JP6005232B1 - Recovery system, server device, terminal device, recovery method, and recovery program - Google Patents

Abstract

A key recovery method with excellent convenience is provided to a user. A recovery system includes a user terminal, a proxy device, and an authentication server. The user terminal issues a pair of secret key K10 and public key K11 corresponding to the authentication process of the user U01, and transmits the public key K11 used for verification of the signature generated by the user terminal 10 to the authentication server S4. At the same time, the authentication information for recovery used to authenticate the user U01 is transmitted to the proxy device that authenticates the identity of the user U01 (S5). The proxy device verifies the signature generated by using the secret key K50 together with the secret key K50 that is a key for signing the result of authentication by the proxy device and the public key K51 to be paired. The public key K51 used is transmitted to the authentication server that verifies the signature S7. The authentication server registers the public key K11 of the terminal and the public key K51 for recovery in association with each other (S8). [Selection] Figure 1A

Description

  The present invention relates to a recovery system, a server device, a terminal device, a recovery method, and a recovery program.

  In recent years, communication networks have become widespread, and services via networks are actively provided. For example, a user logs in to a service provided via a network using a communication terminal device and uses the service. In this case, the user is required to authenticate himself / herself when using the service. For example, when logging in to a service, it is common practice to perform identity authentication using an electronic signature, an encryption key, or the like.

  Here, as a technique for personal authentication in a network, a technique related to a key recovery method for securely storing key information previously issued to a legitimate user is known (for example, Patent Document 1).

JP 2001-268067 A

  However, with the above-described conventional technology, it is difficult to provide a user with excellent recovery. For example, it is desirable for the user that the user authentication means is recovered as quickly as possible and in a highly secure manner when the user authentication means for a predetermined service is restricted for some reason.

  The present application has been made in view of the above, and an object thereof is to provide a recovery system, a server device, a terminal device, a recovery method, and a recovery program capable of providing a user with a highly convenient recovery. .

  The recovery system according to the present application includes a first terminal device, a second terminal device, and an authentication server, and the first terminal device is used for verifying a signature generated by the first terminal device. The transmitting unit that transmits the first key to the authentication server and transmits information used for authentication of the user to a predetermined authentication device that authenticates the identity of the user, and the registration unit includes authentication by the authentication device A third key used for verifying the signature generated using the second key and registering the second key used for generating the signature for the result of A registration unit that registers the signature in an authentication server that verifies the signature, and the authentication server includes a storage unit that stores the first key and the third key in association with each other. The terminal device transmits the user to the authentication device. An authentication control unit that causes the authentication server to transmit the authentication result and a signature attached to the authentication result transmitted by the authentication control unit using the key of 3 And a requesting unit that requests recovery of information related to the first key.

  According to one aspect of the embodiment, there is an effect that it is possible to provide the user with excellent recovery.

FIG. 1A is a diagram (1) illustrating an example of a recovery process according to the embodiment. FIG. 1B is a diagram (2) illustrating an example of the recovery process according to the embodiment. FIG. 2 is a sequence diagram (1) illustrating the authentication method according to the embodiment. FIG. 3 is a sequence diagram (2) illustrating the authentication method according to the embodiment. FIG. 4 is a diagram illustrating a configuration example of the recovery system according to the embodiment. FIG. 5 is a diagram illustrating a configuration example of a user terminal according to the embodiment. FIG. 6 is a diagram illustrating an example of the authenticator storage unit according to the embodiment. FIG. 7 is a diagram illustrating an example of the proxy authenticator storage unit according to the embodiment. FIG. 8 is a diagram illustrating a configuration example of the proxy device according to the embodiment. FIG. 9 is a diagram illustrating a configuration example of the authentication information storage unit according to the embodiment. FIG. 10 is a diagram illustrating a configuration example of the authentication server according to the embodiment. FIG. 11 is a diagram illustrating an example of a registration information storage unit according to the embodiment. FIG. 12 is a diagram illustrating an example of the recovery information storage unit according to the embodiment. FIG. 13 is a sequence diagram illustrating a processing procedure according to the embodiment. FIG. 14 is a diagram illustrating a configuration example of a recovery system according to a modification. FIG. 15 is a hardware configuration diagram illustrating an example of a computer that realizes the function of the user terminal.

  Hereinafter, a mode for carrying out a recovery system, a server device, a terminal device, a recovery method, and a recovery program according to the present application (hereinafter referred to as “embodiment”) will be described in detail with reference to the drawings. The recovery system, server device, terminal device, recovery method, and recovery program according to the present application are not limited by this embodiment. In addition, the embodiments can be appropriately combined within a range that does not contradict processing contents. In the following embodiments, the same portions are denoted by the same reference numerals, and redundant description is omitted.

[1. Example of recovery process)
First, an example of recovery processing according to the embodiment will be described with reference to FIGS. 1A and 1B. 1A and 1B, the authentication server 100 once authenticates by the recovery system 1 including the user terminal 10 corresponding to the terminal device according to the present application, the authentication server 100 corresponding to the server device according to the present application, and the proxy device 50. An example is shown in which a recovery process for recovering information (for example, account information for using a predetermined service) related to authentication of the user U01 is performed. These various apparatuses are communicably connected by wire or wireless via a predetermined network (for example, the Internet).

FIG. 1A is a diagram (1) illustrating an example of a recovery process according to the embodiment. In the example of Figure 1A, user terminal 10 ₁ is an information processing terminal that is utilized by the user U01. The user U01, using the user terminal 10 _1, services provided via the network, for example, to use a service provided from the web server. In Figure 1A, user terminal 10 ₁ is, for example, a smart phone. The description in the following, may be referred to the user terminal 10 ₁ and the user U01. That is, in the following, can be alternatively user U01 with the user terminal 10 _1.

Proxy device 50 is an information processing apparatus on behalf of the predetermined processing by the user terminal 10 ₁ is performed. Note that the proxy device 50 may be a terminal device to be handled by individuals as the user terminal 10 _1, may be a server device managed by a predetermined administrator.

The authentication server 100 obtains the information transmitted from the user terminal 10 ₁ is a server apparatus that performs authentication of the user U01 based on the acquired information. And information the authentication server 100 acquires, for example by using the biometric authentication device or the like, information indicating that the user terminal 10 ₁ side is proved user using the user terminal 10 ₁ is the user U01 person . The authentication server 100 authenticates the user U01 himself by processing the acquired information according to a specific authentication procedure. Then, the authentication server 100, information indicating that the user utilizing the user terminal 10 ₁ is authenticated as a user U01 (hereinafter, referred to as "authenticated information") is generated. The user terminal 10 _1, by the authenticated information generated by the authentication server 100 is sent to the various services (web server, etc.), and log in to various services, usage and service ID issued for each service, It is possible to use services that require personal authentication, such as payment via a network.

(About the authentication method of the authentication server 100)
Here, prior to the description of the recovery processing realized in the present application, a method in which the authentication server 100 authenticates a user who uses a predetermined information processing terminal (hereinafter referred to as “client 20”) is shown in FIG. This will be described with reference to FIG.

  The authentication server 100 employs an authentication method based on a so-called public key cryptosystem that ensures the certainty of information by verifying a public key and a secret key issued in advance in the authentication of the client 20. That is, the authentication server 100 performs authentication based on a public / private key pair issued to each authenticator included in the client 20. The authenticator refers to a function (or a device having the function) for the client 20 to perform personal authentication locally. The local authentication refers to authentication performed in a situation where connection to a wide area network (external network) such as the Internet is not required, for example, authentication performed using a function provided in the client 20. The authenticator accepts registration in advance for information that can authenticate the user himself / herself, such as the user's biometric information. And at the time of authentication, the authenticator accepts input of biometric information and the like from the user, and authenticates the person based on the collation result between the registered data and the input data. Specifically, the authenticator includes a fingerprint authenticator, an iris authenticator, a voiceprint authenticator, and the like. The authenticator may be realized by software installed in the client 20 or may be realized by hardware existing within a range connected to the client 20 via a LAN (Local Area Network). That is, the authenticator includes hardware that cooperates with the client 20 by being directly connected to an interface provided in the client 20, for example, not via a wide area network such as the Internet. Thus, the authenticator can be read as an authentication function that functions on the client 20 side, or an authentication means.

  First, a procedure in which the authentication server 100 registers the client 20 as an authentication target will be described. FIG. 2 is a sequence diagram (1) illustrating the authentication method according to the embodiment. FIG. 2 shows a flow of processing for registering the client 20 to be authenticated by the authentication server 100 prior to the authentication processing.

  The client 20 accesses the authentication server 100 and requests registration of the authenticator (step S21). The authentication server 100 requests authentication by the authenticator in response to the request transmitted from the client 20 (step S22).

  The user who uses the client 20 operates the authenticator that requested registration to the authentication server 100, and executes authentication by the authenticator locally (step S23). For example, when a user selects a fingerprint authentication device as an authentication device used for authentication, the user performs authentication processing by holding a finger over a predetermined location. The authenticator collates the registration data in the authenticator with the data input from the user. When the authenticator can confirm that the user is a legitimate user, the authenticator issues a public key and a secret key corresponding to the authentication process (step S24). Then, the client 20 stores the issued secret key in the client 20 and transmits a public key paired with the secret key to the authentication server 100 (step S25). The authentication server 100 receives the public key from the client 20, and stores the public key in association with the authenticator (step S26). In principle, the secret key in the client 20 is stored in an area where access is not accepted, and access is not permitted unless local authentication by the registered authenticator succeeds. As a result, registration of the authenticator included in the client 20 to the authentication server 100 is completed.

  Next, FIG. 3 will be described. FIG. 3 is a sequence diagram (2) illustrating the authentication method according to the embodiment. FIG. 3 shows a processing flow in a scene where the authentication process is actually requested to the authentication server 100 when the client 20 uses the service.

  The client 20 requests the authentication server 100 to access a predetermined access restricted service (step S31). Such a request may be transmitted via, for example, a web server that provides a service via a network. That is, the user may be required to authenticate himself / herself from the connected web server in the process of using the service. In this case, when the user declares that the user authentication is to be performed, the information is transmitted from the client 20 or the connection destination web server to the authentication server 100.

  The authentication server 100 that has received the request requests the client 20 to perform authentication using a pre-registered authenticator (step S32). The user of the client 20 that has accepted the request executes local authentication using a pre-registered authenticator (step S33).

  When the authentication by the authenticator is successful, that is, when the personal authentication is confirmed locally, the user can access the secret key stored in the client 20. Then, the client 20 generates a signature (predetermined hash value) for information related to the authentication result, using a secret key that can be accessed only by a user who is recognized as an authorized user by the authenticator. In other words, the client 20 generates signed information using a secret key that has been issued in advance (step S34). Information generated in this manner is referred to as “authentication result information” in the present application.

