JP6654934B2 - Authentication system - Google Patents

Description

The present invention relates to an authentication system.

  Generally, in a content distribution service such as a video distribution service, content is distributed to an authenticated terminal device. In the authentication of the terminal device, a key shared between an authentication device for authenticating the terminal device and the terminal device is used. For example, Patent Document 1 is known as a technique for sharing a key between communication terminals.

Japanese Patent No. 4803145

  It is assumed that the user of the content distribution service has two terminal devices. For example, it is assumed that the user has a smartphone that is usually used easily and a tablet-type computer (tablet PC) that is used when, for example, watching a moving image. In this case, it is easier for the user to perform the operation for receiving the provision of the content distribution service on the smartphone, but the user may want to view the content provided by the content distribution service on the tablet PC. However, even if the same key is shared between the smartphone and the tablet PC, the user must operate the tablet PC to authenticate the content distribution service, so that it is easy to operate the smartphone like a smartphone. Absent.

The present invention has been made in view of such circumstances, and the information to be used for authentication of the terminal device to be authenticated is shared by another terminal device in advance with the terminal device to be authenticated. An object of the present invention is to provide an authentication system capable of automatically performing authentication.

(1) One embodiment of the present invention includes a first terminal device, a second terminal device, and an authentication device, wherein the first terminal device is authentication information shared with the second terminal device. An information transmitting unit configured to transmit transmission information including first authentication information of the first terminal device and second authentication information of the second terminal device to the authentication device, wherein the authentication device includes the first terminal An information receiving unit for receiving the transmission information from the device, a notification unit for notifying, by communication, notification information including authentication reception information used for authentication of the second terminal device, and validity of the authentication request information received by communication. The verification is performed based on the first authentication information and the second authentication information included in the transmission information received by the information receiving unit, and the authentication reception information included in the notification information notified by the notification unit. An authentication receiving unit. A terminal device for receiving the broadcast information from the authentication device by communication, and sharing the authentication reception information and the first terminal device included in the broadcast information received by the broadcast information receiving unit. An authentication request unit that transmits the authentication request information based on the first authentication information and the second authentication information to the authentication device by communication, and wherein the first terminal device is configured to perform the second The apparatus further includes an inter-terminal authentication unit that performs mutual authentication with a terminal device and shares the first authentication information and the second authentication information with the second terminal device, wherein the second terminal device includes the first terminal An authentication system that performs mutual authentication with a device and further includes an inter-terminal authentication unit that shares the first authentication information and the second authentication information with the first terminal device, wherein the second terminal device includes: The authentication reception information A first session key used for generating the authentication request information is generated from a combination of the first authentication information and the second authentication information, and the first session key is generated based on the authentication reception information and the first authentication key. A message authentication code for a combination of the authentication request information and the second authentication information, wherein the authentication device determines the validity of the authentication request information from the combination of the authentication reception information and the first authentication information and the second authentication information. Generating a second session key used for verifying the credibility, wherein the second session key is a message authentication code for a combination of the authentication reception information, the first authentication information, and the second authentication information. System.
( 2 ) In one aspect of the present invention, in the authentication system according to (1), the authentication device includes the first authentication information and the first authentication information included in the authentication reception information and the transmission information received by the information receiving unit. A verification information generation unit configured to generate verification information based on the authentication information and the second terminal device, wherein the notification unit further includes the verification information generated by the verification information generation unit in the notification information; The first authentication information that shares the validity of the authentication reception information included in the broadcast information received by the broadcast information receiving unit with the verification information and the first terminal device included in the broadcast information, and An authentication system further comprising a verification unit for performing verification based on the second authentication information.
( 3 ) In one aspect of the present invention, in the authentication system according to any one of (1) and (2) , the information transmitting unit further transmits service information indicating a service received by the second terminal device to the transmission information. In the authentication device, the authentication request by the authentication receiving unit determines whether to provide a service represented by the service information included in the transmission information received by the information receiving unit to the second terminal device. An authentication system further comprising a service execution determination unit that determines based on a result of verification of information validity.
( 4 ) In one aspect of the present invention, in the authentication system according to any one of (1) to ( 3 ), the information transmitting unit transmits the transmission information by short-range wireless communication, and the information receiving unit includes: An authentication system for receiving the transmission information by the short-range wireless communication.
( 5 ) In one aspect of the present invention, in the authentication system according to any one of (1) to ( 4 ), the notifying unit transmits the notifying information by a broadcast signal of wireless communication, and the notifying information receiving unit includes An authentication system for receiving the broadcast information by a broadcast signal of the wireless communication.

