JP6465426B1 - Electronic signature system, certificate issuing system, key management system, and electronic certificate issuing method - Google Patents

Abstract

An object of the present invention is to provide an electronic signature system capable of reducing the burden on a user and safely issuing and registering an electronic certificate. A terminal device 10 issues an authentication request to the key management server 30. If the authentication is successful, the key management server 30 transmits an authorization code to the terminal device 10, and the terminal device 10 The authorization code is sent to the certificate issuing server 20, the certificate issuing server 20 sends the authorization code sent from the terminal device 10 to the key management server 30, and the key management server 30 exchanges the access token in exchange for the authorization code. The certificate issuing server 20 obtains a certificate signature request from the key management server 30 by presenting the access token to the key management server 30 and is described in the certificate signature request. Issue an electronic certificate to the public key. [Selection] Figure 5

Description

  The present invention relates to an electronic signature system and an electronic certificate issuing method, and more particularly to a method for issuing an electronic certificate used together with an electronic signature required in a public key infrastructure.

The e-government has begun to operate worldwide, and contracts that have traditionally been done in paper have become electronic. In electronic contracts (electronic contracts), methods using encryption technology and public key infrastructure are the mainstream.
In an electronic contract using a public key infrastructure, the document sender uses the private key (private key) of the person to give an electronic signature to the contract document (electronic data) based on the public key cryptosystem. On the receiving side, it is possible to determine whether the falsification has occurred or whether or not the communication path has been tampered with by verifying the electronic signature attached to the contract document using the sending side public key. As will be described later, the public key infrastructure can provide various security systems using a public key and a private key (private key) paired therewith.
This method requires the public key of the other party (sending side) who applied the electronic signature to the contract when verifying the contract document. A public key certificate, a so-called “electronic certificate”, is used to prove that the private key paired with the public key is owned by the sender (the identity of the public key).

The “electronic certificate” is also called an ID on the Internet and is issued by a trusted third party (TTP). In particular, a TTP that issues an electronic certificate is called a certificate authority.
Conventionally, an electronic signature is generally performed on a user's PC (Personal Computer). However, a mechanism for improving the convenience of an electronic signature by performing it on a server is also known.
For example, Patent Document 1 discloses a system including a user terminal, an electronic signature server, and a certificate authority.
In Patent Document 1, a certificate authority generates a private key / public key pair. Then, the electronic signature server requests the certificate authority to issue an electronic certificate based on the public key. The certificate authority supplies the issued electronic certificate and private key to the electronic signature server as a file called PKCS # 12. The electronic signature server uses the electronic certificate and private key in response to a request from the user terminal. Digital signature.

In recent years, a mechanism called “remote signature” or “cloud signature” has become widespread, and standardization of protocols such as CSC (Cloud Signature Consortium) such as eIDAS and Adobe in European countries has become standardized. It is being pushed forward.
More specifically, when an electronic signature is required at an electronic signature site or the like, the user is redirected to a key management system using an SSO (Single Sign On) mechanism using OAuth2.0, and the key management system. Pays out tokens after user authentication. An electronic signature site that has acquired the token has begun to implement a mechanism for causing the key management system to sign by presenting the token to the key management system as a “remote signature”.

JP 2010-200142 A

However, in order to perform such “remote signature”, the user creates an account in advance in the key management system, generates a private key (private key) in the key management system, and It is necessary to prepare to bind an electronic certificate issued by a certificate authority.
In this preparatory work, the user obtains (downloads) the public key generated together with the private key (private key) in the key management system in order to have the certificate authority issue an electronic certificate. It is necessary to make a key signature request (certificate signature request) including the certificate authority.

Furthermore, the user must store the issued electronic certificate in the key management system.
Such work is complicated for the user and imposes a technical burden. Furthermore, if the user performs such a preparatory work, the selection of the key management system is left to the user, and there is a problem that it is difficult to control the security level of the key management system on the certificate authority side.
The present invention has been made in view of the above-mentioned problems, and executes processing for issuing an electronic certificate necessary for electronic signature and storing it in a key management system more safely and while reducing the burden on the user. An object is to provide a possible electronic signature system.

  In order to solve the above problems, the present invention provides a certificate issuing system for issuing an electronic certificate, a key for managing a user's private key, and a key for generating an electronic signature using the private key. An electronic signature system comprising a management system and a terminal device used by a user, wherein the terminal device requests the key management system to authenticate the user, and if the authentication is successful, The key management system transmits an authorization code to the terminal device, and the terminal device that has acquired the authorization code transfers the authorization code to the certificate issuing system and acquires the authorization code. The certificate issuing system requests an access token by sending the authorization code to the key management system, and the key management system sends the access token to the certificate issuing system. The certificate issuing system obtains a certificate issuing request including the public key of the user from the key management system by presenting the access token to the key management system, and the public key An electronic certificate is issued to

  By configuring as described above, according to the present invention, it is possible to execute the process of issuing an electronic certificate necessary for an electronic signature and storing it in the key management system more safely and while reducing the burden on the user. A simple electronic signature system can be realized.