  Subsequently, the client 20 transmits the generated authentication result information using a specific authentication procedure (details will be described later) defined with the authentication server 100 (step S35). The authentication server 100 verifies the signature attached to the transmitted authentication result information using the public key paired with the secret key (step S36). That is, the authentication server 100 verifies that the authentication result information is not falsified, in other words, whether the authentication result information is generated with an appropriate secret key. In this way, the authentication server 100 confirms that the authenticator to be authenticated has an appropriate secret key. If this confirmation can be made, the authentication server 100 authenticates that the user who uses the client 20 is a legitimate user based on the authentication result information. Then, the authentication server 100 indicates that it has been authenticated, and transmits information (authenticated information) indicating that authentication has been made, including the information of the service requested for access in step S31, to the client 20 (step S37). . The information indicating that the authentication has been performed is, for example, an authentication cookie.

  As described above, according to the above-described authentication method, the client 20 does not have to transmit information used for authentication such as a password and a service ID, which are often used for general authentication, to the network. That is, the information transmitted from the client 20 is only information indicating a local authentication result, and even if a third party intercepts the information transmitted from the client 20, the third party uses the intercepted information. I can't. Therefore, it can be said that the authentication method employed by the authentication server 100 is a highly secure method. Further, according to the authentication method employed by the authentication server 100, the user does not need to memorize the password, so the burden on the user can be reduced.

  Furthermore, as described above, the authentication server 100 uses a specific authentication procedure defined with the client 20 in the processing of the authentication result information transmitted from the client 20. The specific authentication procedure is an authentication procedure defined between the authentication server 100 and the client 20, and can be read as a protocol related to communication. For example, the authentication server 100 uses a protocol such as UAF (Universal Authentication Framework) or U2F (Universal Second Factor). Thereby, the communication between the authentication server 100 and the client 20 is ensured with higher security.

  As described with reference to FIG. 2 and FIG. 3, when communication is established between the authentication server 100 and the authenticator of the client 20 using an authentication method based on a public key encryption method using a specific protocol. The client 20 can authenticate the authentication server 100 without transmitting authentication information such as a password to the network.

  However, the recovery process may be difficult in the above-described method. Usually, in the case of an authentication method using a password or the like, correct data of the password is held on the server side that performs authentication. For this reason, even if the user forgets the password, it is possible to return information related to authentication (for example, account information of a predetermined service) by contacting the administrator on the server side. However, in the above-described authentication method, correct data itself used for authentication is held in the client 20. A secret key for signing the authentication result is also held in the client 20. For this reason, for example, when the user loses the client 20 or is stolen, unauthorized authentication can be prevented, but the user is difficult to recover information related to authentication. This is because the user cannot be authenticated by the authentication server 100 unless there is a secret key for exchanging with the authentication server 100.

  Therefore, the user terminal 10 corresponding to the terminal device according to the present application performs a process corresponding to the above-described authentication method and capable of recovering information related to authentication when an unexpected situation occurs. . Hereinafter, returning to the description of FIG. 1A and FIG. 1B, an example of recovery processing according to the present application will be described along the flow.

(Recovery process flow)
In the example shown in FIG. 1A, the user U01 is for using a predetermined service by using the user terminal 10 ₁ is intended to desired authentication processing by the authentication server 100. As described above, when receiving authentication by the authentication server 100, the user U01 needs to register an authenticator capable of performing personal authentication locally in the authentication server 100. Here, the user U01 is intended to the authentication server 100 registers the fingerprint authentication device included in the user terminal 10 _1. In the example shown in FIG. 1A, the fingerprint authentication device is an authentication function that is implemented within a user terminal 10 _1, for example, it is realized by such an application installed in the user terminal 10 ₁ (app).

In the example shown in FIG. 1A, the user U01 requests the authentication server 100 to register an authenticator (step S01). Authentication server 100 responds to the authenticator of the registration request, it requests the authentication by the authentication device to the user terminal 10 ₁ (step S02).

The user U01, using the fingerprint authentication device included in the user terminal 10 _1, authenticates the user U01. Then, the user terminal 10 ₁ is a key corresponding to the user authentication process U01, issues a public key K11 and a secret key K10 in the pair (step S03). Then, the user terminal 10 ₁ holds the private key K10, and transmits the public key K11 to the authentication server 100 (step S04). The authentication server 100 registers the public key K11 in a predetermined storage area.

In the future, a user authentication process U01 by the fingerprint authentication device having the user terminal 10 ₁ is performed, if the authentication result information is transmitted to the authentication server 100, authentication server 100, the authentication result using the public key K11 Information Verify the signature of That is, the authentication server 100 confirms that the transmitted authentication result information is signed using the secret key K10. Thus, the authentication server 100 authenticates the user using the user terminal 10 ₁ is the user U01.

As described above, the user U01, by registering the fingerprint authentication device included in the user terminal 10 _1, consisting of the authentication server 100 to be authenticated. Then, the user U01 performs the following process on the proxy device 50 for the recovery of the authentication process together with the registration of the fingerprint authenticator in the authentication server 100.

  The user U01 performs processing for causing the authentication server 100 to handle the proxy device 50 as an authenticator. In other words, the user U01 performs registration so that the proxy device 50 can act as an authentication device as an alternative to the fingerprint authentication device that has registered with the authentication server 100.

First, the user U01 transmits authentication information for recovery to the proxy device 50 (step S05). The authentication information for recovery is information used for authenticating the identity of the user U01. The authentication information for recovery may be any information as long as it is identification information that can identify the user U01. For example, the authentication information may be biometric information of the user U01, identification information of a SIM card (Subscriber Identity Module Card) with which the user U01 has contracted with a communication line provider, an arbitrary card number owned by the user U01, etc. It may be. Here, the user U01 is assumed that the information identifying the user terminal 10 ₁ of the SIM card as the authentication information for recovery.

Proxy device 50 receives the authentication information for recovery from the user terminal 10 _1. Then, the proxy device 50 functions as an authenticator that authenticates the user U01 by using the received authentication information for recovery as correct data for authenticating the user U01. In other words, when viewed from the authentication server 100, the proxy device 50 behaves like an authenticator that authenticates the user U01 locally.

  As in step S03, the proxy device 50 issues a secret key K50, which is a key for signing the authentication result obtained by authenticating the user U01 using the recovery authentication information, and a public key K51 paired with the secret key K50. (Step S06).

Then, the proxy device 50 transmits the public key K51 issued to the authentication server 100 (step S07). Note that the effect of registering the proxy device 50 as the authentication device to the authentication server 100 request may be sent by the user terminal 10 _1, it may be transmitted from the proxy apparatus 50.

Then, the authentication server 100, the public key K11, which is transmitted from the user terminal 10 _1, and the public key K51, which is transmitted from the proxy apparatus 50 is registered in association with the user U01 are the same authenticated (step S08 ). Thereby, the registration process to the authentication server 100 is completed for the authenticator that authenticates the user U01.

Next, the process flow of FIG. 1B will be described. FIG. 1B is a diagram (2) illustrating an example of the recovery process according to the embodiment. Figure 1B is the user terminal 10 ₁ a different terminal, the user terminal 10 ₂ to be used by the user U01 has shows the processing when requesting the authentication process to the authentication server 100. For example, the situation shown is FIG. 1B, disposed of user terminal 10 ₁ by the user U01 outdated, and the like newly situation who bought user terminal 10 _2. In this case, since the private key K10 is stored in the internal user terminal 10 _1, the user terminal 10 ₂ can not obtain the private key K10. That is, the user terminal 10 ₂ will be from the authentication server 100 does not have a means for receiving authentication.

For example, the user U01 is assumed to have been authenticated by the fingerprint authentication device included in the user terminal 10 ₁ is to log in a given service. In this case, the user U01, since it has lost the private key K10, than from the user terminal 10 _2, it is impossible to carry out the authentication process to the authentication server 100. For this reason, the user U01 desires to recover information that cannot be used unless authentication is performed, such as a personal account used in a predetermined service. In other words, the user U01 desires to recover the authority obtained when the user U01 is authenticated by the authentication server 100. Therefore, the user U01 requests the authentication server 100 to recover information related to authentication (step S11).

  In response to the recovery request, the authentication server 100 requests the user U01 for personal authentication (step S12). That is, the authentication server 100 requests information that proves the identity of the user U01 when recovering the information related to the authentication of the user U01.

Therefore, the user U01 has an authentication information that the user terminal 10 ₁ had been registered in the proxy apparatus 50, and transmits from the user terminal 10 ₂ (step S13). For example, the user U01 transmits the identification information of the SIM card inherited from the user terminal 10 ₁ to the user terminal 10 ₂ to the proxy device 50.

Proxy device 50, based on the information transmitted from the user terminal 10 _2, authenticates the user U01 (step S14). Then, the proxy device 50 generates authentication result information by attaching a signature to the authentication result using the secret key K50. The proxy device 50 transmits the generated authentication result information to the authentication server 100 (step S15).

  The authentication server 100 receives the authentication result information transmitted from the proxy device 50. Then, the authentication server 100 verifies the signature attached to the authentication result information using the public key K51 corresponding to the secret key K50. Then, the authentication server 100 confirms that the signature is not falsified, that is, that the user U01 is definitely authenticated by the proxy device 50.

Then, the authentication server 100, in the case of performing the verification processing by the public key K51, identified based on the public key K11 that is associated with the public key K51, the user U01 of the user terminal 10 ₂ side that has transmitted the public key K11 (Step S16). This particular, the authentication server 100 treats as personal authentication is requested to the user terminal 10 ₂ was confirmed. Then, the authentication server 100, information that is verified by the public key K11 has been performed, i.e., to recover the information relating to authentication by the authentication has been performed by the user terminal 10 _1. The authentication server 100 transmits the effect that is recovered to the user terminal 10 ₂ (step S17). The authentication server 100, after recovering the information about the user U01, with respect to the authentication performed by the user terminal 10 ₂ future, may be accepted registration of a new authenticator from the user terminal 10 _2. That is, authorization server 100, if the signature generated by the user terminal 10 ₁ is verified by the public key K11, in other words, that if the user U01 has been authenticated to the authentication server 100, have been found in the user U01 the recover the user terminal 10 _2, recover the authority may be delegated to the authentication device to be newly registered. This is because the recovery system 1 recovers information related to the user U01 (including the account information of the user U01, the user ID for each service, the password information set for the service by the user U01, etc.) and new authentication. It may be performed by associating such information with the key reissued by the device.

Thus, in the process of recovery system 1 performs, the user terminal 10 ₁ it is to register a private key K50 to be used in generating a signature for the result of the authentication by the proxy device 50 to the proxy device 50. The user terminal 10 _1, the public key K51 used to verify a signature generated using the private key K50, it is registered in the authentication server 100 to verify the signature. Then, the user terminal 10 _2, and transmits the authentication information the proxy device 50 is information used to authenticate the user U01 in proxy device 50, to authenticate the user U01. Then, the user terminal 10 ₂ is generated based on the transmitted authentication information signature, if it is verified by the authentication server 100 using the public key K51, the public key K11 that has been registered in advance in the authentication server 100 Request recovery of associated information.

