of the certificate authority apparatus 13 and confirms the validity of the signature certificate (step S206). From the result, it is determined whether the signature certificate is valid or revoked (step S207).
). When the validity check result of the signature certificate received in step S206 is valid (
In step S207, the electronic signature verification unit 32 requests the certificate authority device 13 for the serial number of the authentication certificate associated with the signature certificate (step S208).

When the certificate authority device 13 is requested for the serial number of the authentication certificate, the association information providing unit 44 uses the association between the signature certificate and the authentication certificate held in the association information holding unit 48. The attachment management table 80 is checked, and the serial number of the authentication certificate is acquired (step S209).
. Specifically, the association information providing unit 44 uses the certificate authority name and the serial number of the signature certificate included in the serial number request of the authentication certificate received in step S208 as a key for the signature certificate. And the certificate authority name column 81 and the signature certificate serial number column 83 of the authentication certificate association management table 80, and if the corresponding record exists, the authentication certificate serial number is searched. The serial number of the authentication certificate included in the number column 84 is acquired. In addition, the process mentioned later can also be implemented instead of the process of step S208 to step S211. In step S104 (FIG. 12), the service providing apparatus 12 obtains an authentication certificate from the user together with the use application, and includes both the signature certificate and the authentication certificate for the certificate authority 13. Requesting that the signature certificate and the authentication certificate be issued to the same person. As a result of searching the association management table 80 for the signature certificate and the authentication certificate, the certificate authority device 13 responds to the service providing device 12 as to whether or not it is issued to the same person.

Subsequently, the association information providing unit 44 responds to the service providing apparatus 12 with the serial number of the authentication certificate to which the electronic signature of the certificate authority apparatus 13 is attached (step S210). In step S209, if the serial number of the corresponding authentication certificate does not exist, the association information providing unit 44 responds as an error.

When the authentication certificate information acquisition unit 33 of the service providing device 12 receives the serial number of the authentication certificate to which the electronic signature of the certificate authority device 13 is attached, the authentication certificate information acquisition unit 33 confirms the serial number (step S211). The electronic signature of the apparatus 13 is verified to determine whether or not the serial number of the authentication certificate is reliable (step S212). As a result of the determination, if the serial number of the authentication certificate is reliable (Yes in step S212), the authentication certificate information acquisition unit 3
3 assumes that an authentication certificate linked to the signature certificate has been issued, and the account management unit 31 creates account information of the user who applied for the service in step S101 (step S213). . Specifically, the account management unit 31 generates information (in this embodiment, a user ID) for uniquely identifying user account information in the account management database 70. Next, the account management unit 31 associates the generated user ID with the name and serial number 72 of the certificate authority that issued the certificate for authentication and the user resource 73 in order to use the generated user ID as user identification information. As a result, account information is created and stored in the account management database 70 (step S213).

Subsequently, the account management unit 31 creates an account creation success notification for notifying the terminal device 11 (step S214). The account creation success notification includes user resources (address information) 73 for the user to access the area assigned to the user.

If the validity check result of the signature certificate received in step S206 is invalid (
If the authentication certificate serial number received in step S211 is unreliable (No in step S212), the account management unit 31 indicates that the account creation has failed, indicating that the account creation has failed. A notification is created (step S215).

  If you do not use the signature certificate used for signing electronic documents, such as application for service use, and the authentication certificate used for authentication at the time of service request, sign with one certificate. By using both for authentication and authentication, the processing from step S208 to step S212 can be omitted.

  Next, processing when the terminal device 11 requests the service that has been applied to the service providing device 12 will be described with reference to FIG.

The service request unit 23 of the terminal device 11 transmits a service request to the service providing device 12. Specifically, the service request unit 23 requests acquisition of user information of the user resource 73 included in the account creation success notification received in step S106 (FIG. 12) (step S401). When the service providing apparatus 12 receives the service request (step S4).
02) The account management unit 31 confirms that it has been authenticated and has not reached the timeout time (step S403). If authenticated (step S
In 404, the service providing unit 36 acquires the user information (file, program, etc.) of the user resource 73 that has requested access (step S405), and permits the acquired user information and the service request. The service request result is created (step S406).
The service providing apparatus 12 transmits the service request result created in step S406 and the service request result created in the process from C to D to the terminal apparatus 11 (step S407).
).