It is a reference figure explaining the process of OAuth2.0. It is a figure explaining the system configuration of this embodiment. It is a figure which shows the structure of the certificate issuing server of this embodiment. It is a figure which shows the structure of the key management server of this embodiment. It is a figure explaining the flow of the electronic certificate storage process in the remote signature system of this embodiment. It is a figure explaining the flow of the remote signature process after the electronic certificate storage process shown in FIG.

Embodiments of the present invention will be described below in detail with reference to the drawings.
First, prior arts will be described prior to the description of the present embodiment.

[Public key infrastructure]
A public key infrastructure (PKI) is an information security infrastructure that uses an encryption method called a public key encryption method and provides security functions such as encryption, digital signature (electronic signature), and authentication.
The public key infrastructure uses the features of the public key cryptosystem and provides functions such as encryption, digital signature, and authentication described above. Public key cryptography uses unidirectionality between private keys and public keys (it is possible to calculate public keys from private keys, but it is difficult to calculate private keys from public keys). Provide various functions. Users keep their private keys secretly and keep their public keys open to others. A private key is also called a secret key, meaning that it is kept secret.
For example, when the user B transmits a document to the user A, the user B obtains a public key published by the user A and transmits a document encrypted using the public key to the user A. User A decrypts the received encrypted document using its own private key (secret key).
Anyone who has User A's public key can send an encrypted document to User A, but what is encrypted with User A's public key is private to User A. Since decryption is possible only with a key (private key), even if a malicious third party obtains the public key of user A, the contents of the encrypted document will not be leaked.

[Electronic certificate]
To communicate using the public key cryptosystem, the public key is sent to the communication partner. However, the communication partner cannot be seen by communication via the network, so a third party sends the public key as a communication partner. there's a possibility that. Therefore, it is necessary to confirm whether the public key is really sent from the correct party.
In PKI, for example, a trusted third party (TTP) guarantees the owner of a private key. In other words, TTP confirms the identity of the owner of a private key (private key), and an electronic certificate that links the public key paired with the private key (private key) and the owner of the private key (private key) (Public key certificate) is issued. The electronic certificate is an “identification card” that ensures the owner's information correctly.
A TTP that issues an electronic certificate is particularly called a certificate authority or a certification authority (CA).
The electronic certificate contains information such as the public key and the name, organization name, and email address of the owner that proves the owner of the private key (private key) corresponding to the public key. In order to prevent tampering of the certificate itself, an electronic signature of TTP is given. By attaching an electronic certificate to a document, it is possible to prevent risks such as impersonation and tampering. The owner of a private key (secret key) trusted by TTP is called a subscriber.

[Electronic signature]
The electronic certificate is further used for verifying an electronic signature. Usually, an electronic certificate is attached to an electronic signature. The user who receives the electronic signature verifies the signature using the public key described in the electronic certificate, detects data falsification, and identifies the signer using the content described in the electronic certificate. I can do it.
A digital signature includes a value obtained by encrypting a hash value of a document with a private key (private key) (actually, encryption processing and signature processing are different, but signature processing is called encryption in a broad sense) Many). When user A sends a document file with an electronic signature to user B, user A uses a hash value obtained by applying the hash value to the document file to be transmitted, and user A's private key (secret Key) to create an electronic signature and attach it to the document file.
The user B who has received the document file with the electronic signature uses the hash value obtained by decrypting the encrypted value included in the electronic signature using the public key of the user A, and the hash function of the document file. The hash value obtained by applying to is compared. As a result of the comparison, if both hash values are the same, it is proved that the document has not been tampered with.

Remote signature
Various cloud services and online services are provided, and documents are often handled on the cloud (on the server). Accordingly, an electronic signature of a method called “remote signature (cloud signature)” in which an electronic signature for a document is performed not on the signer's PC (Personal Computer) but on the server (on the cloud) is becoming widespread.
More specifically, the remote signature means that the signer's digital certificate and private key (private key) are managed by the key management system. When digital signature is required, the digital certificate and private key (private key) are managed on the key management system. This is a mechanism for executing an electronic signature using a key.

  Remote signature has the advantage that the signer does not need to manage the private key (private key) himself. Furthermore, not only a PC but also a mobile device such as a web browser or a smartphone can electronically sign a document. Therefore, the convenience is significantly improved as compared with the generation of an electronic signature at an endpoint using a smart card storing a private key (private key) or a USB token. Furthermore, since the private key (private key) is securely protected by the key management system, it can be said that this is a more desirable signature method from the viewpoint of security.

As described above, in a signature system that provides a remote signature service, a signer's private key (private key) and an electronic certificate associated therewith are necessary to perform the signature.
As explained below, the private key (private key) and public key pair are generated by the key management system, but the digital certificate is an authentication that guarantees the identity of the private key (private key) owner. The key management system needs to appropriately import the issued electronic certificate for the reason described above.
The import of the electronic certificate is a preparation work for performing a remote signature in the signature system.