  That is, according to the recovery system 1, the public key K11 registered in advance and the recovery public key K51 are stored in association with each other. Since the public key K11 is a key issued by an authenticator registered through a specific authentication procedure by the authentication server 100, the key is trusted as a means for authenticating the user. Since the public key K51 is requested to be issued from the terminal that issued the public key K11, it can be said that the public key K51 has the same reliability as the public key K11. Therefore, if the authentication server 100 can issue a signature that can be verified with any public key, the authentication server 100 trusts the authenticator (terminal) that issued the signature and trusts the user authenticated by the authenticator. it can. In this way, the authentication server 100 can recover information based on a request from a trusted user. In addition, by registering a recovery authenticator in advance, the user who handles the terminal can use the new terminal to perform the previous authentication even if an unexpected situation occurs, such as when the terminal is replaced or lost. The information about can be recovered quickly. Thus, according to the recovery system 1, it is possible to ensure safety and provide a user with excellent recovery.

In the example of FIGS. 1A and 1B, the user U01 transmits the SIM card identification information as the recovery authentication information. In this case, the user U01 may transmit authentication information that needs to undergo multi-factor authentication in order to improve safety. For example, the user U01 is to set a password or together with the identification information of the SIM card, configure the like may be appropriately performed which can not be accessed proxy device 50 to be inserted the hardware key to the user terminal 10 _2.

[2. Recovery system configuration)
Next, the configuration of the recovery system 1 will be described with reference to FIG. FIG. 4 is a diagram illustrating a configuration example of the recovery system 1 according to the embodiment. As illustrated in FIG. 4, the recovery system 1 according to the embodiment, the user terminal 10 _1, the user terminal 10 _2, a proxy device 50 includes an authentication server 100. These various devices are communicably connected via a network N by wire or wireless. Note that the number of devices included in the recovery system 1 illustrated in FIG. 4 is not limited to the illustrated number.

The user terminal 10 ₁ and 10 _2, for example, and a desktop-type PC (Personal Computer), or a notebook PC, a and tablet devices, cellular phone including a smart phone, an information processing terminal such as a PDA (Personal Digital Assistant). In the following description, when it is not necessary to distinguish between the user terminals 10 ₁ and 10 _2, they are described as “user terminal 10”.

  The user terminal 10 may also include a wearable device that is an eyeglass-type or clock-type information processing terminal. Furthermore, the user terminal 10 may include various smart devices having an information processing function. For example, the user terminal 10 may include a smart home appliance such as a TV (television), a refrigerator, and a vacuum cleaner, a smart vehicle such as an automobile, a drone, and a home robot.

  The user terminal 10 includes an authenticator. For example, when the user terminal 10 is a smartphone, the authenticator is realized by an application installed on the smartphone. The authentication device may be an independent device, for example, a fingerprint authentication device connected to a USB interface of a notebook PC.

  The proxy device 50 is an information processing device that proxy the processing of the user terminal 10. For example, the proxy device 50 receives information for authenticating the user U01 using the user terminal 10, and proxy the process of authenticating the user U01 based on the information. In other words, the proxy device 50 proxy the processing of the authentication device provided in the user terminal 10. The proxy device 50 may be a terminal other than the user terminal 10 among terminals used by the user U01.

  The authentication server 100 is a server device that performs user authentication of a user who uses the user terminal 10. The authentication server 100 receives the authentication result information transmitted from the user terminal 10 or the proxy device 50, and verifies the signature using the public key corresponding to the private key that signed the authentication result information. When the authentication server 100 verifies the signature, the user who uses the user terminal 10 is handled as having been authenticated by the authentication server 100. Thereby, the user can use a limited service provided by a web server or the like.

  Note that the authentication server 100 may communicate with a web server that provides various web pages. The web server is a server device that provides various web pages when accessed from the user terminal 10. The web server provides various web pages related to, for example, a news site, a weather forecast site, a shopping site, a finance (stock price) site, a route search site, a map providing site, a travel site, a restaurant introduction site, and a web blog.

  A web server may require user authentication for providing a service. In this case, the authentication server 100 accepts a request for authentication of the user who uses the user terminal 10 from the web server. For example, when the web server provides a settlement service, if the authentication server 100 does not authenticate that the user using the user terminal 10 is definitely the user U01 himself, the web server performs the settlement service by the user terminal 10. Execution can be restricted. On the other hand, when the web server receives information indicating that the authentication server 100 has authenticated the user U01 from the user terminal 10 or the authentication server 100, the user using the user terminal 10 is the user U01. And trust. In this case, the web server can also accept operations that are not permitted unless after personal authentication, such as payment by the user terminal 10. Note that the authentication server 100 may also function as a web server as described above.

[3. Configuration of user terminal]
Next, the configuration of the user terminal 10 according to the embodiment will be described with reference to FIG. FIG. 5 is a diagram illustrating a configuration example of the user terminal 10 according to the embodiment. As illustrated in FIG. 5, the user terminal 10 includes a communication unit 11, an input unit 12, a display unit 13, a detection unit 14, a storage unit 15, and a control unit 16. Note that the connection relationship between the processing units included in the user terminal 10 is not limited to the connection relationship illustrated in FIG. 5, and may be another connection relationship.

(About the communication unit 11)
The communication unit 11 is connected to the network N by wire or wireless, and transmits / receives information to / from the authentication server 100, the web server, and the like. For example, the communication unit 11 is realized by a NIC (Network Interface Card) or the like.

(About the input unit 12)
The input unit 12 is an input device that receives various operations from the user. For example, the input unit 12 is realized by an operation key or the like provided in the user terminal 10. The input unit 12 may include an imaging device (such as a camera) for capturing an image and a sound collection device (such as a microphone) that collects sound.

(About display unit 13)
The display unit 13 is a display device for displaying various information. For example, the display unit 13 is realized by a liquid crystal display or the like. In addition, when a touch panel is employ | adopted for the user terminal 10, a part of input part 12 and the display part 13 are integrated.

(About the detector 14)
The detection unit 14 detects an operation on the user terminal 10, an environment in the user terminal 10, and the like. Specifically, the detection unit 14 detects the operation of the user U01 with respect to the user terminal 10, position information on the location of the user terminal 10, information regarding devices connected to the user terminal 10, and the like. The detection unit 14 may detect the above information using, for example, various sensors provided in the user terminal 10.

(About the storage unit 15)
The storage unit 15 stores various information. The storage unit 15 is realized by a semiconductor memory device such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk, for example. The storage unit 15 includes an authenticator storage unit 151 and a proxy authenticator storage unit 152.

(About the authenticator storage unit 151)
The authenticator storage unit 151 stores information related to the authenticator. FIG. 6 is a diagram illustrating an example of the authenticator storage unit 151 according to the embodiment. In the example illustrated in FIG. 6, the authenticator storage unit 151 includes items such as “authenticator ID”, “type”, “authenticated user”, and “secret key”.

  “Authenticator ID” indicates identification information for identifying an authenticator. In the embodiment, it is assumed that the authentication device ID matches the reference code of the authentication device. For example, the authentication device indicated by the authentication device ID “163A” indicates the fingerprint authentication device 163A.

  “Type” indicates the type of authentication method performed by the authenticator. For example, types include fingerprints, irises, and voiceprints. Note that the authentication method of the authenticator is not limited to the above. For example, the authentication device may be a face authentication device that performs authentication using image data of the user's face, or a biometric information authentication device that detects a user's heartbeat or the like by a sensor. Further, the authentication method of the authenticator is not limited to the authentication method using biometric information. For example, the authenticator may be a hardware authenticator that performs authentication by connecting a predetermined physical key owned by the user U01 to the user terminal 10, or may be a SIM card (Subscriber Identity) built in the user terminal 10. A SIM card authenticator that performs authentication by determining the contents of the Module Card) may be used. Further, the authenticator may be a method for performing authentication by inputting predetermined information such as a password. Further, the authenticator may be a system that performs authentication using an identification number (PIN, Personal Identification Number) given to the user terminal 10 itself.

  “Authenticated user” indicates a user authenticated by the authenticator. The “secret key” indicates a key for signing the authentication result of the authenticator and generating authentication result information. The secret key and the public key to be paired are issued when the authenticator is registered in the authentication server 100. The secret key is held in the user terminal 10. The public key is transmitted to the authentication server 100 by the user terminal 10. The secret key is held in an area that cannot be accessed unless the user is successfully authenticated by the corresponding authenticator.

  That is, in FIG. 6, the authentication device (fingerprint authentication device 163A) identified by the authentication device ID “163A” has the authentication type “fingerprint”, the user to be authenticated is “user U01”, and the private key is An example of “K10” is shown.

(About proxy authenticator storage unit 152)
The proxy authenticator storage unit 152 stores information related to an external device acting as an authenticator. FIG. 7 shows an example of the proxy authenticator storage unit 152 according to the embodiment. FIG. 7 is a diagram illustrating an example of the proxy authenticator storage unit 152 according to the embodiment. In the example illustrated in FIG. 7, the proxy authenticator storage unit 152 includes items such as “proxy authenticator”, “authenticated user”, and “determination element”.

  The “proxy authentication device” indicates an external device having a function of proxying the authentication device. “Authenticated user” indicates a user authenticated by the proxy authenticator.

  The “determination element” indicates information used for authentication when the proxy authenticator authenticates the authenticated user. That is, the proxy authenticator authenticates the identity of the authenticated user by determining the information listed in the determination element item. For example, the determination element includes a communication line used by the user terminal 10. The communication line is, specifically, SIM card identification information provided by a communication carrier. That is, when transmitting / receiving information from the user terminal 10 via the network N, the proxy authenticator obtains SIM card identification information and the like, and authenticates the user U01 of the user terminal 10 with the obtained information. That is, since the SIM card is assigned unique information to one user, it can be a determination factor for authenticating the user.

  Further, it is desirable that information used by the proxy device 50 for authentication is transmitted from the user terminal 10 to the proxy device 50 using a wired line system or a short-range wireless communication system. This is because the communication between the user terminal 10 and the proxy device 50 is performed in the above manner, so that the probability that the content of the authentication information transmitted from the user terminal 10 to the proxy device 50 leaks to a third party is reduced. This is because the probability that the user terminal 10 and the proxy device 50 are handled by the same user increases.