When receiving the service request result (step S408), the service request unit 23 of the terminal device 11 confirms whether the service request result is successful. If the service request result is successful (Yes in step S409), the service execution unit 25 acquires the acquired user resource 73.
The requested service is executed by accessing the address (step S410).
.

When the user who transmitted the service request is not authenticated (No in step S404), the identification unit 34 of the service providing apparatus 12 transmits an authentication request to the terminal apparatus 11 (
Step S411).

When the service request unit 23 of the terminal device 11 receives the authentication request (step S412),
The authentication information generation unit 24 generates authentication information (step S413). In particular,
The authentication information generation unit 24 uses the authentication certificate held in the certificate / key holding unit 26 and the key corresponding to the authentication certificate for the random number included in the authentication request received in step S412. Then, the authentication information is generated by performing the cryptographic process.

The service request unit 23 of the terminal device 11 transmits the authentication information generated in step S413, the authentication certificate including the certificate authority name and the serial number to the service providing device 12 (step S414). When the identification unit 34 of the service providing apparatus 12 receives the authentication information and the authentication certificate from the terminal apparatus 11, whether or not to provide the requested service by verifying the authentication information or the like in the processing from C to D. To determine. The processing from C to D will be described in detail with reference to FIG.

Next, a process when the service providing apparatus 12 makes an inquiry to the certificate authority apparatus 13 to provide the service requested by the user will be described with reference to FIG.

When receiving the authentication information and the authentication certificate from the terminal device 11 (FIG. 15_step S415), the identification unit 34 of the service providing apparatus 12 uses the authentication certificate for use as identification information for identifying the user. The certificate authority name and serial number included in the certificate are extracted (step S501).

  Subsequently, the account management unit 31 refers to the account management database 70 and checks whether there is an account including the certification authority name and serial number extracted in step S501 (step S502).

If the account does not exist in step S502, the account management unit 31 regards that the account has not been opened (No in step S503), and creates a result indicating that the service request is rejected because the account has not been opened. (Step S504).

If the account exists in step S502, the account management unit 31 regards that the account has been opened (Yes in step S503), and the authentication information verification unit 3
5, the authentication information received in step S 415 is verified using the authentication certificate, and further, the authentication certificate is stored using the certificate authority certificate held in the certificate authority certificate holding unit 38. Is verified (step S505).

Subsequently, in order to confirm whether the status of the authentication certificate is valid, the authentication information verification unit 35 issued the certificate received in step S415 (FIG. 15) from the certificate authority connection information holding unit 39. The address of the certificate authority device 13 is acquired, and the certificate authority device 13 is requested to confirm the validity of the authentication certificate (step S506). When the certificate authority device 13 receives the request for checking the validity of the authentication certificate, the revocation information providing unit 43 checks the revocation information held in the revocation information holding unit 47 and the status of the authentication certificate. Is confirmed (step S507). Further, the revocation information providing unit 43 creates a verification result of the validity of the authentication certificate to which the digital signature of the certificate authority device 13 is attached, and responds to the service providing device 12 (step S508). As a method for confirming the validity of the authentication certificate, a certificate revocation list managed by the certificate authority device 13 may be returned to the request source. Upon receiving the authentication certificate validity check result, the authentication information verification unit 35 of the service providing apparatus 12 verifies the electronic signature of the certificate authority apparatus 13 and confirms that the result is reliable (step S509). .

If the validity check result of the authentication certificate received in step S509 is invalid (No in step S510), the authentication information verification unit 35 displays a service request result indicating that the service request is rejected due to authentication failure. Create (step S511).