(7) One aspect of the present invention is to communicate, with a first terminal device, broadcast information including authentication reception information used for receiving transmission information from the first terminal device and authenticating the second terminal device. The first authentication information of the first terminal device, the second authentication information of the second terminal device, the authentication reception information, and the validity of the authentication request information notified by the communication and included in the transmission information. An authentication device that performs verification based on the first authentication information and the first authentication information shared with the first terminal device and the authentication reception information included in the notification information, receiving the notification information from the authentication device by communication . And the second terminal device for transmitting the authentication request information based on the authentication information to the authentication device by communication, and the first terminal device of the authentication system including the second terminal device. authentication information An information transmitting unit that transmits the transmission information including the first authentication information and the second authentication information to the authentication device there is performed the second terminal device and the mutual authentication, the said second terminal device the A terminal authentication unit that shares the first authentication information and the second authentication information .

(8) One aspect of the present invention is an authentication device, which is authentication information shared with a second terminal device, the first authentication information of the first terminal device and the second authentication information of the second terminal device. said first terminal device transmits transmission information including to the authentication apparatus, wherein the receiving the broadcast information from the authentication device by the communication, shared with the authentication acceptance information contained in該報broadcast information from the first terminal device The second terminal device for transmitting authentication request information based on first authentication information and the second authentication information to the authentication device by communication , the first terminal device comprising: Performing mutual authentication with the device, sharing the first authentication information and the second authentication information with the second terminal device, the second terminal device performing mutual authentication with the first terminal device, A first terminal device and the first authentication information and the second authentication information; Sharing information is the authentication apparatus of the authentication system, including the information reception unit from the first terminal device receives the transmission information, the authentication acceptance information that is used to authenticate the second terminal device A notifying unit that notifies the notifying information by communication, and the validity of the authentication request information received by the communication, the first authentication information and the second authentication information included in the transmission information received by the information receiving unit, and An authentication receiving unit that performs verification based on the authentication receiving information included in the notification information notified by the notifying unit.

(9) One embodiment of the present invention is a second terminal, and authentication information shared with the second terminal, the first authentication information of the first terminal and the second terminal. said first terminal device transmits transmission information to the authentication apparatus including two authentication information, receiving the transmission information from said first terminal device, the authentication acceptance information that is used to authenticate the second terminal device The communication information is notified by communication, and the validity of the authentication request information received by communication is verified based on the first authentication information and the second authentication information included in the transmission information and the authentication reception information. An authentication device, wherein the second terminal device of the authentication system includes: a notification information receiving unit that receives the notification information from the authentication device by communication; and a notification information receiving unit that is included in the notification information received by the notification information receiving unit. The authentication reception The authentication request information based on said first authentication information and the second authentication information is shared with the boric first terminal device, the authentication request unit that transmits to the authentication device by the communication, the first terminal A terminal device that performs mutual authentication with a device and includes the first terminal device and an inter-terminal authentication unit that shares the first authentication information and the second authentication information .