  Further, the fact that the short-range communication as described above is established between the user terminal 10 and the proxy device 50 may be handled as a determination element. For example, a sound wave is emitted from one side between the user terminal 10 and the proxy authenticator, and the other side receives the sound wave. When such communication is established, the user terminal 10 and the proxy authenticator are trusted to be handled by the same user or trusted users, and thus can be a determination element for authenticating the user. Note that the determination by the short-range communication may be performed by a short-range wireless communication method according to the NFC (Near field radio communication) standard in addition to the sound wave. In this case, the fact that the user terminal 10 and the proxy device 50 can recognize each other by NFC communication can be a determination factor for determining the identity of the user of the user terminal 10 and the proxy device 50. Further, the short-range communication is not limited to the wireless communication conforming to the sound wave or the NFC standard, and may be established by connecting the user terminal 10 and the proxy authenticator by wire. In addition, as an example of the determination element, a temporary passcode or the like may be used. The determination element may be, for example, a card number of a card owned by the user. In this case, the determination is performed when the user inputs a card number registered in advance. In addition, the determination element may be, for example, any information used by the authenticator for authentication exemplified above.

  In addition, a plurality of determination elements may be set. In personal authentication, generally, the strength of authentication is improved by combining a plurality of determination elements rather than a single determination element. For this reason, in the authentication by the proxy authenticator, the user may cause the authentication process to be performed using a plurality of determination elements.

  That is, FIG. 7 shows that the user authenticated by the proxy authenticator “proxy device 50” is “user U01”, and the elements for determining the user U01 are based on “communication line” and “short-range communication”. . In this case, when the proxy device 50 communicates from the user terminal 10, the proxy device 50 acquires and identifies information on the communication line used by the user terminal 10, and whether near field communication is established with the user terminal 10. Determine whether or not. That is, the proxy device 50 authenticates the user U01 who uses the user terminal 10 based on two types of authentication information.

(About the control unit 16)
For example, the control unit 16 executes various programs stored in a storage device inside the user terminal 10 using a RAM (Random Access Memory) as a work area by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or the like. It is realized by doing. Moreover, the control part 16 is implement | achieved by integrated circuits, such as ASIC (Application Specific Integrated Circuit) and FPGA (Field Programmable Gate Array), for example.

  The control unit 16 controls various processes such as a local authentication process performed in the user terminal 10, a process for causing the authenticator to function, and transmission / reception of information with the proxy device 50 and the authentication server 100. As shown in FIG. 5, the control unit 16 includes an acquisition unit 161, a registration unit 162, an authentication control unit 163, a generation unit 164, a request unit 165, and a transmission unit 166, which will be described below. Implement or execute information processing functions and actions. For example, the control unit 16 implements various types of information processing by executing the above-described application using the RAM as a work area. The internal configuration of the control unit 16 is not limited to the configuration illustrated in FIG. 5, and may be another configuration as long as the information processing described later is performed.

(About the acquisition unit 161)
The acquisition unit 161 acquires various types of information. For example, the acquisition unit 161 receives information transmitted from the authentication server 100 or the proxy device 50. In addition, the acquisition unit 161 receives a request for authentication of a user who uses the user terminal 10 and is transmitted from the authentication server 100 or the proxy device 50. The acquisition unit 161 acquires various types of information detected by the detection unit 14.

(Registration unit 162)
The registration unit 162 registers various information related to authentication. In addition, the registration unit 162 registers predetermined information with respect to the proxy device 50 and the authentication server 100 regarding information and the like related to recovery. Registration in this case includes registration of predetermined information with the proxy device 50 or the authentication server 100 in accordance with an instruction from the registration unit 162.

  For example, the registration unit 162 registers information related to the authenticator that authenticates the identity of the user U01 who uses the user terminal 10 in the authenticator storage unit 151. In addition, the registration unit 162 registers the authenticator included in the user terminal 10 itself in the authentication server 100 in order to receive authentication from the authentication server 100. In this case, the registration unit 162 registers the secret key corresponding to the authenticator in the authenticator storage unit 151. In addition, the registration unit 162 transmits a public key for verifying a signature generated using the secret key to the authentication server 100 to register it.

  Further, the registration unit 162 registers the proxy device 50 in the proxy authenticator storage unit 152 in order to recover information related to the authentication of the user U01. In this case, the registration unit 162 registers the information of the user U01 in the proxy device 50 in order to treat the proxy device 50 as an authenticator. First, the registration unit 162 registers information used for authentication of the user U01 in the proxy device 50. The information used for authentication of the user U01 is information related to the communication line of the user terminal 10 shown in FIG. When the proxy device 50 authenticates the user U01, the registration unit 162 issues a secret key K50 used for generating a signature for the authentication result and a public key K51 for verifying the signature. Subsequently, the registration unit 162 causes the proxy device 50 to register in the proxy device 50 a secret key K50 used to generate a signature for the authentication result. Also, the registration unit 162 causes the authentication server 100 to register the public key K51 used for signature verification in the authentication server 100. The transmission of the public key K51 to the authentication server 100 may be performed from the proxy device 50. As described above, the registration unit 162 appropriately registers information in various devices so that the proxy device 50 is treated as an authenticator that authenticates the user U01.

  Then, the registration unit 162 causes the authentication server 100 to register the public key K51 transmitted from the proxy device 50 to the authentication server 100 in association with the public key K11 that has already been transmitted by the user terminal 10 side. That is, the registration unit 162 authenticates so that the signature verified using the public key K51 is a signature indicating that the same user U01 as the signature verified using the public key K11 is authenticated. The public key K51 and the public key K11 are registered in the server 100. As a result, when the signature is verified using the public key K51, the authentication server 100 can specify the user U01 who is authenticated when the signature is verified using the public key K11. As a result, the authentication server 100 verifies the signature using the public key K51 when the private key K50 is transmitted as the authentication result information for recovery, so that the user related to the associated public key K11. Can be recovered.

(About the authentication control unit 163)
The authentication control unit 163 controls processing related to the authentication of the identity of the user U01 who uses the user terminal 10. For example, the authentication control unit 163 manages an authenticator included in the user terminal 10. Further, the authentication control unit 163 operates the authenticator registered by the registration unit 162 to authenticate the identity of the user U01 who uses the user terminal 10. That is, the authentication control unit 163 realizes a function as an authentication device such as the fingerprint authentication device 163A in the embodiment.

  Further, the authentication control unit 163 controls authentication processing performed by the proxy device 50. For example, the authentication control unit 163 refers to the proxy authenticator storage unit 152 and acquires information necessary for the authentication process performed by the proxy device 50. Then, the authentication control unit 163 sends information necessary for the authentication process performed by the proxy device 50 to the transmission unit 166 and causes the proxy device 50 to transmit the information.

  The authentication control unit 163 may authenticate the identity of the user U01 based on at least two types of information when the proxy device 50 performs authentication of the user U01. Thereby, since the authentication process performed by the proxy device 50 is multi-factor authentication performed by a plurality of determination elements, the authentication strength can be further improved.

(About the generation unit 164)
The generation unit 164 controls generation of authentication result information. The generation unit 164 acquires the result of authentication by the authenticator stored in the authenticator storage unit 151. And the production | generation part 164 produces | generates the authentication result information processed by the authentication server 100 from the result of the authentication by an authenticator.

  Specifically, the generation unit 164 acquires a result of authentication performed by the authenticator. And the production | generation part 164 produces | generates a signature using the private key corresponding to an authenticator with respect to the result by which the user U01 was authenticated. Then, the generation unit 164 generates authentication result information corresponding to the authentication result by adding a signature to the authentication result. For example, when the authentication control unit 163 performs authentication using the fingerprint authenticator 163A, the generation unit 164 generates authentication result information by attaching a signature to the authentication result using the secret key K10. To do. Such authentication result information indicates that in the user terminal 10, the user U01 identity authentication process has been completed. The generation unit 164 sends the generated authentication result information to the transmission unit 166 and causes the authentication server 100 to transmit it.

(About the request unit 165)
The request unit 165 makes various requests to the authentication server 100. For example, the request unit 165 authenticates various services that have been used by performing authentication with the authenticator that has been used so far when the authenticator that has been used until now cannot be used for some reason. The authentication server 100 is requested to recover the information related to.

  Specifically, the request unit 165 uses the public key K51 to authenticate the authentication result information transmitted by the proxy device 50, that is, the signature attached to the result of the authentication process executed by the proxy device 50. If it is verified by the above, recovery of information related to the public key K11 is requested. The information related to the public key K11 refers to information that can be used in a web service or the like when the user U01 is authenticated by the authentication server 100, for example. Specifically, the information related to the public key K11 is information related to the user U01, which is related to the service account used in a predetermined service, the ID information of the user U01, and the password set by the user U01. Information, and access rights to user information stored in various web servers. The recovery process of the present application includes not only information related to the user U01 associated with the public key K11 but also a key reissue process for an authenticator that authenticates the user U01.

(About the transmitter 166)
The transmission unit 166 transmits various types of information. For example, the transmission unit 166 transmits the authentication result information generated by the generation unit 164 to the authentication server 100. Further, when the acquisition unit 161 acquires authenticated information transmitted from the authentication server 100, the transmission unit 166 may transmit the authenticated information to a web server that provides a service. Further, the transmission unit 166 transmits information used by the proxy device 50 to authenticate the user U01 to the proxy device 50 in accordance with an instruction from the authentication control unit 163. In this case, as described above, the transmission unit 166 may transmit information used for user authentication to the proxy device 50 using a wired method or a short-range wireless communication method.

[4. (Configuration of proxy device)
Next, the configuration of the user terminal 10 according to the embodiment will be described with reference to FIG. FIG. 8 is a diagram illustrating a configuration example of the proxy device 50 according to the embodiment. As illustrated in FIG. 8, the proxy device 50 includes a communication unit 51, a storage unit 52, and a control unit 53. Note that the connection relationship between the processing units included in the proxy device 50 is not limited to the connection relationship illustrated in FIG. 8, and may be another connection relationship.

(About the communication unit 51)
The communication unit 11 is connected to the network N by wire or wireless, and transmits and receives information to and from the user terminal 10 and the authentication server 100. For example, the communication unit 11 is realized by a NIC or the like.

(About the storage unit 52)
The storage unit 52 stores various information. The storage unit 52 is realized by, for example, a semiconductor memory device such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk.

(About the authentication information storage unit 521)
The authentication information storage unit 521 stores information related to user authentication. FIG. 9 shows an example of the authentication information storage unit 521 according to the embodiment. FIG. 9 is a diagram illustrating an example of the authentication information storage unit 521 according to the embodiment. In the example illustrated in FIG. 9, the authentication information storage unit 521 includes items such as “authenticated user”, “determination element”, and “secret key”.

  “Authenticated user” indicates a user authenticated by the proxy device 50. The “determination element” is information used for user authentication, and corresponds to the same item in FIG. The “private key” indicates information for identifying a secret key used for generating a signature attached to the result of authentication when the authenticated user is authenticated.

  That is, in FIG. 9, the user authenticated by the proxy device 50 is “user U01”, the determination elements used for authentication are “communication line” and “short-range communication”, and the signature attached to the result of authentication of the user U01 In this example, the secret key for generating “K50” is “K50”.

(Regarding the controller 53)
The control unit 53 is realized, for example, by executing various programs stored in a storage device inside the proxy device 50 using the RAM as a work area by a CPU, an MPU, or the like. The control unit 53 is realized by an integrated circuit such as an ASIC or FPGA.