Currently, as such a preparatory action, the user (signer) himself / herself imports (stores) the electronic certificate generated by the certificate authority into the key management system based on the public key generated by the key management system. The following procedure was necessary.
That is,
(1) A user creates an account in the key management system using his / her terminal device.
(2) A user logs in to the key management system using his / her terminal device, and generates a key pair in the key management system.
(3) The user logs in to the key management system using his / her terminal device, causes the key management system to generate and download a certificate signing request (CSR: Certificate Signing Request). The certificate signing request is also called a certificate issuance request.
(4) The user sends the certificate signature request (CSR) acquired in (3) to the certificate authority using his / her terminal device.
(5) The certificate authority issues an electronic certificate based on the certificate signature request (CSR) and sends it to the user.
(6) The user logs in to the key management system, and imports the electronic certificate sent in (5) into the key management system.

In such preparation work, there are many work and procedures performed by the user himself, and technical knowledge is also required, so there is a problem that the user is burdened.
In addition, from the viewpoint of the CA, it is difficult for the CA to control the security level of the key management system, as a result of having the user perform the preparatory work, leaving the selection of the key management system to the user. There was a problem.

  Of course, the certificate authority itself is a reliable third party, but some key management systems are not necessarily reliable. The reliability of the key management system is whether or not the private key (secret key) is managed by an appropriate method. Remote signatures require that private keys (private keys) and electronic certificates be securely managed by a device called HSM (Hardware Security Module), which will be described later. There are security risks associated with the user selecting and using a key management system that does not meet such requirements.

  Therefore, in this embodiment, the certificate authority registers a key management system that can ensure reliability. Then, using the SSO (Single Sign On) mechanism based on OAuth2.0, which will be described later, the public key and the electronic certificate are exchanged between the certificate authority and the trusted key management system, thereby enabling the user. It is possible to allow the user to use a highly reliable key management system while reducing the burden on the user.

OAuth2.0 defined in RFC6749 is a mechanism that allows clients to use protected resources (important information, keys, etc.) held by resource servers with the permission of the resource owner. is there.
Then, the authorization server controls whether the client can access the protected resource held by the resource server.
In order to access the protected resource, information called an access token is required, and the authorization server issues an access token to the client that permits access.

  In addition to the above, a user agent (for example, a web browser) may intervene in access. In this case, the user agent mediates authentication of the resource owner in the authorization server and sending of an authorization code from the authorization server to the client. The authorization code is also called an authorization token.

FIG. 1 is a reference diagram for explaining the OAuth 2.0 process involving a user agent.
The reference diagram of FIG. 1 is a diagram disclosed in RFC6749.
Using FIG. 1, the certificate issuing server, the key management system, and the terminal device constituting the present embodiment are associated with each entity defined in OAuth 2.0, and each entity Explain OAuth2.0 processing.
The certificate issuing system of the present embodiment corresponds to the “client”, and the web browser (described later) executed on the terminal device of the present embodiment corresponds to the “user agent”. Further, the key management system of the present embodiment corresponds to the “authorization server”, and the user of the terminal device corresponds to the “resource owner”.

In FIG. 1A, the client (certificate issuing server) sends the client ID information to the authorization server (key management system) via the user agent (web browser of the terminal device) (RFC6749 # 4.1). In 1. Authorization request) and (B), the authorization server (key management system) performs authentication and authorization on the resource owner (user) via the user agent (web browser).
In (C), when the authorization server (key management system) permits access to the resource, the authorization server (key management system) authorizes the client (certificate issuing server) via the user agent (web browser). A code (Authorization code) is issued (RFC6749 # 4.1.2. Authorization response).
In (D), the client (certificate issuing server) requests an access token from the authorization server (key management system) by presenting an authorization code (RFC6749 # 4. 1.3 Access token request).
In (E), when the authorization server (key management system) succeeds in verifying the presented authorization code (Authorization code), it issues an access token (Access token) to the client (certificate issuing server) (RFC6749 #). 4.1.4 Access token response).

  In the present embodiment, the user is made to access the electronic certificate issuing page of the certificate authority (certificate issuing system). Then, the certificate authority transfers the user to a key management system that is determined to be reliable in advance and logs in to the key management system (authorization request in FIG. 1A).

When the login authentication performed by the user to the key management system is successful, the authorization code (Authorization code) of the key management system is sent to the user (Web browser of the terminal device), and this authorization code (Authorization code) And transferred to the certificate authority (certificate issuing system) (authorization response in FIG. 1C).
The certificate authority (certificate issuing system) uses the authorization code to request an access token (Access token) (access token request in FIG. 1D).
The certificate authority (certificate issuing system) is given an access token from the key management system (access token response in FIG. 1E).

Further, as a feature of the present embodiment, the certificate authority (certificate issuing system) uses the access token to make a certificate signature request (CSR) request to the key management system, and the key management system An electronic certificate is issued by receiving a certificate signing request (CSR) from the client.
According to such a system of the present embodiment, a certificate signing request (CSR) is made to the key management system on the certificate authority (certificate issuing system) side while satisfying the requirement of authentication by the user, A certificate signing request (CSR) can be received directly from the key management system, an electronic certificate can be issued and sent to the key management system for import.