(10) One aspect of the present invention is an authentication method of an authentication system including a first terminal device, a second terminal device, and an authentication device, wherein the first terminal device and the second terminal device are different from each other. Performing mutual authentication and sharing the first authentication information of the first terminal device and the second authentication information of the second terminal device; and wherein the first terminal device has the first authentication information and the An information transmitting step of transmitting transmission information including second authentication information to the authentication device; an information receiving step of receiving the transmission information from the first terminal device by the authentication device; A notification step of notifying, by communication, notification information including authentication reception information used for authentication of the second terminal device, and a notification information receiving step of receiving the notification information from the authentication device by the second terminal device by communication And before The second terminal device, based on said first authentication information and the second authentication information said to share authentication acceptance information and the first terminal device included in the broadcast information received by the broadcast information receiving step the authentication request information, the authentication request sending to the authentication device by the communication, the authentication device, the include the validity of the authentication request information received by the communication, the transmission information received by the information receiving step the An authentication method including: (1) authentication information, the second authentication information, and an authentication receiving step of verifying based on the authentication receiving information included in the notification information notified in the notification step.

(11) One aspect of the present invention is to communicate, with a first terminal device, notification information including authentication reception information used for receiving transmission information from the first terminal device and authenticating the second terminal device. The first authentication information of the first terminal device, the second authentication information of the second terminal device, the authentication reception information, and the validity of the authentication request information notified by the communication and included in the transmission information. An authentication device that performs verification based on the first authentication information and the first authentication information shared with the first terminal device and the authentication reception information included in the notification information, receiving the notification information from the authentication device by communication . A second terminal device for transmitting the authentication request information based on the two authentication information to the authentication device by communication, and a computer of the first terminal device of the authentication system, share That said information transmitting function first authentication information and the transmission information including the second authentication information transmitted to the authentication device performs the second terminal device and the mutual authentication, the said second terminal device the This is a computer program for realizing an inter-terminal authentication function of sharing the first authentication information and the second authentication information .

(12) One embodiment of the present invention is an authentication device, which is authentication information shared with a second terminal device, the first authentication information of the first terminal device and the second authentication information of the second terminal device. said first terminal device transmits transmission information including to the authentication apparatus, wherein the receiving the broadcast information from the authentication device by the communication, shared with the authentication acceptance information contained in該報broadcast information from the first terminal device The second terminal device for transmitting authentication request information based on first authentication information and the second authentication information to the authentication device by communication , the first terminal device comprising: Performing mutual authentication with the device, sharing the first authentication information and the second authentication information with the second terminal device, the second terminal device performing mutual authentication with the first terminal device, A first terminal device, the first authentication information, and the second Share witness information, the computer of the authentication apparatus of the authentication system, the information receiving function from the first terminal device receives the transmission information, the authentication acceptance information that is used to authenticate the second terminal device And a notification function of notifying the notification information by communication, and the first authentication information and the second authentication information included in the transmission information received by the information reception function, the validity of the authentication request information received by communication. And an authentication reception function for performing verification based on the authentication reception information included in the notification information notified by the notification function.

(13) One aspect of the present invention is a second terminal, and authentication information shared with the second terminal, the first authentication information of the first terminal and the second terminal. said first terminal device transmits transmission information to the authentication apparatus including two authentication information, receiving the transmission information from said first terminal device, the authentication acceptance information that is used to authenticate the second terminal device The communication information is notified by communication, and the validity of the authentication request information received by communication is verified based on the first authentication information and the second authentication information included in the transmission information and the authentication reception information. An authentication device, the computer of the second terminal device of the authentication system comprising: a notification information receiving function of receiving the notification information from the authentication device by communication; and a notification information received by the notification information receiving function. That the authentication acceptance information and the first authentication information and the authentication request information based on the second authentication information shared with the first terminal device, the authentication requesting function of transmitting to the authentication device by the communication, the A computer program for performing mutual authentication with a first terminal device and realizing an inter-terminal authentication function for sharing the first authentication information and the second authentication information with the first terminal device .

  According to the present invention, authentication of the terminal device to be authenticated can be automatically performed by another terminal device that shares information used for authentication of the terminal device to be authenticated with the terminal device to be authenticated in advance.