  The control unit 53 controls various processes such as a local authentication process performed in the user terminal 10, a process for causing the authenticator to function, and transmission / reception of information with the proxy device 50 and the authentication server 100. As shown in FIG. 8, the control unit 53 includes a reception unit 531, a registration unit 532, an authentication unit 533, a generation unit 534, and a transmission unit 535, and functions and operations of information processing described below. Realize or execute. For example, the control unit 53 implements various types of information processing by executing the above-described application using the RAM as a work area. The internal configuration of the control unit 53 is not limited to the configuration illustrated in FIG. 8, and may be another configuration as long as the information processing described later is performed.

(Receiver 531)
The receiving unit 531 receives various information. For example, the receiving unit 531 receives information related to authentication transmitted from the user terminal 10. In addition, the reception unit 531 receives information regarding registration transmitted from the user terminal 10.

(Registration unit 532)
The registration unit 532 registers various information. For example, the registration unit 532 registers information related to authentication received from the user terminal 10 in the authentication information storage unit 521. In addition, when the proxy device 50 is registered in the authentication server 100 as an authenticator, the registration unit 532 registers the secret key K50 used in communication with the authentication server 100 in the authentication information storage unit 521.

(About the authentication unit 533)
The authentication unit 533 executes authentication processing. For example, the authentication unit 533 authenticates the user U01 in accordance with a request from the user terminal 10. In this case, the authentication unit 533 authenticates the user U01 by determining authentication information transmitted from the user terminal 10.

(About the generation unit 534)
The generation unit 534 controls generation of authentication result information. That is, the generation unit 534 generates authentication result information by adding a signature to the authentication result using the secret key K50 when the authentication unit 533 performs the authentication process. As described above, since the authentication result information is information processed by a specific authentication procedure (protocol) defined by the authentication server 100, the generation unit 534 generates the authentication result information according to the authentication procedure.

(About the transmitter 535)
The transmission unit 535 transmits various types of information. For example, the transmission unit 535 transmits the authentication result information generated by the generation unit 534 to the authentication server 100.

[5. Authentication server configuration]
Next, the configuration of the authentication server 100 according to the embodiment will be described with reference to FIG. FIG. 10 is a diagram illustrating a configuration example of the authentication server 100 according to the embodiment. As illustrated in FIG. 10, the authentication server 100 includes a communication unit 110, a storage unit 120, and a control unit 130. The authentication server 100 includes an input unit (for example, a keyboard and a mouse) that receives various operations from an administrator who uses the authentication server 100, and a display unit (for example, a liquid crystal display) for displaying various types of information. You may have.

(About the communication unit 110)
The communication unit 110 is realized by a NIC or the like, for example. The communication unit 110 is connected to the network N in a wired or wireless manner, and transmits and receives information to and from the user terminal 10 and the proxy device 50 via the network N. In addition, when processing the authentication result information transmitted from the user terminal 10 or the proxy device 50, the communication unit 110 performs processing in accordance with a specific authentication procedure (protocol) with high safety.

(About the storage unit 120)
The storage unit 120 is realized by, for example, a semiconductor memory device such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 120 includes a registration information storage unit 121 and a recovery information storage unit 122.

(Registered information storage unit 121)
The registration information storage unit 121 stores information related to the authentication device registered in the authentication server 100. Here, FIG. 11 illustrates an example of the registration information storage unit 121 according to the embodiment. FIG. 11 is a diagram illustrating an example of the registration information storage unit 121 according to the embodiment. In the example illustrated in FIG. 11, the registration information storage unit 121 includes items such as “authenticator ID”, “type”, “authenticated user”, and “public key”.

  “Authenticator ID”, “Type”, and “Authenticated User” correspond to the same items shown in FIG. The “public key” is key information transmitted from the authenticator side (that is, the user terminal 10 or the proxy device 50) at the time of registration of the authenticator, and indicates a key that is paired with the secret key issued at the same time. The public key is stored in association with each authenticator and authenticated user.

  That is, in FIG. 11, the authenticator identified by the authenticator ID “163A” is registered, the type of the authenticator is “fingerprint”, the authenticated user is “user U01”, and the authenticator Indicates that the public key used when authenticating the user U01 is “K11”.

(Recovery information storage unit 122)
The recovery information storage unit 122 stores the association between the authentication device related to the user terminal 10 and the proxy authentication device acting as a proxy for the authentication device. The recovery information storage unit 122 also stores information related to the user authenticated by the authentication server 100. Here, FIG. 12 illustrates an example of the recovery information storage unit 122 according to the embodiment. FIG. 12 is a diagram illustrating an example of the recovery information storage unit 122 according to the embodiment. In the example illustrated in FIG. 12, the recovery information storage unit 122 includes items such as “authenticated user”, “public key”, “recovery public key”, and “user information”.

  “Authenticated user” corresponds to the same item shown in FIG. The “public key” corresponds to the same item shown in FIG. 11. Here, it is assumed that the public keys having the same authenticated user are stored in association with each other. For example, as shown in FIG. 11, an authentication device that authenticates the user U01 and the user terminal 10 includes the “fingerprint authentication device 163A”, “iris authentication device 163B”, and “voice print authentication device 163C”. It is remembered. For this reason, the recovery information storage unit 122 stores the corresponding public key in association with each other.

  “Recovery public key” indicates a key corresponding to a proxy authenticator that authenticates an authenticated user. “User information” indicates information related to a user authenticated by the authentication server 100. In FIG. 12, the user information is indicated by a concept such as “A01”. Actually, the user information stores information used by the user U01 authenticated by the authentication server 100 for various services. . For example, the user information stores a service account used for a predetermined service, an access right to user information stored in various web servers, and the like. As shown in FIG. 12, the user information is associated with the authenticated user and also associated with the public key of the authenticator that authenticates the user and the public key of the proxy authenticator. In other words, the information related to the public key of the authenticator that authenticates the user includes user information.

  That is, in FIG. 12, the public keys of the authenticator that authenticates the authenticated user “user U01” are “K11”, “K21”, and “K31”, and the public key of the proxy authenticator, that is, the recovery public key is “ K51 ”, and the user information of the user U01 is“ A01 ”.

(About the control unit 130)
The control unit 130 is realized, for example, by executing various programs (corresponding to an example of a selection program) stored in a storage device inside the authentication server 100 using the RAM as a work area by a CPU, MPU, or the like. The control unit 130 is realized by an integrated circuit such as an ASIC or FPGA, for example.

  As illustrated in FIG. 10, the control unit 130 includes a reception unit 131, a registration unit 132, a verification unit 133, an execution unit 134, and a transmission unit 135, and information processing functions and operations described below. Realize or execute. The internal configuration of the control unit 130 is not limited to the configuration illustrated in FIG. 10, and may be another configuration as long as the information processing described later is performed. Further, the connection relationship between the processing units included in the control unit 130 is not limited to the connection relationship illustrated in FIG. 10, and may be another connection relationship.

(About the receiver 131)
The receiving unit 131 receives various information. For example, the receiving unit 131 receives a request for registration of an authenticator from the user terminal 10 that desires authentication in the authentication server 100. Further, for example, when the user terminal 10 accesses the web server and a service provided by the accessed web server requests the user terminal 10 for authentication, the receiving unit 131 receives the authentication request from the web server. In this case, in response to the authentication request received by the reception unit 131, the transmission unit 135 described later transmits a request indicating that the user terminal 10 performs authentication. In addition, the receiving unit 131 receives authentication result information that is information generated based on a locally performed authentication result in the authentication process. The receiving unit 131 processes the authentication result information transmitted from the user terminal 10 using a specific authentication procedure defined by the authentication server 100.

(Registration unit 132)
The registration unit 132 registers information related to the authentication device. For example, the registration unit 132 registers the authentication device included in the user terminal 10 that has requested registration based on the information received by the reception unit 131. The registration unit 132 stores the registered information in the registration information storage unit 121.

  In addition, the registration unit 132 registers a public key among a public key and a private key that are paired between the authentication server 100 and the authenticator. When verifying the authentication result information, the verification unit 133 refers to the public key registered by the registration unit 132 and verifies the authentication result information.

  The registration unit 132 registers information related to the proxy authenticator. For example, the registration unit 132 accepts registration of an authenticator from the proxy device 50 controlled by the registration unit 162 related to the user terminal 10. Then, the registration unit 132 stores the proxy device 50 in the registration information storage unit 121 using the authentication device 50 as an authenticator. Further, the registration unit 132 registers the proxy device 50 in the recovery information storage unit 122 as a recovery authenticator for the user terminal 10.

(About the verification unit 133)
The verification unit 133 verifies the authentication result information. Specifically, the verification unit 133 analyzes the authentication result information transmitted from the user terminal 10 and specifies a user to be authenticated based on the authentication result information. Furthermore, the verification unit 133 specifies the secret key corresponding to the authenticator that is the generation source of the authentication result information via the registration information storage unit 121. Then, the verification unit 133 verifies whether or not the signature attached to the authentication result information is a signature created using the registered authenticator private key, using the public key corresponding to the private key.

  Then, when the verification by the public key corresponding to the secret key is confirmed, the verification unit 133 recognizes the authentication result information transmitted from the user terminal 10 as regular authentication information. Then, the verification unit 133 sends information indicating that the authentication result information has been authenticated to the transmission unit 135 and causes the user terminal 10 (or the proxy device 50) to transmit the information.

  The verification unit 133 may not recognize the identity of the user indicated by the authentication result information when the authenticator that generated the authentication result information does not match a predetermined condition. For example, the verification unit 133 determines whether the authenticator that generated the authentication result information is not stored in the registration information storage unit 121 managed by the registration unit 132 or the transmitted authentication result information is specified by the authentication server 100. If the authentication procedure is not followed, the identity of the user indicated by the authentication result information may not be authenticated.

(About the execution unit 134)
The execution unit 134 performs information recovery based on the information verified by the verification unit 133. For example, the verification unit 133 authenticates the user U01 by verifying the authentication result information transmitted from the proxy device 50. In this case, the execution unit 134 refers to the recovery information storage unit 122 when receiving a request for recovery from the user terminal 10. And the execution part 134 specifies the information regarding the other public key used in order to authenticate the user U01, and the user information of the user U01 based on the authenticated user U01. Then, the execution unit 134 performs recovery of information related to the user U01 in accordance with a request from the user terminal 10.

  That is, the execution unit 134 is such that the user authenticated by the signature verified using the public key K51 corresponding to the proxy device 50 is the same user as the user authenticated by the signature verified using the public key K11. When it is a certain user U01, the recovery requested by the request unit 165 related to the user terminal 10 is executed. In this way, the execution unit 134 performs the requested recovery when the user U01 is authenticated by the same authentication method, although the authentication source from which the authentication has been performed is different. It can be performed.