If the verification result of the authentication certificate received in step S509 is valid (Yes in step S510), the authentication information verification unit 35 uses the user information (user resource 73 requested in step S402 ( File, program, etc.) (step S512)
Then, a service request result including the acquired information and permission to permit the service request is created (step S513).

In the above embodiment, the case where a user makes a service use application for one service providing apparatus 12 has been described as an example. However, a user can make a service use application for a plurality of service providing apparatuses. Even when the service is provided and provided, the user authentication certificate used to generate the authentication information in the processes of FIGS. 12, 13, 15, and 16 is provided for each service. As long as the device 12 trusts the certificate authority of the authentication certificate, it can be used uniformly. Further, even if there is only one service providing device 12, the above-described processing can be applied.

  As described above, the first embodiment has been described in detail. According to the above embodiment, the public key certificate issued to the user includes a serial number for uniquely identifying the public key certificate, and a public key certificate. Paying attention to the fact that the subject's information can be included, the public key certificate issued to the user can be used as information that has both the role of user identification and user authentication. By using it as common information for service providing devices, in addition to issuing public key certificate issuance requests, there is no need to separately issue identification information for identifying users, and for each service providing device. User identification information can be unified without separation. Thereby, management of use registration, user identification information, and authentication information when a user receives a service can be simplified.

In addition, the present invention is not limited to the above-described embodiment. Depending on the service providing apparatus, the function of providing the service and the function of authenticating the user are separated, and the function of authenticating the user is different from the service providing apparatus. Various changes can be made without departing from the scope of the invention.

The public key certificate has a life cycle, and when the expiration date of the authentication certificate expires or when the authentication certificate expires for some reason, the certificate authority 13 A new authentication certificate may be issued (certificate renewal). When the authentication certificate is updated, a new serial number is assigned.

In the first embodiment, the service providing apparatus 12 uses the certification authority name and serial number of the authentication certificate as information for identifying the user. However, the user uses the updated authentication certificate. When a service is requested from the service providing apparatus 12, there is no account including the updated serial number of the authentication certificate, and the service providing apparatus 12 rejects the service provision.

  In order to avoid the above, it is necessary to change the serial number constituting the user account to the serial number of the updated authentication certificate.

  In the second embodiment, the service providing apparatus 12 acquires the update information of the authentication certificate from the certificate authority apparatus 13 without the user notifying the update of the authentication certificate. Implement a process to dynamically change the number.

  Note that a function for acquiring update information of the authentication certificate is added to the account management unit 31 of the service providing apparatus 12 shown in FIG. 3 of the first embodiment. Also, the processing from step S501 to step S510 in FIG. 16 of the first embodiment is changed to the processing from step S601 to step S617 shown in FIG. 17 of the second embodiment.

  Hereinafter, an embodiment of the present invention in Example 2 will be described in detail with reference to the drawings.

  FIG. 17 shows processing when the service providing apparatus 12 makes an inquiry to the certificate authority apparatus 13 and acquires history information of the authentication certificate.

When receiving the authentication information and the authentication certificate from the terminal device 11 (FIG. 15_step S415), the identification unit 34 of the service providing apparatus 12 uses the authentication certificate for use as identification information for identifying the user. The certificate authority name and serial number included in the certificate are extracted (step S601).

  Subsequently, the account management unit 31 refers to the account management database 70 and confirms whether there is an account including the certification authority name and serial number extracted in step S601 (step S602).

If the account does not exist in step S602 (No in step S603).
), The account management unit 31 repeats step S415 (until a predetermined number of times set in advance is reached).
The history of the authentication certificate received in FIG. 15) is confirmed.