FIG. 1 is a diagram illustrating a configuration example of an authentication system 1 according to an embodiment. FIG. 2 is a diagram illustrating an example of a hardware configuration of a terminal device 10 according to an embodiment. FIG. 3 is a diagram illustrating a hardware configuration example of an authentication device 30 according to an embodiment. FIG. 4 is a sequence diagram illustrating an example of an authentication method according to an embodiment. FIG. 4 is a sequence diagram illustrating an example of an authentication method according to an embodiment. FIG. 4 is a sequence diagram illustrating an example of an authentication method according to an embodiment. It is a figure showing Example 1 concerning one embodiment. It is a figure showing Example 2 concerning one embodiment. It is a figure showing the example of composition of authentication system 1a concerning one embodiment. FIG. 4 is a sequence diagram illustrating an example of an authentication method according to an embodiment. FIG. 4 is a sequence diagram illustrating an example of an authentication method according to an embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram illustrating a configuration example of an authentication system 1 according to the present embodiment. 1, the authentication system 1 includes a terminal device 10, a terminal device 20, and an authentication device 30. FIG. 1 shows a functional configuration example of each device. The terminal device 10 includes an inter-terminal authentication unit 11 and an information transmission unit 12. The terminal device 20 includes an inter-terminal authentication unit 21, a broadcast information receiving unit 22, a verification unit 23, and an authentication request unit 24. The authentication device 30 includes an information reception unit 31, a verification information generation unit 32, a notification unit 33, an authentication reception unit 34, and a service execution determination unit 35.

  The terminal device 10 corresponds to a first terminal device. The terminal device 20 corresponds to a second terminal device. As the terminal device 10, for example, a mobile communication terminal device such as a smartphone may be applied. As the terminal device 20, for example, a mobile communication terminal device such as a smartphone or a tablet PC may be applied, or a stationary communication terminal device (for example, a stationary personal computer) may be applied. .

  The inter-terminal authentication unit 11 of the terminal device 10 and the inter-terminal authentication unit 21 of the terminal device 20 perform mutual authentication and share authentication information. The authentication information is used for an authentication process performed between the terminal device 20 and the authentication device 30.

  The information transmitting unit 12 of the terminal device 10 transmits, to the authentication device 30, transmission information including authentication information shared with the terminal device 20. The information receiving unit 31 of the authentication device 30 receives the transmission information from the information transmitting unit 12 of the terminal device 10. The information transmitting unit 12 of the terminal device 10 and the information receiving unit 31 of the authentication device 30 may transmit and receive the transmission information by short-range wireless communication, for example. For example, the terminal device 10 and the authentication device 30 may include an NFC (Near Field Communication) device, and perform communication using the NFC device.

  The information transmitting unit 12 may further include service information indicating a service received by the terminal device 20 in the transmission information.

  In the authentication device 30, the notifying unit 33 notifies, by communication, notification information including authentication reception information used for authentication of the terminal device 20. The verification information generation unit 32 generates verification information based on the authentication reception information and the authentication information included in the transmission information received from the terminal device 10 by the information reception unit 31. The notification unit 33 may further include the verification information generated by the verification information generation unit 32 in the notification information.

  The notification information receiving unit 22 of the terminal device 20 receives the notification information from the authentication device 30 by communication.

  For example, the notification unit 33 of the authentication device 30 may transmit the notification information by a broadcast signal of wireless communication, and the notification information receiving unit 22 of the terminal device 20 may receive the notification information by the broadcast signal of the wireless communication. For example, the notification unit 33 of the authentication device 30 transmits the notification information by a broadcast signal of a wireless LAN (Local Area Network), and the notification information receiving unit 22 of the terminal device 20 receives the notification information by the broadcast signal of the wireless LAN. You may. When the notification unit 33 of the authentication device 30 transmits the broadcast information using the broadcast signal of the wireless LAN, the range in which the broadcast information can be received can be limited to the coverage of the wireless LAN.