  Note that the execution unit 134 may determine whether or not to perform the recovery requested by the request unit 165 according to the reliability of the proxy authenticator that performs authentication of the user U01 such as the proxy device 50. For example, the reliability of the proxy device 50 is preset by an administrator of the authentication server 100 or the like. Specifically, the reliability of the proxy device 50 is set by an authentication method performed by the proxy device 50, a communication method between the proxy device 50 and the user terminal 10, and the like.

  For example, when the proxy device 50 performs so-called multi-factor authentication in which the user U01 is authenticated by a plurality of determination factors, the reliability of the proxy device 50 is set high. In other words, the authentication control unit 163 according to the user terminal 10 authenticates the identity of the user based on at least two types of information when the proxy device 50 performs the authentication of the user U01. Thereby, the reliability of the proxy device 50 is set higher than when authentication is performed using one type of determination element.

  Further, the execution unit 134 may determine whether or not to execute the recovery according to a communication method between the user terminal 10 and the proxy device 50. For example, when the communication between the user terminal 10 and the proxy device 50 is via a wide area network such as the Internet, the authentication information transmitted from the user terminal 10 to the proxy device 50 is likely to be intercepted by a third party. For this reason, reliability also falls about the authentication process which the proxy apparatus 50 performs.

  On the other hand, when the communication between the user terminal 10 and the proxy device 50 is performed only by a wired method or near field communication, the content of the authentication information transmitted from the user terminal 10 to the proxy device 50 may be leaked to a third party. Becomes lower. For this reason, the authentication process performed by the proxy device 50 is determined highly reliable. The reliability setting by such a communication method can be replaced by a process in which the proxy device 50 authenticates the user U01 by short-range communication as a determination element. That is, when the proxy device 50 uses near field communication as a determination element for authenticating the user U01, the execution unit 134 indicates that the communication between the proxy device 50 and the user terminal 10 is highly reliable. May be handled.

  Note that the execution unit 134 may make a unique setting for the reliability of the proxy device 50, for example, according to the setting of the administrator of the authentication server 100. For example, the execution unit 134 sets the reliability of the proxy device 50 according to the security status of the proxy device 50 itself, the reliability of past authentication of the proxy device 50, and the like. The execution unit 134 may perform recovery in response to a request from the user terminal 10 based on the authentication process of the proxy device 50 when the proxy device 50 has a certain level of reliability. As a result, the execution unit 134 can perform a reliable and secure recovery process.

(About transmitter 135)
The transmission unit 135 transmits various information. For example, when it is requested to authenticate the identity of the user who uses the user terminal 10 when using the service, the transmission unit 135 transmits information indicating that authentication is requested to the user terminal 10. Further, the transmission unit 135 transmits the authenticated information to the user terminal 10 or the proxy device 50 when the verification unit 133 that has verified the authentication result information authenticates the identity of the user who has transmitted the authentication result information. . Further, the transmission unit 135 transmits the information to the user terminal 10 when the execution unit 134 performs the recovery.

[6. Processing procedure)
Next, a processing procedure performed by the recovery system 1 according to the embodiment will be described with reference to FIG. FIG. 13 is a sequence diagram illustrating a processing procedure according to the embodiment.

  First, the user terminal 10 requests recovery from the authentication server 100 (step S101). In response to the recovery request, the authentication server 100 requests the user terminal 10 to authenticate the user U01 who uses the user terminal 10 (step S102).

  Here, the user terminal 10 accesses the proxy device 50 registered in the authentication server 100 as a proxy authenticator in advance. Then, the user terminal 10 transmits authentication information for authenticating the user U01 to the proxy device 50 (step S103).

  The proxy device 50 authenticates the user U01 who is the user on the user terminal 10 side in accordance with the request from the user terminal 10 (step S104). Then, the proxy device 50 generates authentication result information that is information processed by a specific authentication procedure defined by the authentication server 100. Then, the proxy device 50 transmits the generated authentication result information to the authentication server 100 (step S105).

  The authentication server 100 verifies the authentication result information transmitted from the proxy device 50. In other words, the authentication server 100 verifies, using the public key K51, the signature attached to the authentication result information and generated using the secret key K50 corresponding to the proxy device 50.

  Then, the authentication server 100 authenticates the user U01 based on the authentication result information transmitted from the proxy device 50. Then, the authentication server 100 refers to the association between the user terminal 10 and the proxy device 50 (step S106). For example, the authentication server 100 refers to the recovery information storage unit 122 to refer to the association between the public key K51 of the proxy device 50 and K11 that is the public key of the fingerprint authenticator 163A related to the user terminal 10.

  By referring to such association, the authentication server 100 authenticates that the user U01 authenticated by the proxy device 50 is the user U01 who has previously used the user terminal 10 (step S107).

  And the authentication server 100 performs the recovery of the information regarding the authenticated user U01 (step S108). The authentication server 100 transmits to the user terminal 10 that the recovery has been executed (step S109). Thereby, the recovery requested by the user terminal 10 from the authentication server 100 is completed.

[7. (Modification)
The recovery process by the recovery system 1 described above may be implemented in various different forms other than the above embodiment. Therefore, in the following, another embodiment of the recovery system 1 will be described.

[7-1. Proxy device]
In the above embodiment, the proxy device 50 has been described as an example of a device acting as a proxy for an authenticator that authenticates the user U01 of the user terminal 10. Here, the proxy device 50 may be realized by various devices. This point will be described with reference to FIG.

  FIG. 14 is a diagram illustrating a configuration example of the recovery system 1 according to the modification. As illustrated in FIG. 14, the recovery system 1 according to the modification includes a family terminal 30, a friend terminal 35, a store terminal 40, and a cloud server 45 instead of the proxy device 50.

  The family terminal 30 is a terminal used by the family of the user U01 who uses the user terminal 10, for example. The friend terminal 35 is a terminal used by a friend of the user U01, for example. In other words, the family terminal 30 and the friend terminal 35 are terminals used by the parties related to the user U01. The store terminal 40 is, for example, a terminal provided in a predetermined store (for example, a store operated by a line providing company that provides a line used by the user terminal 10). The cloud server 45 is a server device that can be accessed by the user terminal 10 via the Internet or the like.

  For example, the user U01 may use the family terminal 30, the friend terminal 35, the store terminal 40, or the cloud server 45 instead of the proxy device 50 in the recovery process described in the above embodiment.

  For example, it is assumed that the user U01 uses the cloud server 45 instead of the proxy device 50. In this case, the user U01 registers the cloud server 45 in the authentication server 100 in advance as a proxy authenticator. For example, the user U01 stores fingerprint registration data on the cloud server 45 as a backup. In the recovery process, the user terminal 10 transmits fingerprint data to the cloud server 45 as a proxy for the authenticator provided therein, and performs authentication. The cloud server 45 attaches a signature to the authentication result and transmits it to the authentication server 100. The authentication server 100 refers to whether or not the authentication result transmitted by the cloud server 45 can be associated with the information registered in the recovery information storage unit 122 of the authentication server 100 in advance. When the authentication server 100 can confirm the correspondence between the two, the authentication server 100 executes recovery according to the request of the user terminal 10.

  As described above, according to the recovery system 1, as a device acting as the user terminal 10, another terminal device used by the user U01, the family terminal 30 or the friend terminal 35 used by a person related to the user U01, a predetermined operator The identity of the user U01 can be authenticated by either the store terminal 40 installed in the store operated by the customer or the cloud server 45 on the cloud that can be used via the network N.

  That is, according to the recovery system 1, since the user U01 can perform recovery processing using various terminals, it is possible to flexibly cope with recovery. Note that the authentication server 100 may determine whether or not to execute the recovery for the family terminal 30, the friend terminal 35, and the like according to the reliability. For example, when the cloud server 45 is used, there is a possibility that authentication information (in the above example, fingerprint data) for authenticating the user U01 leaks onto the cloud. In such a case, the authentication server 100 may handle the processing performed by the cloud server 45 with lower reliability than the authentication processing performed by other terminals. On the other hand, since the store terminal 40 is provided by a business operator, it is assumed that a certain level of safety can be secured. That is, the authentication server 100 may handle the authentication process executed by the store terminal 40 with higher reliability than the process performed by the cloud server 45.

[7-2. (Type of authenticator)
In the above-described embodiment, an example in which each authenticator is realized as one function of authentication processing realized by the authentication control unit 163 has been described. However, the authenticator may be realized as an authentication device (hardware) connected to the user terminal 10.

  In this case, the authenticator has a function of communicating with the user terminal 10 and a function of acquiring information such as a fingerprint input from the user terminal 10. Then, the authenticator authenticates that the user terminal 10 is used by the user U01 when the input data and the registration data are collated. The authenticator generates authentication result information based on the authentication result. Then, the authenticator receives authenticated information from the authentication server 100 and transmits the information to the user terminal 10. In this case, the authentication control unit 163 and the generation unit 164 related to the user terminal 10 control the operation of the authenticator connected to the user terminal 10. Thereby, the user terminal 10 can use various services provided from the web server.

  The authenticator may be realized as a program (application) in which the functions of the authentication control unit 163 and the generation unit 164 are integrated. When the authenticator is an application, the application is executed by being installed in the user terminal 10 in accordance with a user operation.

[7-3. Proxy authenticator)
In the above embodiment, the authentication process by the proxy authenticator has been described as being used for recovery. However, the authentication process by the proxy authenticator is not always used only for recovery. For example, the authentication process by the proxy authenticator may be used as a backup of the authenticator provided in the user terminal 10.

  Note that the authentication server 100 places a restriction on the use of the service when the user U01 authenticated by the proxy authenticator uses a predetermined service as compared to the case where the user U01 is authenticated by the authenticator included in the user terminal 10. May be. For example, the authentication server 100 does not accept a service (for example, payment processing) that is accepted only with authentication having a high authentication strength among predetermined services, or only allows a login to the service for a predetermined time. To perform predetermined access control. Thereby, the authentication server 100 can ensure the certain safety | security regarding an authentication process, while accepting the authentication by a proxy authenticator.

[7-4. Configuration of each device]
In the above embodiment, configuration examples of the user terminal 10, the proxy device 50, and the authentication server 100 have been described with reference to FIGS. However, each device included in the recovery system 1 is not necessarily realized by the exemplified configuration. For example, the user terminal 10 does not necessarily include all the processing units illustrated in FIG. That is, the user terminal 10 does not necessarily include the display unit 13 and the detection unit 14 inside. Further, the user terminal 10 may be separated into two or more devices to realize the configuration illustrated in FIG. For example, the user terminal 10 includes two or more devices having a configuration in which an authentication device including at least the detection unit 14, the authentication control unit 163, and the generation unit 164 and a communication device including at least the communication unit 11 are separated. It may be realized.

[7-5. Operation of the recovery system)
Each device included in the recovery system 1 may detect a communication state or the like of each device by using a predetermined application, and perform each process executed in the recovery process.