In the following, the system of this embodiment and its processing will be described in more detail.
FIG. 2 is a diagram for explaining the system configuration of the present embodiment.
As shown in FIG. 2, the remote signature system 1 of the present embodiment includes a terminal device 10 relating to use by a user, a certificate issuing system 2 including a certificate issuing server 20 that issues a user's electronic certificate, A key management system 3 including a key management server 30 for managing a user's private key (private key) and public key pair and an electronic certificate issued by the certificate issuing server 20 to provide a remote signature service; .
The terminal device 1, the certificate issuing system 2, and the key management system 3 are all connected to the Internet and configured to be able to communicate with each other.
The types of data exchanged between these devices and systems are mainly transmitted and received as parameters of HTTP requests and HTTP responses (using the HTTP protocol), but the communication itself is protected to ensure security. It is customary (for example, using HTTPS).

As described above, the certificate issuing system 2 corresponds to the client in the OAuth,
A web browser executed on the terminal device 10 corresponds to a user agent. The key management system 3 corresponds to the authorization server, and the user of the terminal device 10 corresponds to the resource owner.
Accordingly, the certificate issuing device 20 constituting the certificate issuing system 2, the key management server 30 constituting the key management system 3, and the web browser of the terminal device 10 can each execute the processing conforming to the OAuth described above. It is configured.

The terminal device 10 is a general PC or smartphone capable of executing a web browser (user agent).
The web browser executed by the CPU of the terminal device 10 includes a page request unit that requests an electronic certificate issuance page provided from the certificate issuance system 20, and a page display unit that displays a transfer page received from the certificate issuance server 20. The OAuth execution means for transmitting an authorization request to the key management server 30 and receiving an authorization response including the authorization code (Authorization code), receiving the input of the KeyAlias and PIN, and receiving the input to the key management server 30 It functions as a key information transmitting means for transmitting, an authorization code transmitting means for performing processing such as transfer of an authorization code received from the key management server 30 to the certificate issuing server 20 and the like.

The certificate issuing server 20 belongs to a certificate authority that issues an electronic certificate. As described above, the certificate authority is an organization that issues an electronic certificate used to confirm the owner of a private key used in a public key infrastructure (PKI).
In addition to the certificate issuing server 20, the certificate issuing system 2 may further include a web server that accepts a request from a user's web browser and supplies data of an electronic certificate issuing page to the terminal device 10. The function of the web server may be provided in the certificate issuing server 20 itself.

The key management system 3 is a system that manages a user's private key (private key) and an electronic certificate and provides a remote signature service. The key management system 3 generates an electronic signature in response to a request and supplies it to a request source.
The key management system 3 of the present embodiment includes, for example, a key management server 30 and a hardware security module (HSM: Hardware Security Module) 100.
The HSM 100 generates a user private key (private key) and public key pair, imports and manages the user's electronic certificate issued by the certificate authority, and uses the private key (private key). An apparatus for generating an electronic signature.

In the system of the present embodiment, the HSM 100 is built in the key management server 30 in a form connected to the internal bus of the key management server 30, for example. Also, the HSM 100 may be connected to an external bus (such as a USB bus) of the key management server.
Further, the HSM 100 may include a network interface, and the HSM 100 alone may be connectable to the network. The HSM 100 is communicably connected to the key management server 30 in the same local network or remote network as the key management server 30.
In this case, the key management server 30 instructs the HSM 100 to generate a key pair in response to a request from the terminal device 10 via the network, and the electronic certificate transmitted from the certificate issuing server 20 (certificate authority) is sent to the HSM 100. To import.

As described in the above description of OAuth, in the system 1 shown in FIG. 2, the user redirected by the certificate issuing server 20 (web browser executed by the terminal device 10) authenticates to the key management server 30. When the authentication is successful, the key management server 30 sends an authorization code to the terminal device 10 (web browser).
Whether or not to make an authentication request to the key management server 30 and whether to establish authorization even if the authentication is successful can be determined at the discretion of the user himself / herself. In the dialog screen for confirming whether or not an authentication request can be displayed on the redirect screen, the user can select whether or not an authentication request can be made. Alternatively, after successful authentication, the user can select the right or wrong of authentication establishment on the dialog screen for confirming the right or wrong of establishment of authorization.

Upon receiving the authorization code (Authorization code), the terminal device 10 (web browser) sends (transfers) the authorization code (Authorization code) to the certificate issuing server 20.
The certificate issuing server 20 sends an authorization code (Authorization code) sent from the terminal device 10 (web browser) to the key management server 30, and the key management server 30 accesses in exchange for the authorization code (Authorization code). A token (Access token) is sent to the certificate issuing server 20.
The certificate issuing server 20 presents an access token to the key management server 30, whereby the certificate issuing server 20 can obtain a certificate signature request (CSR) from the key management server 30. The certificate issuing server 20 issues an electronic certificate to the public key described in the certificate signature request (CSR).

  If the user's account does not exist in the key management server 30 when the user requests authentication from the key management server 30, the key management server 30 prompts the user to create a new account. After the user creates a new account in the key management server 30, the key management server 30 can send an authorization code to the user (web browser).