Specifically, the account management unit 31 acquires the address of the certificate authority 13 that issued the certificate received in step S415 from the certificate authority connection information holding unit 39, and sends the certificate authority device 13 to the certificate authority device 13 in step S415. The serial number of the authentication certificate of the previous generation of the authentication certificate received in step S605 is requested (step S605). When the certificate authority device 13 is requested for the serial number of the authentication certificate of the previous generation, the linking information providing unit 44 manages the history of authentication certificates held in the linking information holding unit 48. The table 90 is confirmed, and the serial number of the certificate before renewal is acquired (step S606). Specifically, the associating information providing unit 44 uses the certification authority name and the serial number of the authentication certificate included in the request for the serial number of the authentication certificate of the previous generation (step S605) as a key. The column 91 of the certification authority name and the columns 93, 94, and 95 of the serial number of the authentication certificate are searched in the history management table 90 for the authentication certificate, and it is confirmed whether or not the issue destination information 92 exists. When the issue destination information 92 exists, the association information providing unit 44 acquires the serial number of the authentication certificate from the previous generation column of the serial number column of the corresponding authentication certificate.

Subsequently, the associating information providing unit 44 creates a confirmation result including the certificate authority name and the serial number of the certificate for authentication one generation before, to which the electronic signature of the certificate authority apparatus 13 is attached, and sends it to the service providing apparatus 12. A response is made (step S607). In step S606, if the serial number of the previous generation authentication certificate does not exist, the association information providing unit 44 responds as an error.

  Upon receiving the confirmation result, the account management unit 31 of the service providing apparatus 12 verifies the electronic signature of the certificate authority apparatus 13 and confirms that the confirmation result is reliable (step S608).

If the confirmation result received in step S609 includes the serial number of the previous generation authentication certificate, the account management database 70 stores the account based on the serial number and certificate authority name received in step S608. The management database 70 is searched to check whether the serial number and the certification authority name (user identification information) of the corresponding authentication certificate exist (step S609). As a result of the confirmation, if the serial number and certificate authority name of the corresponding authentication certificate exist (Yes in step S609), it is considered that the authentication certificate issued to the user at the time of application for use has been updated. In the account management database 70, the account management unit 31 updates the certification authority name and serial number 72 of the authentication certificate retrieved in step S609 to the certification authority name and serial number of the authentication certificate received in step S415. (Step S610).

On the other hand, if the corresponding identification information does not exist (No in step S609), the account management unit 31 uses an authentication certificate of an older generation as the authentication certificate issued to the user at the time of application for use. It is assumed that there is, and the process returns to step S604. If the predetermined number has not been reached (No in step S604), the account management unit 31 requests the serial number of the authentication certificate one generation before the authentication certificate received in step S415 (step S605).

If the predetermined number has been reached (Yes in step S604), the account management unit 31 regards that the account has not been opened, and creates a result indicating that the service request is rejected because the account has not been opened (step S611).

If the account exists (Yes in step S603) and if the account does not exist and the update of the authentication certificate can be confirmed (Yes in step S609), the authentication information verification unit 35 The authentication information received in step S415 is verified using the authentication certificate, and further, the digital signature of the authentication certificate is used using the certificate authority certificate held in the certificate authority certificate holding unit 38. Is verified (step S612). Note that the processing from step S612 to step S616 is the same as the processing from step S505 to step S509 in FIG. 16, and thus detailed description of the processing is omitted.

  As described above, the second embodiment has been described in detail. According to the above embodiment, the service providing apparatus 12 acquires the update information of the authentication certificate without the user notifying the update of the authentication certificate. Now you can dynamically change the serial numbers that make up your account.

The processing from step S203 to step S206 shown in FIG. 13 of the first embodiment, the processing from step S208 to step S211, the processing from S605 to S608 shown in FIG. 17 of the second embodiment, and the steps from S613 to S616. In the processing up to this point, the service providing apparatus 12 obtains information on the validity of the signature certificate and the authentication certificate received from the user and the information associated with the signature certificate and the authentication certificate. Are individually inquired.

However, in the OCSP responder indicated by RFC 2560 “X.509 Internet Public Key Infrastructure Structure Certificate Protocol-OCSP”, not only the status of the certificate specified in the request (valid, revoked, unknown) Information can be included in the OCSP response as extended information and returned to the requester.