  That is, a common application is installed in the user terminal 10, the proxy device 50, and the like by an administrator (for example, the user U01) who manages the user terminal 10. The user terminal 10 can perform transmission / reception of authentication information, control of authentication processing, and the like with respect to the proxy device 50 by controlling the function of the application. As described above, the common application is installed in each device included in the recovery system 1, so that the recovery process can be realized quickly and accurately.

[7-6. (Recovery with a different key)
In the said embodiment, the example which implements a recovery process by matching the some public key transmitted to the authentication server 100 was shown. Here, the authentication server 100 may be set so that other secret keys can be verified in the authentication process as long as they are associated public keys.

  That is, the authentication server 100 associates the public key K11 transmitted from the user terminal 10 with the public key K51 transmitted from the proxy device. Note that the public key K11 verifies the signature generated using the secret key K10, and the public key K51 verifies the signature generated using the secret key K50. At this time, the authentication server 100 may be set so that the signature generated using the secret key K10 or the secret key K50 can be verified by using one of the associated public keys K11 and K51. Such setting may be set, for example, by an administrator of the authentication server 100 when the authenticator is registered in the authentication server 100, or may be set by an application from the user of the user terminal 10. .

  In other words, the recovery system 1 uses a secret key K50 different from the secret key K10, and controls generation of a signature on the result of user authentication by the proxy device 50 according to the same authentication protocol as when the secret key K10 is used. Information related to the secret key K10 based on the verification result of verifying the signature generated using the secret key K50 using the public key K11 used to verify the signature generated by the unit 164 and the secret key K10 And an execution unit 134 that executes recovery of the above. Note that following the same authentication protocol as in the case of using the secret key K10 means a series of authentication procedures of authentication processing performed between the user terminal 10 and the authentication server 100 using the secret key K10. In other words, the authentication protocol in this case indicates a series of authentication procedures (methods) performed for authenticating the user to the authentication server 100.

  In addition, when the user authenticated by the signature verified using the public key K51 is the same user U01 as the user authenticated by the signature generated using the secret key K10, the execution unit You may make it perform the recovery of the information regarding K10. The information relating to the secret key K10 is also information relating to the public key K11 paired with the secret key K10, that is, it can be paraphrased as information relating to the user U01. Also, in this case, in any storage unit in the recovery system 1, information related to the secret key K50 and information related to the public key K11 are stored in association with each other. The information regarding the private key K50 includes information regarding the public key K51 as a pair, and the information regarding the public key K11 includes information regarding the private key K10 as a pair. Thus, the recovery system 1 can perform a quick recovery process by flexibly associating keys.

[8. Hardware configuration)
The user terminal 10, the proxy device 50, and the authentication server 100 according to the above-described embodiments are realized by a computer 1000 configured as shown in FIG. 15, for example. Hereinafter, the user terminal 10 will be described as an example. FIG. 15 is a hardware configuration diagram illustrating an example of a computer 1000 that implements the functions of the user terminal 10. The computer 1000 includes a CPU 1100, RAM 1200, ROM 1300, HDD 1400, communication interface (I / F) 1500, input / output interface (I / F) 1600, and media interface (I / F) 1700.

  The CPU 1100 operates based on a program stored in the ROM 1300 or the HDD 1400 and controls each unit. The ROM 1300 stores a boot program executed by the CPU 1100 when the computer 1000 is started up, a program depending on the hardware of the computer 1000, and the like.

  The HDD 1400 stores a program executed by the CPU 1100, data used by the program, and the like. The communication interface 1500 receives data from other devices via the communication network 500 (corresponding to the network N shown in FIG. 4), sends the data to the CPU 1100, and transmits the data generated by the CPU 1100 to the other devices via the communication network 500. Send to device.

  The CPU 1100 controls an output device such as a display and a printer and an input device such as a keyboard and a mouse via the input / output interface 1600. The CPU 1100 acquires data from the input device via the input / output interface 1600. Further, the CPU 1100 outputs the data generated via the input / output interface 1600 to the output device.

  The media interface 1700 reads a program or data stored in the recording medium 1800 and provides it to the CPU 1100 via the RAM 1200. The CPU 1100 loads such a program from the recording medium 1800 onto the RAM 1200 via the media interface 1700, and executes the loaded program. The recording medium 1800 is, for example, an optical recording medium such as a DVD (Digital Versatile Disc) or PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), a tape medium, a magnetic recording medium, or a semiconductor memory. Etc.

  For example, when the computer 1000 functions as the user terminal 10 according to the embodiment, the CPU 1100 of the computer 1000 implements the function of the control unit 16 by executing a program loaded on the RAM 1200. The HDD 1400 stores data in the storage unit 15. The CPU 1100 of the computer 1000 reads these programs from the recording medium 1800 and executes them, but as another example, these programs may be acquired from other devices via the communication network 500.

[9. Others]
In addition, among the processes described in the above embodiment, all or part of the processes described as being automatically performed can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedures, specific names, and information including various data and parameters shown in the document and drawings can be arbitrarily changed unless otherwise specified. For example, the various types of information illustrated in each drawing is not limited to the illustrated information.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. For example, the authentication control unit 163 and the generation unit 164 illustrated in FIG. 5 may be integrated. Further, for example, information stored in the storage unit 15 may be stored in a storage device provided outside via the network N.

  In addition, the above-described embodiments and modifications can be combined as appropriate within a range that does not contradict processing contents.

[10. effect〕
As described above, the recovery system 1 according to the embodiment includes a user terminal 10 ₁ is a first terminal device, the user terminal 10 ₂ is a second terminal device, an authentication server 100. The user terminal 10 _1, transmits the first key used to verify the signature by the user terminal 10 ₁ itself generates a (public key K11 or the like) to the authentication server 100, a predetermined authentication device to authenticate the identity of the user The proxy unit 50 receives a transmission unit 166 that transmits information used for user authentication to the proxy device 50 and a secret key K50 that is a second key used to generate a signature for the result of authentication by the proxy device 50. A registration unit 162 that registers the public key K51, which is a third key used for verifying the signature generated using the secret key K50, in the authentication server 100 that verifies the signature. . The authentication server 100 includes a public key K51, the recovery information storage unit 122 in association with the public key K11 or the like which is a first key that is transmitted from the user terminal 10 _1. User terminal 10 ₂ to execute the authentication of the user to the proxy device 50, the signature of the authentication control section 163 to transmit the result of the authentication to the authentication server 100, attached to the result of the transmitted authenticated by the authentication control unit 163 Includes a request unit 165 that requests recovery of information related to the public key K11 when the verification is performed by the authentication server 100 using the public key K51.

Thus, the recovery system 1, the authentication method is performed between the user terminal 10 ₁ and the authentication server 100, and registers the proxy apparatus 50 a different key from the key provided on the user terminal 10 _1. The user terminal 10 _1, since the key of the proxy device 50 are stored in association, by the authentication processing performed by the proxy device 50, the user U01 is the user of the user terminal 10 ₁ is identified. Then, the user terminals 10 ₂ Under such registration status, by performing the authentication process by the proxy apparatus 50, information on the key which the user terminal 10 ₁ is registered in the authentication server 100, i.e., by the authentication server 100 The account information of the authenticated user U01 is recovered. That is, according to the recovery system 1, by associating a key relates to an authentication method which has been performed between the authentication server 100 and the user terminal 10 _1, the recovery request information from the user terminal 10 ₂ in the user terminal 10 ₁ Can be accepted. Thus, according to the recovery system 1, the user, even if you lose the function of the authentication according to the user terminal 10 _1, using the user terminal 10 ₂ utilizing user terminal 10 ₁ and 10 _2, the user terminal 10 Since it is possible to request recovery of information related to authentication ₁ , it is possible to provide a user with a highly convenient recovery.

  In addition, the authentication server 100, when the user authenticated by the signature verified using the public key K51 is the same user as the user authenticated by the signature verified using the public key K11, 10 further includes an execution unit 134 that executes the recovery requested by the request unit 165.

Thus, the recovery system 1, information that is verified by the public key K51 corresponds to the proxy device 50, the user terminal 10 ₁ is based on the association between the public key K11 used in validation when the user is authenticated , the recovery of the information about the user terminal 10 _1. As a result, the recovery system 1 can accurately identify the information to be recovered based on the authentication process for the authentication server 100, and thus can perform a reliable recovery process.

  Further, the execution unit 134 determines whether or not to execute the recovery requested by the request unit 165 according to the reliability of the proxy device 50.

Thus, the recovery system 1, depending on the reliability of the device on behalf of the authenticated user terminal 10 ₁ can determine the execution of recovery. Thus, the recovery system 1 is, for example, executed with authentication despite high strength authentication has been performed, the low intensity of the authentication processing by the proxy apparatus 50 between the authentication server 100 and the user terminal 10 ₁ By doing so, it is possible to prevent recovery that is not secured. That is, according to the recovery system 1, if there is no reliability comparable to the authentication scheme as was done with the authentication server 100 and the user terminal 10 _1, the user identified by the authentication process from the proxy apparatus 50 Even if it is done, such authentication cannot be accepted. For this reason, according to the recovery system 1, the safety of recovery can be ensured.

  The transmission unit 166 transmits at least two types of information as information used for user authentication. The authentication control unit 163 authenticates the user's identity based on at least two types of information when the proxy device 50 performs user authentication.

  As described above, the recovery system 1 can perform so-called multi-factor authentication using a plurality of determination elements when the proxy device 50 is authenticated. Thereby, since the strength of the authentication process by the proxy device 50 can be ensured, the recovery system 1 can ensure the safety of the recovery.

  Also, the transmission unit 166 transmits information used for user authentication to the proxy device 50 using a wired method or a short-range wireless communication method.

Thus, in the recovery system 1, communication between the user terminal 10 and the proxy device 50 can be limited to a wired method or a short-range wireless communication method. Originally, an authentication server 100, in the authentication being performed between the user terminal 10 _1, the user terminal 10 ₁ authentication is performed by the authentication unit provided therein. In the recovery system 1, the communication between the user terminal 10 and the proxy device 50 is limited to a wired system or a short-range wireless communication system, so that leakage of information used for authentication to the network can be prevented. 100 and authentication and comparable intensity has been performed between the user terminal 10 ₁ can be ensured. That is, according to the recovery system 1, it is possible to perform recovery with ensured safety.

  Further, the request unit 165 requests recovery of information related to an account that is used by a user identified by a signature verified by the public key K11 as information related to the public key K11 in a predetermined service.

Thus, according to the recovery system 1, the user, the account information such as user terminal 10 ₁ were available by being authenticated to the authentication server 100 can request recovery. That is, according to the recovery system 1, it is possible to execute recovery that is convenient for the user.

  Further, the authentication control unit 163 is operated as a predetermined authentication device by another terminal device used by the user, the family terminal 30 or the friend terminal 35 which is a terminal device used by a user related person, or a predetermined business operator. Either the store terminal 40 that is a terminal device installed in the store or the cloud server 45 that is a predetermined server on the cloud that can be used via the network may execute authentication of the user's identity. .