FIG. 3 is a diagram illustrating a configuration of the certificate issuing server according to the present embodiment. FIG. 3A is a diagram illustrating a functional configuration using hardware, and FIG. 3B is a diagram illustrating a functional configuration using software.
As shown in FIG. 3A, the certificate issuing server 20 executes a general-purpose operating system that controls the entire apparatus and a CPU (Central Processing) that executes a program that realizes the function of the certificate issuing server 20. Unit) 21, a RAM (Random Access Memory) 22 in which various programs, temporary data, and variables are expanded for processing by the CPU 21, an HDD (Hard Disk Drive) 23 in which programs and data are stored, and an unillustrated A ROM (Read Only Memory) and a network I / F 24 for connecting the certificate issuing server 20 to the network are provided.

Also, as shown in FIG. 3B, the CPU 21 has, as processing units, a web page processing unit 51, an OAuth execution processing unit 52, a signature request request processing unit 53, an electronic certificate issuance processing unit 54, Execute.
The web page processing unit 51 functions as a so-called web server, and transmits electronic certificate issuance page data from web page (HTML page) data stored in the HDD 23 in response to an HTTP request from the terminal device 10. As described above, the web page processing unit 51 may be configured as an independent server device (web server) different from the certificate issuing server 20.
That is, the certificate issuance server 20 has a function of a web server for supplying a web page (electronic certificate issuance page) for accepting issuance of an electronic certificate and displaying the web page on the web browser of the terminal device. Alternatively, the certificate issuing system 3 includes a back-end certificate issuing server 30 and a web server as a front end accessed by a user.

The OAuth execution processing unit 52, together with the OAuth execution processing unit 61 of the key management server 20, is a processing unit for controlling the OAuth 2.0 authorization processing defined in so-called RFC6749, and is transmitted from the terminal device 10 (web browser). Processing for requesting an access token from the key management server 30 is performed using the authorized code.
The signature request request processing unit 53 is a processing unit that performs a process of requesting the key management server 20 for a certificate signature request (CSR) using the access token acquired by the OAuth execution processing unit 52.
The electronic certificate issuance processing unit 54 is a processing unit that performs processing for issuing an electronic certificate based on a public key included in a certificate signature request (CSR) transmitted from the key management server 20.

  By providing the configuration as described above, the certificate issuing system 2 can issue a certificate signature request including a public key for a trusted signature service (key management system 3) when issuing an electronic certificate required for remote signature. Requests and issuance of electronic certificates can be automatically performed under user authentication and management. Thereby, it is possible to safely issue an electronic certificate while reducing the burden on the user.

4A and 4B are diagrams illustrating the configuration of the key management server according to the present embodiment. FIG. 4A is a diagram illustrating a functional configuration using hardware, and FIG. 4B is a diagram illustrating a functional configuration using software.
As shown in FIG. 4 (a), the key management server 30 executes a general-purpose operating system that controls the entire apparatus, and a CPU (Central Processing Unit) that executes a program that implements the functions of the key management server 30. 31, a RAM (Random Access Memory) 32 in which various programs, temporary data, and variables are expanded for processing by the CPU 31, an HDD (Hard Disk Drive) 33 in which programs and data are stored, and a ROM (not shown) (not shown) Read Only Memory) and a network I / F 34 for connecting the key management server 30 to the network.

Furthermore, the key management server 30 includes a hardware security module (HSM) 100 connected to an internal bus. In this case, the key management server 30 is synonymous with the key management system 3.
As described above, the HSM 100 may be connected to the external bus of the key management server 30 or may be connected to the key management server 30 via a network having a network I / F. In this case, the key management system 3 is configured by the key management server 30 and the network connection type HSM 100.

Further, as shown in FIG. 4B, the CPU 31 functions as an OAuth execution processing unit 61, a user authentication processing unit 62, a key generation processing unit 63, a signature request processing unit 64, and a certificate storage. The processing unit 65 is executed.
The OAuth execution processing unit 61 is a processing unit for controlling the OAuth 2.0 authorization process defined in RFC6749 together with the OAuth execution processing unit 52 of the certificate issuing server 30.
When the OAuth execution processing unit 61 receives an authorization request from the terminal device 10 (web browser), the OAuth execution processing unit 61 displays an authentication screen on the terminal device 10, and when the authentication by the user authentication processing unit 62 is successful, an authorization response As an (Authorization response), an authorization code is transmitted to the terminal device 10.
Furthermore, when the OAuth execution processing unit 61 requests an access token (Access token) together with an authorization code from the certificate issuing server 20, the OAuth execution processing unit 61 transmits the access token (Access token) to the certificate issuing server 20. Perform the process.