  Therefore, in the third embodiment, in order to improve the efficiency of the inquiry process from the service providing apparatus 12 to the certificate authority 13, the validity check of the certificate and the inquiry of the certificate association information are performed at the same time.

  The electronic signature verification unit 32 of the service providing apparatus 12 shown in FIG. 3 of the first embodiment confirms the validity of the signature certificate received from the user and the authentication certificate associated with the signature certificate. Add the function to request the serial number at the same time. Further, the function of the authentication certificate information acquisition unit 33 of the service providing apparatus 12 is not used. Further, the process shown in FIG. 13 is changed to the process shown in FIG.

  Hereinafter, an embodiment of the present invention in Example 3 will be described in detail with reference to the drawings.

  FIG. 14 shows processing when the service providing apparatus 12 makes an inquiry to the certificate authority apparatus 13 and creates an account of the user who accepted the use application.

The electronic signature verification unit 32 of the service providing apparatus 12 verifies the electronic signature (FIG. 12) received in step S104 using the signature certificate (step S301). Further, the electronic signature verification unit 32 verifies the electronic signature of the signature certificate using the certificate authority certificate held in the certificate authority certificate holding unit 38 (step S302).

Subsequently, the electronic signature verification unit 32 requests the certificate authority device 13 to check the validity of the signature certificate and the serial number of the authentication certificate associated with the signature certificate (step S303). Upon receiving the validity check of the signature certificate and the request for the serial number of the authentication certificate, the certificate authority device 13 checks the revocation information held in the revocation information holding unit 47 by the revocation information providing unit 43. Then, the status of the signature certificate is confirmed (step S304). Also, the linking information providing unit 44
Then, the association management table 80 of the signature certificate and the authentication certificate held in the association information holding unit 48 is confirmed (step S305).

Further, the revocation information provision unit 43 adds the confirmation result of the serial number of the authentication certificate to the validity confirmation result of the signature certificate to which the electronic signature of the certificate authority device 13 is attached, and sends the result to the service providing device 12. A response is made (step S306). When the electronic signature verification unit 32 of the service providing device 12 receives the validity check result of the signature certificate and the confirmation result of the serial number of the authentication certificate, the electronic signature verification of the certificate authority device 13 can be verified and trusted. The result is confirmed (step S307).

If the validity check result of the signature certificate received in step S307 is valid (Yes in step S308), the electronic certificate verification unit 32 proceeds to step S309. If the serial number of the authentication certificate is reliable, the electronic certificate verification unit 32 regards that the authentication certificate associated with the signature certificate has been issued (Yes in step S309), and step S3.
Proceed to 10.

  Note that the processing from step S310 to step S312 is the same as the processing from step S213 to step S215 in FIG. 13, and thus detailed description of the processing is omitted.

Further, regarding the processing from step S605 to step S608 and the processing from step S613 to step S616 shown in FIG. 17 of the second embodiment, the service providing apparatus 12 is similar to the processing from step S303 to step S307. The certificate authority 13 can be simultaneously inquired about the validity confirmation and the authentication certificate information of the previous generation related to the authentication certificate received from the user.

As described above, the third embodiment has been described. According to the above-described embodiment, the service providing apparatus 12 confirms the validity of the user certificate to the certificate authority apparatus 13 and the association information of the user certificate. Inquiry processing can be performed efficiently.

  In the first embodiment, the second embodiment, and the third embodiment, upon receiving a service use application or a service request from the terminal device 11, the service providing device 12 sends a user signature certificate or the like to the certificate authority device 13. Inquiries about revocation information of authentication certificates, information associated with signature certificates and authentication certificates. The serial number written in the user authentication certificate is stored and used as identification information when creating an account.

  However, in a signature certificate or authentication certificate used in a specific field such as an electronic government, the signature certificate or authentication certificate may be handled as confidential information. In that case, there are cases where organizations that can acquire information related to the certificate such as information described in the certificate, certificate revocation information, and certificate association information may be limited.