  Alternatively, the notification unit 33 of the authentication device 30 transmits the notification information by a broadcast signal of a short-range wireless communication method called “Bluetooth (registered trademark)”, and the notification information receiving unit 22 of the terminal device 20 performs the short-range wireless communication. The broadcast information may be received by a broadcast signal of the scheme. When the notification unit 33 of the authentication device 30 transmits the broadcast information using the broadcast signal of the short-range wireless communication system, the number of terminal devices that can receive the broadcast information is determined by the number of simultaneously connectable terminals of the short-range wireless communication system. Can be limited to

  In the terminal device 20, the verification unit 23 shares the validity of the authentication reception information included in the broadcast information received by the broadcast information reception unit 22 from the authentication device 30 with the verification information included in the broadcast information and the terminal device 10. Verification based on the authentication information to be performed. The authentication request unit 24 transmits the authentication request information based on the authentication reception information included in the broadcast information received by the broadcast information receiving unit 22 from the authentication device 30 and the authentication information shared with the terminal device 10 by communication to the authentication device 30. Send to

  In the authentication device 30, the authentication receiving unit 34 checks the validity of the authentication request information received through the communication with the authentication information included in the transmission information received from the terminal device 10 by the information receiving unit 31 and the notification information notified by the notification unit 33. Verification is performed based on the authentication reception information included in. The service execution determination unit 35 determines whether or not to provide the terminal device 20 with the service represented by the service information included in the transmission information received from the terminal device 10 by the information reception unit 31 based on the validity of the authentication request information by the authentication reception unit 34. Judgment is made based on the result of the verification of sex.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the terminal device 10 according to the embodiment. 2, the terminal device 10 includes a CPU 41, a memory 42, a nonvolatile memory 43, an operation unit 44, a display unit 45, a communication unit 46, and an NFC unit 47. These units are configured to exchange data. The CPU 41 executes a program 48 stored in the non-volatile memory 43, and controls each unit of the terminal device 10 using the memory 42 as a work memory. The function of each unit of the terminal device 10 illustrated in FIG. 1 is realized by the CPU 41 of the terminal device 10 illustrated in FIG. 2 executing the program 48 stored in the nonvolatile memory 43.

  The memory 42 is configured by a RAM such as a volatile memory using a semiconductor element, and is used as a work memory of the CPU 41. The nonvolatile memory 43 includes, for example, a hard disk (HD), a ROM, and the like. The non-volatile memory 43 stores a program 48 executed by the CPU 41.

  The operation unit 44 includes input devices such as a keyboard, a numeric keypad, and a mouse, and performs data input according to a user operation. The display unit 45 includes a display device such as a liquid crystal display device, and displays data. Further, a touch panel capable of both data input and data display may be provided.

  The communication unit 46 communicates with another device. The communication unit 46 may communicate with another device via a communication network such as a mobile phone network or a wireless LAN, or may communicate with the other device by a short-range wireless communication method.

  The NFC unit 47 includes an NFC device, and communicates with another NFC device using the NFC device. In the example of the hardware configuration of the terminal device 10 illustrated in FIG. 2, the terminal device 10 communicates with the NFC device of the authentication device 30 by the NFC device of the NFC unit 47.

  The hardware configuration example shown in FIG. 2 can be applied to the terminal device 20. In the terminal device 20, the CPU 41 executes a program 48 stored in the non-volatile memory 43, and controls each part of the terminal device 20 using the memory 42 as a work memory. The function of each unit of the terminal device 20 illustrated in FIG. 1 is realized by the CPU 41 of the terminal device 20 illustrated in FIG. 2 executing the program 48 stored in the nonvolatile memory 43.

  FIG. 3 is a diagram illustrating an example of a hardware configuration of the authentication device 30 according to the present embodiment. 3, the authentication device 30 includes a CPU 51, a memory 52, a nonvolatile memory 53, a communication unit 54, and an NFC unit 55. These units are configured to exchange data. The CPU 51 executes a program 56 stored in the non-volatile memory 53, and controls each unit of the authentication device 30 using the memory 52 as a work memory. The function of each unit of the authentication device 30 illustrated in FIG. 1 is realized by the CPU 51 illustrated in FIG. 3 executing a program 56 stored in the nonvolatile memory 53.