The user authentication processing unit 62 authenticates authentication information (for example, a combination of a user ID and a password) input on the authentication screen displayed on the terminal device 10, and if authenticated, notifies the OAuth execution processing unit 61 Is a processing unit.
The key generation processing unit 63 is a processing unit that controls the HSM 100 and performs a key generation process for generating a private key (secret key) and public key pair. The private key (secret key) is generated based on, for example, KeyAlias and PIN received from the terminal device 10.
When requested by the certificate issuing server 20 for a certificate signature request (CSR), the signature request processing unit 64 sends a certificate signature request (CSR) including the public key generated by the key generation processing unit 63 to the certificate issuing server. 20 is a processing unit that performs processing to be transmitted to 20.
The certificate storage processing unit 65 is a processing unit that performs processing for storing (importing) the electronic certificate transmitted from the certificate issuing server 20 in the HSM 100.
Further, the CPU 31 of the key management server 30 executes an electronic signature generation processing unit that performs processing for generating an electronic signature by the HSM 100 in response to an electronic certificate issuance request.

  By providing the configuration as described above, the key management system 3 according to the present embodiment allows the certificate issuing system 2 to perform authentication and management of a user when issuing an electronic certificate required by a remote signature. It is possible to automatically issue a certificate signing request including a public key and issue an electronic certificate. Thereby, it is possible to safely issue an electronic certificate while reducing the burden on the user.

FIG. 5 is a diagram for explaining the flow of electronic certificate storage processing in the remote signature system of this embodiment.
In the single sign-on technology, the key management system 3 (key management server 30) is an Identity Provider (IdP) that provides authentication information, and a certificate issuing system 2 (certificate issuing server 20) that is a certificate authority. ) Is a service provider (SP) that uses authentication information.

In step S1, the terminal device 10 (web browser) used by the user accesses the certificate issuing server 20 of the certificate authority (CA).
Upon receiving the request for the electronic certificate issuance page, the certificate issuance server 20 supplies the terminal device 10 with a page for redirecting the user to the key management server 30 in step S2.
By the user's operation, the terminal device 10 transmits an authorization request to the key management server 30 in step S3 (RFC6749 # 4.1.1.). This is a procedure for requesting user authentication in the single sign-on mechanism.

In the user authentication process in step S4, the key management server 30 requests the user to input authentication information (for example, user ID and password). If the account for the user has not been created, the key management server 30 performs processing for creating a new account for the user.
In the user authentication process in step S4, authentication information is input in a session separately established between the key management server 30 and the terminal device 10, unlike the process defined by RFC6749 (OAuth2.0). .
As an authentication method, not only a format for authenticating a combination of a user ID and a password but also authentication may be performed by sending a token stored in the IC card from the terminal device 10 to the key management server 30.
When the user authentication or the account creation is normally performed, the key management server 30 establishes the authorization after obtaining the confirmation of the user, and in step S5, the authorization code (Authorization) is used as an authorization response. code) is transmitted to the terminal device 10 (RFC6749 # 4.1.2.).

For example, at this stage, in step S6, the terminal device 10 (web browser) transmits the key alias (name for identification attached to the key) and the PIN input by the user to the key management server 30.
On the other hand, in step S7, the key management server 30 causes the HSM (Hardware Security Module) 100 to generate a private key (private key) and public key pair based on the key alias and PIN input by the user. To store.
In practice, the key pair may be generated by the time when a certificate signature request (CSR) including a public key, which will be described later, is transmitted.

In step S8, the terminal device 10 (web browser) that has received the authorization code (Authorization code) transmitted from the key management server 30 transfers (Redirect) the authorization code (Authorization code) to the certificate issuing server 20.
In step S9, the certificate issuing server 20 that has acquired the authorization code (Authorization code) transferred from the terminal device 10 uses the authorization code (Authorization code) to send an Access token request to the key management server. 30 (RFC6749 # 4.1.3.).

The key management server 30 that has received the access token request returns an access token response to the certificate issuing server 20 in step S10.
That is, the key management server 30 transmits an access token to the certificate issuing server 20 (RFC6749 # 4.1.4.).

The certificate issuing server 20 that has acquired the access token (Access token) from the key management server 30 uses the access token (Access token) in step S11 to request a certificate signature request (CSR) from the key management server 30. Make a request.
The key management server 30 that has received the certificate signature request (CSR) request makes a certificate signature request (CSR) to the certificate issuing server 20 in step S12. The certificate signature request includes the public key generated by the key management server 30.
Upon receiving the certificate signature request, the certificate issuing server 20 issues an electronic certificate in step S13, posts it to, for example, the key management server 30 in step S14, and in step S15, the key management server 30 Accept (store) it.
The key management server 30 manages the posted electronic certificate together with a private key (private key) and a public key.

FIG. 6 is a diagram for explaining the flow of the remote signature process after the electronic certificate storing process shown in FIG.
In response to the request from the terminal device 10, the certificate issuing server 20 transmits a remote signature request to the key management server 30 using the access token acquired in the process of FIG.
This remote signature request is a process for remotely requesting generation of an electronic signature, and is a process different from the certificate signature request for requesting issuance (signature) of an electronic certificate in the electronic certificate storage process described above. .
The key management server 30 that has received the remote signature request transmission generates an electronic signature in step S22 (the HSM 100 generates an electronic signature), and transmits the generated electronic signature to the certificate issuing server 20 in step S23. .