  Therefore, in the fourth embodiment, the joint signature verification device 15 acts as a proxy for the inquiry to the certificate authority device 13 and authentication information so that the service providing device 12 cannot acquire and store information on the certificate for a long period of time. Perform generation.

  Hereinafter, an embodiment of the present invention in Example 4 will be described in detail with reference to the drawings.

FIG. 5 is a diagram illustrating the configuration of the user identification / authentication system according to the fourth embodiment. In addition to the configuration of the user identification / authentication system according to the first embodiment illustrated in FIG. 1, a joint signature verification device 15 that performs digital signature verification and authentication information verification is added in response to a request from the service providing device 12. Yes.

  The service providing apparatus 12 according to the fourth embodiment will be described with reference to FIG.

  The service providing apparatus 12 according to the fourth embodiment includes an identity verification request unit 310 instead of the electronic signature verification unit 32 and the authentication certificate information acquisition unit 33 illustrated in FIG. Further, instead of the identification unit 34 and the authentication information verification unit 35, an identification / authentication request unit 311 is provided.

  Next, the joint signature verification apparatus 15 will be described with reference to FIG.

  The joint signature verification device 15 communicates with other devices via the network 14 by the processing unit 50a, the storage unit 50b, the input / output unit 50c that receives instructions from the operator of the joint signature verification device 15, and the like. Communication unit 50d.

  The processing unit 50a receives an identity verification request from the service providing apparatus 12, and verifies the electronic signature of the user, and an authentication certificate associated with the signature certificate used for the electronic signature. ID information for the service providing device 12 is received from the serial number of the authentication certificate of the user in response to the identification / authentication request from the authentication providing device 52 and the service providing device 12. And an electronic signature generation unit 22 that implements an electronic signature on the service use application generated by the service application unit 21 and an authentication information verification unit 54 that verifies user authentication information.

  The storage unit 50b holds a certification authority certificate holding unit 55 that holds a certification authority certificate for verifying the result of inquiring the certification authority device 13, and certification authority connection information that describes the address of the certification authority device 13 and the like. And an identification information holding unit 57 that holds information for converting the serial number of the authentication certificate into authentication information for the service providing apparatus.

  Next, with reference to FIG. 18, the service providing apparatus 12 that has received the service use application from the terminal apparatus 11 makes an inquiry to the joint signature verification apparatus 15 to create a user account. . In FIG. 18, only normal processing is described.

When the identity verification request unit 310 of the service providing apparatus 12 receives the service use application, electronic signature, and signature certificate from the terminal device 11 (step S701), the common part of the service use application is extracted (step S702). ). Here, the service use application form is necessary for the service of each service providing apparatus 12 and the services of all the service providing apparatuses 12 such as the unique part in which the information necessary for the service is described and the name and address. It is assumed that the information is divided into common parts and an electronic signature is applied to each.

The identity verification request unit 310 of the service providing apparatus 12 uses the electronic signature applied to the common part, the verification of the signature certificate, and the authentication associated with the signature certificate to the joint signature verification apparatus 15. A certificate serial number is requested (step S703). When receiving the electronic signature, the signature certificate verification request, and the authentication certificate serial number request (step S704), the electronic signature verification unit 51 of the joint signature verification apparatus 15 receives the electronic signature and the signature certificate. Conduct verification (
Step S705). At that time, the authentication certificate information acquisition unit 52 of the joint signature verification device 15 acquires the address of the certificate authority device 13 that issued the authentication certificate received in step S704 from the certificate authority connection information holding unit 56. Then, an inquiry is made to the certificate authority device 13 to check the validity of the signature certificate. If the signature certificate is valid, the authentication certificate information acquisition unit 52 inquires the certificate authority 13 and acquires the serial number of the authentication certificate associated with the signature certificate (step S706). ). As shown in the third embodiment, it is possible to simultaneously check the validity of the signature certificate and inquire about the serial number of the authentication certificate associated with the signature certificate to the certificate authority device 13.