  The memory 52 is configured by a RAM such as a volatile memory using a semiconductor element, and is used as a work memory of the CPU 51. The non-volatile memory 53 is constituted by, for example, an HD or a ROM. The non-volatile memory 53 stores a program 56 executed by the CPU 51.

  The communication unit 54 communicates with another device via a communication network such as a mobile phone network or a wireless LAN. The NFC unit 55 includes an NFC device, and communicates with another NFC device using the NFC device. In the hardware configuration example of the authentication device 30 illustrated in FIG. 3, the authentication device 30 communicates with the NFC device of the terminal device 10 using the NFC device of the NFC unit 55.

  Next, an operation of the authentication system 1 according to the present embodiment will be described with reference to FIGS.

[Stage of sharing authentication information between terminal devices]
The step of sharing authentication information between terminal devices according to the present embodiment will be described with reference to FIG. FIG. 4 is a sequence diagram illustrating an example of the authentication method according to the present embodiment. Note that the terminal-to-terminal authentication unit 11 of the terminal device 10 and the terminal-to-terminal authentication unit 21 of the terminal device 20 may perform communication via a communication network, or may perform communication using a short-range wireless communication method. .

(Step S1) The terminal-to-terminal authentication unit 21 of the terminal device 20 generates a random number R1. The terminal authentication unit 21 records the random number R1.

(Step S2) The terminal authentication unit 21 of the terminal device 20 transmits the random number R1 to the terminal device 10. The terminal authentication unit 11 of the terminal device 10 receives the random number R1 from the terminal device 20. The terminal-to-terminal authentication unit 11 records the random number R1.

(Step S3) The terminal-to-terminal authentication unit 11 of the terminal device 10 generates a random number R2. The terminal-to-terminal authentication unit 11 records the random number R2.

(Step S4) The terminal authentication unit 11 of the terminal device 10 generates a message authentication code (Message Authentication Code: MAC) for the random number R1 and the random number R2 using the key K. The key K is shared by the terminal authentication unit 11 of the terminal device 10 and the terminal authentication unit 21 of the terminal device 20 in advance. Specifically, the terminal-to-terminal authentication unit 11 generates data “R1 || R2” in which the random number R1 and the random number R2 are linked. A || B represents data obtained by connecting A and B. Using the key K, the inter-terminal authentication unit 11 generates a message authentication code MAC_K (R1 || R2) of the data “R1 || R2”.

  The method of generating and verifying the MAC is common to the inter-terminal authentication unit 11 of the terminal device 10 and the inter-terminal authentication unit 21 of the terminal device 20. Further, the MAC may be a CMAC (Cipher-based Message Authentication Code) or an HMAC (Hash-based Message Authentication Code).

  The key K may be generated from, for example, user identification information (user ID) and the master key Km. For example, a user management device that manages the master key Km and the user ID of each user may be provided, and the user management device may generate the key K and provide the key K to the user. The user sets the key K provided from the user management device in the terminal device 10 and the terminal device 20. Further, for example, the user management device may generate a key K and transmit the key K to each of the terminal devices 10 and 20 in response to each request from the terminal devices 10 and 20 of the user.

(Step S5) The terminal-to-terminal authentication unit 11 of the terminal device 10 transmits data “MAC_K (R1 || R2) || R2” obtained by connecting the message authentication code MAC_K (R1 || R2) and the random number R2 to the terminal device 20. Send. The inter-terminal authentication unit 21 of the terminal device 20 receives the data “MAC_K (R1 || R2) || R2” from the terminal device 10.