As described above, the certificate issuing server 20 according to the present embodiment uses the OAuth2.0 mechanism from the key management server 30 to access the key management server 30 for requesting a certificate signature request (CSR). Get a token (Access token).
The certificate issuing server 20 can use the access token not only for a request for a certificate signature request (CSR) but also for a request for a remote signature to the key management server 30.

As described above, in the remote signature system of this embodiment, when issuing an electronic certificate, a public key is included between a certificate authority (certificate issuing system) and a trusted signature service (key management server). The exchange of the certificate signature request and the electronic certificate is automatically performed under the authentication and management of the user. In particular, the certificate issuing server can automatically issue an electronic certificate.
This realizes an electronic signature system that can safely issue an electronic certificate and register an electronic certificate in a key management server while reducing the burden on the user, and provides a highly reliable signature service to the user. Can be used.

In the above description, the system in which each of the terminal device 10, the certificate issuing system (certificate issuing server 20), and the key management system 3 (key management server 30) is included has been described.
However, the remote signature system 1 according to the present embodiment can be configured by a plurality of terminal devices 10, a plurality of certificate issuing systems 20, and a plurality of key management systems 30.

A user of one or a plurality of terminal devices 10 selects an arbitrary certificate issuing system 20 from a plurality of certificate issuing systems (certificate authorities) having the functions described above, and enters the certificate issuing page. Can be accessed.
In addition, one certificate issuing system 20 trusts a plurality of key management systems 30 having the functions described above, and issues an electronic certificate for the public key issued by each key management system according to the above procedure. Process to register.
When each certificate issuing system has a plurality of key management systems capable of redirecting users, for example, a list of available key management systems is displayed on the certificate issuing page, and the key management system to be used is displayed from the list. Can be selected by the user.

In addition, the above-described Patent Document 1 (Japanese Patent Laid-Open No. 2010-200142) discloses a system including a user terminal, an electronic signature server, and a certificate authority.
In Patent Document 1, a certificate authority generates a key pair of a secret key and a public key. Then, the electronic signature server requests the certificate authority to issue an electronic certificate based on the public key. The certificate authority stores the issued electronic certificate and private key in a file called PKCS # 12 and supplies it to the electronic signature server.
Then, the electronic signature server performs an electronic signature using the electronic certificate and the private key in response to a request from the user terminal.

  As described above, in Patent Document 1, the certificate authority generates a key pair, the electronic signature server makes a certificate signature request through direct exchange with the certificate authority, and the generated certificate and private key are also included in the electronic signature. This is done by direct exchange between the server and the certificate authority. There is no room for the user to intervene during the communication.

On the other hand, in this embodiment, a user terminal device is interposed between the certificate authority (certificate issuing system) and the key management server, and the user manages the key using the mechanism of OAuth2.0 (RFC6749). Authentication for the server is performed, and an electronic certificate is exchanged between the certificate authority (certificate issuing system) and the key management server using an access token that is issued as a result.
In the present embodiment, the private key (secret key) is originally generated by the key management server and is not exchanged between the certificate authority and the key management server.
In the present embodiment, since a certificate signature request and electronic certificate are exchanged when the user authenticates the key management server, the electronic certificate can be issued more safely than the conventional method. In addition, since private keys (secret keys) are generated by the key management system and are not sent to other servers or terminals, there is a low risk of leaking to the outside and a safer digital signature system can be operated. It becomes.

[First invention]
The first invention according to the present embodiment includes a certificate issuing system 2 that issues an electronic certificate, and a key management system that has a function of managing a user's private key and generates an electronic signature using the private key. 3 and a terminal device 10 used by the user, the terminal device 10 requests the key management system 3 to authenticate the user, and if the authentication is successful, the key management The system 3 transmits an authorization code to the terminal device 10, the terminal device 10 that has acquired the authorization code transfers the authorization code to the certificate issuing system 2, and the certificate issuing system 2 that has acquired the authorization code An access token is requested by sending an authorization code to the key management system 3, the key management system 3 sends the access token to the electronic certificate issuing system 2, and the certificate issuing system 2 The electronic signature system 1 that obtains a certificate issuance request including a user's public key from the key management system 3 by presenting the token to the key management system 3 and issues an electronic certificate to the public key is characterized. To do.
In the electronic signature system according to the first aspect of the present invention, when issuing an electronic certificate required for remote signature, a certificate signing request including a public key and an electronic certificate are issued under the authentication and management of the user. This is automatically performed between the (certificate issuing system 2) and the trusted signature service (key management system 3).
Thereby, it is possible to realize an electronic signature system that can safely issue an electronic certificate while reducing the burden on the user.