Subsequently, the authentication certificate information acquisition unit 52 generates user identification information including the serial number of the authentication certificate and the name of the certificate authority that issued the authentication certificate, and stores the identification information in the identification information holding unit 57. (Step S707). The electronic certificate verification unit 51 of the joint signature verification apparatus 15 adds the electronic signature to the electronic signature, the verification result of the signature certificate, and the identification information of the user, and transmits the electronic signature to the service providing apparatus 12 (step S708).

Upon receiving the electronic signature, the signature certificate verification result, and the user identification information, the identity verification request unit 310 of the service providing apparatus 12 verifies the electronic signature of the joint signature verification apparatus and confirms that the result is reliable. Confirmation is made (step S709). Further, the account management unit 31 of the service providing apparatus 12 generates an account including the user identification information generated by the joint signature verification apparatus 15 and stores it in the account information holding unit 37 (step S710).

  Next, FIG. 19 is used to show processing when the service providing apparatus 12 that has received a service request from the terminal apparatus 11 makes an inquiry to the joint signature verification apparatus 15 to provide the service requested by the user. . In FIG. 19, only normal processing is described.

When the authentication / identification request unit 311 of the service providing device 12 receives the authentication information and the authentication certificate from the terminal device 11 (step S801), the joint signature verification device 15 uses the authentication information and the authentication certificate. Authentication and identification of the person is requested (step S802). When the identification unit 53 of the joint signature verification device 15 receives the user authentication and identification request (step S803),
Authentication information associated with the serial number of the authentication certificate is acquired from the identification information holding unit 57 (step S804). Further, the authentication information verification unit 54 verifies the authentication information and the authentication certificate (step S805). At that time, the joint signature verification device 15 acquires the address of the certificate authority device 13 that issued the certificate received in step S803 from the certificate authority connection information holding unit 56, and makes an inquiry to the certificate authority device 13. Check the validity of the authentication certificate. As shown in the second embodiment, when the authentication certificate has been updated, the certificate authority 13 is inquired about the history information of the authentication certificate, and the authentication certificate before the update is obtained. It is also possible to acquire the information. Further, as shown in the third embodiment, it is possible to simultaneously check the validity of the authentication certificate and inquire about the history information of the authentication certificate with respect to the certificate authority device 13.

  Subsequently, the identification unit 53 of the joint signature verification apparatus 15 adds an electronic signature to the result of user authentication and identification, and transmits the result to the service providing apparatus 12 (step S806).

Upon receiving the user authentication and identification result, the authentication / identification request unit 311 of the service providing apparatus 12 verifies the digital signature of the joint signature verification apparatus and confirms that the result is reliable (step S807). . Further, the service providing unit 36 of the service providing apparatus 12 uses the identification information included in the result received in step S807 to refer to the account management database 70 to search for an account allocated to the user, and is requested. The service is provided (step S808).

As described above, the fourth embodiment has been described. According to the above-described embodiment, the service providing apparatus 12 obtains information related to a certificate and verifies an electronic signature or authentication information without storing it for a long period of time. Identification information can be generated and managed.

11 ¹ , 11 ^m ... Terminal device, 12 ¹ , 12 ^k ... Service providing device, 12 ¹ , 12 ^n.
Certificate authority device, 14... Network, 15... Joint signature verification device, 20a, 30a
, 40a, 50a ... processing unit, 20b, 30b, 40b, 50b ... storage unit, 20c
, 30c, 40c, 50c ... input / output unit, 20d, 30d, 40d, 50d ... communication unit, 21 ... service application unit, 22 ... digital signature generation unit, 23 ... service request unit 24 ... Authentication information generation unit 25 ... Service execution unit 26 ... Certificate / key holding unit 27 ... Service providing destination information holding unit 31 ... Account management unit 32. ..Electronic signature verification unit 33 ... Authentication certificate information acquisition unit 34 ... Identification unit 35 ... Authentication information verification unit 36 ... Service provision unit 37 ... Account information holding , 38... Certificate Authority Certificate Holding Unit, 39... Certificate Authority Connection Information Holding Unit, 310... Identity Confirmation Request Unit, 311... Identification / Authentication Request Unit, 41. Part, 42... Certificate issuing part, 43
... Revocation information providing unit, 44 ... Linking information providing unit, 45 ... Certificate holding unit,
.. Issuing destination management information holding unit 47... Revocation information holding unit 48... Association information holding unit 51... Electronic signature verification unit 52. ... Identification part, 54 ... Authentication information verification part, 55 ... Certificate authority certificate holding part, 56 ... Certificate authority connection information holding part, 57 ... Identification information holding part, 60 ... Internal communication line 61... CPU, 62.
Memory 63 ... External storage device 64 ... Communication device 65 ... Input device 66
..Output device, 67... Reading device, 68... Portable storage medium.