(Step S6) The terminal-to-terminal authentication unit 21 of the terminal device 20 transmits the message authentication code MAC_K (R1 || R2) included in the data “MAC_K (R1 || R2) || R2” to the key K and the random number R1. The verification is performed using the random number R2 included in the data “MAC_K (R1 || R2) || R2”. Specifically, the terminal-to-terminal authentication unit 21 generates data “R1 || R2” obtained by concatenating the random number R1 and the random number R2, and uses the key K to generate a message authentication code for the data “R1 || R2”. Generate MAC_K (R1 || R2). The terminal authentication unit 21 converts the generated message authentication code MAC_K (R1 || R2) and the message authentication code MAC_K (R1 || R2) included in the data "MAC_K (R1 || R2) || R2". Compare. If the result of this comparison is that they match, then the verification of the message authentication code has passed. If the verification of the message authentication code passes, the inter-terminal authentication unit 21 records a random number R2. If the verification of the message authentication code passes, the process proceeds to the subsequent steps.

  On the other hand, if the result of the comparison is that they do not match, the verification of the message authentication code has failed. If the verification of the message authentication code fails, the process ends. If the verification of the message authentication code fails, the inter-terminal authentication unit 21 may execute a predetermined error process, for example, output an error message.

(Step S7) The terminal-to-terminal authentication unit 21 of the terminal device 20 uses the key K to generate a message authentication code MAC_K (R2) of the random number R2.

(Step S8) The terminal authentication unit 21 of the terminal device 20 transmits the message authentication code MAC_K (R2) to the terminal device 10. The terminal authentication unit 11 of the terminal device 10 receives the message authentication code MAC_K (R2) from the terminal device 20.

(Step S9) The terminal authentication unit 11 of the terminal device 10 verifies the message authentication code MAC_K (R2) using the key K and the random number R2. Specifically, the inter-terminal authentication unit 11 uses the key K to generate a message authentication code MAC_K (R2) of the random number R2. The terminal authentication unit 11 compares the generated message authentication code MAC_K (R2) with the message authentication code MAC_K (R2) received from the terminal device 20. As a result of the comparison, if they match, the verification of the message authentication code is passed. On the other hand, if the result of the comparison is that they do not match, the verification of the message authentication code has failed.

(Step S10) The inter-terminal authentication unit 11 of the terminal device 10 records the result of authentication with the terminal device 20. Specifically, if the verification of the message authentication code in step S9 is successful, the inter-terminal authentication unit 11 records that the result of the authentication with the terminal device 20 is successful. On the other hand, if the verification of the message authentication code in step S9 is unsuccessful, the inter-terminal authentication unit 11 records that the result of the authentication with the terminal device 20 is unsuccessful.

(Step S11) The terminal authentication unit 21 of the terminal device 20 generates and records the session key Ka. Specifically, the inter-terminal authentication unit 21 executes an exclusive OR operation of the random number R1 and the random number R2, and obtains an exclusive OR “R1 XOR R2” of the operation result. XOR represents an exclusive OR operation. Using the key K, the inter-terminal authentication unit 21 generates a message authentication code MAC_K (R1 XOR R2) of the exclusive OR “R1 XOR R2”. The terminal authentication unit 21 records the message authentication code MAC_K (R1 XOR R2) as the session key Ka.
In the terminal device 10 as well as in the terminal device 20, the inter-terminal authentication unit 11 generates a message authentication code MAC_K (R1 XOR R2) and records the message authentication code MAC_K (R1 XOR R2) as a session key Ka. May be.

  The terminal device 10 and the terminal device 20 share the random number R1 and the random number R2 in the authentication information sharing step between the terminal devices described above. The random numbers R1 and R2 correspond to the authentication information. The authentication information (the random number R1 and the random number R2) is authentication information shared by the terminal device 20 that has been authenticated in advance by the terminal device 10. Thereby, the authentication information (the random number R1 and the random number R2) is safely shared between the terminal device 10 and the terminal device 20.