[Second invention]
A second invention according to the present embodiment is a certificate issuing system that issues an electronic certificate, and the terminal device used by the user requests the key management system to authenticate the user. An authorization code acquisition unit (OAuth execution processing unit 52) for acquiring the issued authorization code, and a first request unit (OAuth execution processing unit 52) for requesting an access token from the key management system using the acquired authorization code; Second request means (signature request request processing unit 53) for requesting the key management system for a certificate issuance request including the public key of the user using the access token acquired in response to the request by the first request means; Issuing means for issuing an electronic certificate to the public key included in the certificate issuance request acquired in response to the request by the first requesting means (electronic certificate issuance processing unit) 4 and), and wherein the certificate issuing system comprising a.
The certificate issuing system according to the second aspect of the invention issues a request for a certificate signing request including a public key for a trusted signature service (key management system 3) and an electronic certificate when issuing an electronic certificate required for remote signature. Issuing can be performed automatically under user authentication and management.
Thereby, it is possible to safely issue an electronic certificate while reducing the burden on the user.

[Third invention]
A third invention according to the present embodiment is a key management system that has a function of managing a user's secret key and generates an electronic signature using the secret key, and generates at least the user's public key A key generation unit (key generation processing unit 63), an authentication unit (user authentication processing unit 62) that authenticates the user when the terminal device requests user authentication, and an authorization code when the authentication is successful. An authorization code transmission means (OAuth execution processing unit 61) for transmitting the access token to the certificate issuing system, and an access token transmission means (OAuth execution processing for transmitting the access token to the certificate issuing system that has requested the access token using the authorization code. 61) and a certificate issuance request including the public key to the certificate issuing system that transmitted the access token, and an electronic certificate is issued to the certificate issuing system. And signature request means (signature request processing section 64) to be characterized by the key management system comprising a.
The key management system according to the third aspect of the invention automatically issues a certificate signing request including a public key to the certificate issuing system under the authentication and management of the user when issuing the electronic certificate required by the remote signature. And issue an electronic certificate.
Thereby, it is possible to safely issue an electronic certificate while reducing the burden on the user.

1 remote signature system, 10 terminal device, 20 certificate issuing server, 21 CPU, 22 RAM, 23 HDD, 24 network I / F, 30 key management server, 31 CPU, 32 RAM, 33 HDD, 34 network I / F, 51 Web Page Processing Unit, 52 OAuth Execution Processing Unit, 53 Signature Request Request Processing Unit, 54 Electronic Certificate Issuance Processing Unit, 61 User Authentication Processing Unit, 62 OAuth Execution Processing Unit, 63 Key Generation Processing Unit, 64 Signature Request Processing Unit , 65 Certificate storage processing part

Claims (5)

A certificate issuing system for issuing an electronic certificate;
A key management system having a function of managing a user's private key, and generating an electronic signature using the private key;
An electronic signature system comprising a terminal device used by a user,
The terminal device requests authentication of the user from the key management system;
If the authentication is successful, the key management system sends an authorization code to the terminal device,
The terminal device that has acquired the authorization code transfers the authorization code to the certificate issuing system,
The certificate issuing system that has acquired the authorization code requests an access token by sending the authorization code to the key management system,
The key management system sends the access token to the certificate issuing system;
The certificate issuance system obtains a certificate issuance request including the user's public key from the key management system by presenting the access token to the key management system, and provides an electronic certificate for the public key. An electronic signature system characterized by issuing a certificate. The electronic signature system according to claim 1,
The key management system prompts the user to create an account when the user's account related to authentication requested by the terminal device does not exist in the key management system, and when the account is made by the user, An electronic signature system, wherein the authorization code is sent to the terminal device. A certificate issuing system for issuing an electronic certificate,
An authorization code acquisition means for acquiring an authorization code issued by the key management system when a terminal device used by the user requests the key management system to authenticate the user;
First request means for requesting an access token from the key management system using the acquired authorization code;
Second request means for requesting the key management system to issue a certificate including the public key of the user using the access token obtained in response to the request by the first request means;
Issuing means for issuing an electronic certificate to the public key included in the certificate issuing request acquired in response to a request by the second requesting means;
A certificate issuing system comprising: A key management system having a function of managing a user's private key and generating an electronic signature using the private key,
A key generation means for generating at least a user's public key;
Authentication means for authenticating the user when the terminal device requests user authentication;
An authorization code transmitting means for transmitting an authorization code to the certificate issuing system when the authentication is successful;
An access token transmitting means for transmitting the access token to the certificate issuing system that requested the access token using the authorization code;
Signature request means for transmitting a certificate issuance request including the public key to the certificate issuing system that has transmitted the access token, and causing the certificate issuing system to issue an electronic certificate. Key management system. A certificate issuing system for issuing an electronic certificate, a function for managing a user's private key, a key management system for generating an electronic signature using the private key, a terminal device used by the user, An electronic signature issuing method for an electronic signature system comprising:
The terminal device requests authentication of the user from the key management system;
If the authentication is successful, the key management system sends an authorization code to the terminal device,
The terminal device that has acquired the authorization code transfers the authorization code to the certificate issuing system,
The certificate issuing system that has acquired the authorization code requests an access token by sending the authorization code to the key management system,
The key management system sends the access token to the certificate issuing system;
The certificate issuance system obtains a certificate issuance request including the user's public key from the key management system by presenting the access token to the key management system, and provides an electronic certificate for the public key. An electronic certificate issuing method characterized by issuing a certificate.

Images