Thus, the recovery system 1, as authenticator on behalf the user terminal 10 _1, the user can select various authentication device. Therefore, the recovery system 1 can provide a recovery process that is flexible for the user and excellent in usability.

Note that, in the recovery system 1, the user terminal 10 ₁ and the user terminal 10 ₂ may be the same terminal device.

For example, the user terminal 10 _1, and can lose access to the private key K10 for some reason, is also contemplated not be able to use the authenticator to the user terminal 10 ₁ is provided. In this case, it is possible or to execute the authentication processing by the proxy apparatus 50 to request a recovery by the request unit 165 to the user terminal 10 ₁ is provided, the authentication control unit 163. Thus, according to the recovery system 1, flexible recovery processing can be performed.

  Further, the recovery system 1 may be realized by the following configuration. That is, the recovery system 1 uses a second key (for example, the secret key K50) different from the first key (for example, the public key K11), and uses the predetermined authentication means (for example, the proxy device 50) for the user. A generation unit (for example, the generation unit 164) that controls generation of a signature attached to the authentication result is provided. In addition, the recovery system 1 is configured such that when the first key and the third key used for verifying the signature generated using the second key are associated with each other, the second key An execution unit (for example, execution unit 134) is provided that performs recovery of information about the first key based on a verification result obtained by verifying the signature generated using the key using the third key. Further, the recovery system 1 may include a storage unit (for example, the recovery information storage unit 122) that stores the first key and the third key in association with each other. Also, in this case, the generation unit 164 uses the second authentication key as a result of user authentication by a predetermined authentication unit according to the same authentication protocol as that used when generating a signature to be verified using the first key. A signature attached to may be generated.

  As described above, the recovery system 1 performs key association to recover information on the key associated with the key when the signature generated by the generation unit is verified with the predetermined key. be able to. With this configuration, the recovery system 1 can provide a user with a highly convenient recovery. Further, according to the recovery system 1, since the same authentication protocol as that used when the first key is used is also processed for the authentication means for recovery, the same authentication strength as when the first key is used. Authentication can be performed, and highly safe recovery can be performed.

  As described above, some of the embodiments of the present application have been described in detail with reference to the drawings. However, these are merely examples, and various modifications, including the aspects described in the disclosure section of the invention, based on the knowledge of those skilled in the art, It is possible to implement the present invention in other forms with improvements.

  In addition, the above-mentioned “section (module, unit)” can be read as “means” or “circuit”. For example, the generation unit can be read as generation means or a generation circuit.

DESCRIPTION OF SYMBOLS 1 Recovery system 10 User terminal 20 Client 30 Family terminal 35 Friend terminal 40 Store terminal 45 Cloud server 50 Proxy apparatus 100 Authentication server

Claims (12)

A recovery system including a first terminal device, a second terminal device, an authentication server, and an authentication device ,
The first terminal device is:
A generation unit that generates a signature attached to a result of the authentication using a key corresponding to the first key when the identity of the user is authenticated in the first terminal device;
The first key used for verifying the signature generated by the generating unit, and transmits to the authentication server, the authentication device to authenticate the identity of the user, the information used for authentication of the user A transmission unit for transmission;
The authentication device is controlled so that a second key used when the authentication device generates a signature is registered in the authentication device with respect to a result of authentication by the authentication device, and the second key A registration unit that controls the authentication server to register the third key used for verifying the signature generated by using the authentication server that verifies the signature;
The second terminal device is:
Causing the authentication device to perform authentication of the user, causing the authentication device to generate a signature for the authentication result using the second key, and generating the authentication result using the second key together with the authentication result An authentication control unit that controls the authentication device so that the signed signature is transmitted to the authentication server;
When the signature attached to the result of the authentication transmitted from the authentication device is verified by the authentication server using the third key under the control of the authentication control unit, the first key A request unit that requests recovery of information about the user whose identity is authenticated by the signature to be verified , and
The authentication server is
A storage unit that associates and stores the first key and a third key used for verifying a signature generated using the second key;
A verification unit that verifies the signature attached to the authentication result transmitted from the authentication device using the third key;
In that the signature is verified by using the third key by verification unit, identity of the signature is verified using the first key authenticates the identity of the same user and user to be authenticated An execution unit that performs the recovery requested by the request unit when the signature indicates
A recovery system comprising: The execution unit is
According to the reliability of the authentication device, determine whether to perform the recovery requested from the request unit,
The recovery system according to claim 1. The transmitter is
As information used for authentication of the user in the authentication device, at least two types of information are transmitted,
The authentication control unit
When authenticating the user to the authentication device, the identity of the user is authenticated based on at least two types of information.
The recovery system according to claim 1 or 2, characterized in that. The transmitter is
Send information used for authentication of the user to the authentication device using a wired system or a short-range wireless communication system.
The recovery system according to any one of claims 1 to 3. The request unit includes:
As the information on the user identity of is authenticated by the signature to be verified by the first key, the user requests the recovery of the information about the account in use at a given service,
The recovery system according to any one of claims 1 to 4, wherein: The authentication control unit
As before Ki認 card device, another terminal device the user uses the terminal device family or friends of the user to use the terminal apparatus installed in a store that is operating with a predetermined operator, via the network utilization Let one of the predetermined servers on the possible cloud perform authentication of the user's identity,
The recovery system according to any one of claims 1 to 5, wherein: The first terminal device and the second terminal device are the same terminal device.
The recovery system according to any one of claims 1 to 6, wherein: The authentication control unit
A signature verified using the first key is attached to the authentication result of the user using the second key to the authentication device according to the same authentication protocol as that generated by the generation unit. Generate a signed signature,
The recovery system according to any one of claims 1 to 7. A server device in a recovery system including a first terminal device, a second terminal device, a server device, and an authentication device ,
A first key for verifying a signature generated by the first terminal device, and a second key for verifying a signature generated by a predetermined authentication device for authenticating the identity of a user who uses the first terminal device. A storage unit for storing the keys in association with each other;
A receiving unit that receives a request for recovery of information related to the first key from the second terminal device, and receives a result of user authentication by the authentication device from the authentication device;
A verification unit that verifies the signature attached to the authentication result transmitted from the authentication device using the second key;
When the signature is verified using said second key by the verification unit, and the signature is verified using the first key, a signature indicating that authenticates the identity of the same user, An executing unit for performing recovery corresponding to the request received by the receiving unit;
A server device comprising: A terminal device in a recovery system including a terminal device, an authentication server, and an authentication device ,
A generating unit that generates a signature attached to a result of the authentication using a key corresponding to the first key when the user's identity is authenticated in the terminal device;
The first key for use in verification of the signature generated by the generating unit, and transmits to the authentication server, the authentication device to authenticate the identity of the user, the information used for authentication of the user A transmission unit for transmission;
The authentication device is controlled so that a second key used when the authentication device generates a signature is registered in the authentication device with respect to a result of authentication by the authentication device, and the second key A registration unit that controls the authentication server to register a third key used for verifying the signature generated by using the authentication server that verifies the signature;
Causing the authentication device to perform authentication of the user, causing the authentication device to generate a signature for the authentication result using the second key, and generating the authentication result using the second key together with the authentication result An authentication control unit that controls the authentication device so that the signed signature is transmitted to the authentication server;
When the signature attached to the result of the authentication transmitted from the authentication device is verified by the authentication server using the third key under the control of the authentication control unit, the first key A request unit that causes the authentication server to perform recovery of information about the user by requesting the authentication server to recover information about the user whose identity is authenticated by the signature to be verified ;
A terminal device comprising: A recovery method executed by a recovery system including a first terminal device, a second terminal device, an authentication server, and an authentication device ,
As a step executed by the first terminal device,
A generation step of generating a signature attached to a result of the authentication using a key corresponding to the first key when the identity of the user is authenticated in the first terminal device;
The first key used for verifying the signature generated by the generating step, transmits to the authentication server, the authentication device to authenticate the identity of the user, the information used for authentication of the user A transmission process to transmit;
The authentication device is controlled so that a second key used when the authentication device generates a signature is registered in the authentication device with respect to a result of authentication by the authentication device, and the second key A registration step for controlling the authentication server to register the third key used for verifying the signature generated by using the authentication server for verifying the signature,
As a step executed by the second terminal device,
Causing the authentication device to perform authentication of the user, causing the authentication device to generate a signature for the authentication result using the second key, and generating the authentication result using the second key together with the authentication result An authentication control step of controlling the authentication device so as to transmit the signed signature to the authentication server;
When the signature attached to the authentication result transmitted from the authentication device is verified by the authentication server using the third key by the control of the authentication control step , Requesting recovery of information about the user whose identity is authenticated by a verified signature ; and
As a step executed by the authentication server,
A storage step of associating and storing the first key and a third key used for verifying a signature generated using the second key in a storage unit;
A verification step of verifying the signature attached to the authentication result transmitted from the authentication device, using the third key;
Said verification step by signature is verified using the third key, identity of the signature is verified using the first key authenticates the identity of the same user and user to be authenticated An execution step of performing the recovery requested by the request step when the signature is
The recovery method characterized by including. A recovery program to be executed by a recovery system including a first terminal device, a second terminal device, an authentication server, and an authentication device ,
As a procedure to be executed by the first terminal device,
A generation procedure for generating a signature attached to a result of the authentication using a key corresponding to the first key when the identity of the user is authenticated in the first terminal device;
The first key used for verifying the signature generated by the generating procedure, and transmits to the authentication server, the authentication device to authenticate the identity of the user, the information used for authentication of the user Sending procedure to send,
The authentication device is controlled so that a second key used when the authentication device generates a signature is registered in the authentication device with respect to a result of authentication by the authentication device, and the second key A registration procedure for controlling the authentication server to register the third key used for verifying the signature generated by using the authentication server that verifies the signature;
As a procedure to be executed by the second terminal device,
Causing the authentication device to perform authentication of the user, causing the authentication device to generate a signature for the authentication result using the second key, and generating the authentication result using the second key together with the authentication result An authentication control procedure for controlling the authentication device so that the signed signature is transmitted to the authentication server;
When the signature attached to the result of the authentication transmitted from the authentication device is verified by the authentication server using the third key by the control of the authentication control procedure , A request procedure for requesting recovery of information about the user whose identity is authenticated by a verified signature ;
As a procedure to be executed by the authentication server,
A storage procedure for storing the first key and a third key used for verifying a signature generated using the second key in a storage unit in association with each other;
A verification procedure for verifying a signature attached to the result of authentication transmitted from the authentication device, using the third key;
Said verification procedure signature is verified using the third key by the, identity of the signature is verified using the first key authenticates the identity of the same user and user to be authenticated An execution procedure for performing the recovery requested by the request procedure when the signature is
The recovery program characterized by including.

Images