Claims (7)

A storage device for storing information for identifying the authentication certificate for each generation;
Receiving a request for information specifying an authentication certificate one generation before the authentication certificate, including information specifying the authentication certificate from an electronic computer;
Based on the information for specifying the received authentication certificate and the information in the storage device, obtain information for specifying the authentication certificate for the previous generation,
A processing device for transmitting the acquired information to the electronic computer;
Comprising
A certificate authority apparatus characterized by that. A storage device for storing certificate revocation information, and information for linking a signature certificate and an authentication certificate;
From the electronic computer, a request for checking the validity of the signing certificate including the signing certificate and a request for information on the authentication certificate associated with the signing certificate are received.
Referring to the storage unit, the validity of the signing certificate is confirmed, and the requested authentication certificate information is obtained.
A result of the confirmation, and a processing device for transmitting the acquired information to the electronic computer;
Comprising
A certificate authority apparatus characterized by that. A storage device for storing information for identifying an authentication certificate;
Receiving the authentication certificate from the terminal device;
Obtaining information for identifying the authentication certificate from the authentication certificate;
If the acquired information is not in the storage device, request the certificate authority device for information identifying the authentication certificate one generation before the received authentication certificate,
Receiving information identifying the certificate for the previous generation from the certificate authority device;
When the received information is in the storage device, the processing device updates the corresponding information in the storage device to information specifying the acquired authentication certificate;
Comprising
A certificate renewal device. By the certificate authority device,
Receiving a request for information specifying an authentication certificate one generation before the authentication certificate, including information specifying the authentication certificate from an electronic computer;
Based on the information for specifying the received authentication certificate and the information for specifying the authentication certificate for each generation stored in the storage device, the information for specifying the authentication certificate for the previous generation is acquired. And
Sending the acquired information to the electronic computer;
Certificate management method characterized by the above. By the certificate authority device,
Receiving a validity check request for the signature certificate including the signature certificate from the electronic computer;
Based on the certificate revocation information stored in the storage unit, check the validity of the signing certificate,
Sending the result of the confirmation to the computer;
Receiving a request for authentication certificate information associated with the received signature certificate from the electronic computer;
Based on the request and the association information of the signature certificate and the authentication certificate stored in the storage unit, the information of the requested authentication certificate is acquired,
Sending the acquired information to the electronic computer;
Certificate management method characterized by the above. By the certificate authority device,
From the electronic computer, a request for verifying the validity of the signing certificate including the signing certificate and a request for information on the authentication certificate associated with the signing certificate are received.
Based on the certificate revocation information stored in the storage unit and the linking information between the signing certificate and the authentication certificate, the validity check of the signing certificate and the requested authentication are performed. Obtain certificate information,
Transmitting the result of the confirmation and the acquired information to the electronic computer;
Certificate management method characterized by the above. By computer
Receive authentication certificate from terminal device,
Obtaining information for identifying the authentication certificate from the authentication certificate;
If the acquired information is not in the storage device, request the certificate authority device for information identifying the authentication certificate one generation before the received authentication certificate,
Receiving information identifying the certificate for the previous generation from the certificate authority device;
When the received information is in the storage device, the corresponding information in the storage device is updated to information for specifying the acquired authentication certificate.
Certificate management method characterized by the above.

Images