In the above-described step of sharing the authentication information between the terminal devices shown in FIG. 4, the inter-terminal authentication unit 11 of the terminal device 10 and the inter-terminal authentication unit 21 of the terminal device 20 perform the mutual authentication, and the authentication information (the random number R1 And the random number R2), but is not limited to this. For example, the user may set the same authentication information (random number R1 and random number R2) in the terminal device 10 and the terminal device 20. For example, the same authentication information (random number R1 and random number R2) may be set in the terminal device 10 and the terminal device 20 using a recording medium such as a USB memory in which the authentication information (random number R1 and random number R2) is recorded.
Similarly, the user may set the message authentication code MAC_K (R1 XOR R2) as the session key Ka in the terminal device 20 using a recording medium such as a USB memory. Further, the user may set the message authentication code MAC_K (R1 XOR R2) as the session key Ka in the terminal device 10 using a recording medium such as a USB memory.

[Terminal device authentication stage]
The authentication step of the terminal device according to the present embodiment will be described with reference to FIG. FIG. 5 is a sequence diagram illustrating an example of the authentication method according to the present embodiment. The terminal device 10 starts the step S21 of FIG. 5 when the “result of the authentication with the terminal device 20” recorded in the above-described step of sharing the authentication information between the terminal devices passes. Therefore, if the "result of authentication with the terminal device 20" recorded in the step of sharing the authentication information between the terminal devices is unsuccessful, the processing in FIG. 5 is not executed.

  Here, as an example, it is assumed that the terminal device 10 and the authentication device 30 perform communication using an NFC device. Here, it is assumed that the authentication device 30 and the terminal device 20 communicate wirelessly.

  The terminal device 20 and the terminal device 10 share the authentication information (the random number R1 and the random number R2) in the above-described step of sharing the authentication information between the terminal devices. The authentication information (the random number R1 and the random number R2) is authentication information shared by the terminal device 20 that has been authenticated in advance by the terminal device 10. Thus, the authentication information (random numbers R1 and R2) is safely shared between the terminal device 10 and the terminal device 20. The terminal device 20 has a session key Ka. Note that the terminal device 10 may also have the session key Ka.

(Step S21) The information transmitting unit 12 of the terminal device 10 generates transmission information including authentication information (random numbers R1 and R2) shared with the terminal device 20. Specifically, the information transmitting unit 12 generates data “R1 || R2 || ID” in which the random number R1, the random number R2, and the user ID are connected, and transmits the data “R1 || R2 || ID”. Include in information. The information transmitting unit 12 may further include other information in the transmission information including the authentication information (the random number R1 and the random number R2). For example, the information transmitting unit 12 generates data “R1 || R2 || ID || service information” in which service information is further linked to data “R1 || R2 || ID”, and the data “R1 || R2”. || ID || service information ”may be included in the transmission information. The service information is information representing a service that the terminal device 20 receives. For example, the service information is information that specifies the content that the user wants to distribute to the terminal device 20 by the content distribution service.

(Step S22) The user brings the NFC device portion of the terminal device 10 closer to or touches the NFC device portion of the authentication device 30. Thereby, the information transmission unit 12 of the terminal device 10 transmits the transmission information by the NFC device. The information receiving unit 31 of the authentication device 30 receives the transmission information by the NFC device. The information receiving unit 31 records information such as authentication information (random numbers R1 and R2) included in the transmission information received by the NFC device.

(Step S23) The verification information generation unit 32 of the authentication device 30 generates a session key Ka. Specifically, the verification information generation unit 32 performs an exclusive OR operation on the random numbers R1 and R2 of the authentication information (random numbers R1 and R2) included in the transmission information received by the information receiving unit 31, An exclusive OR “R1 XOR R2” of the operation result is obtained. The verification information generating unit 32 acquires the key K corresponding to the user ID included in the transmission information received by the information receiving unit 31. The verification information generation unit 32 generates the message authentication code MAC_K (R1 XOR R2) of the exclusive OR “R1 XOR R2” using the obtained key K. The verification information generation unit 32 uses the message authentication code MAC_K (R1 XOR R2) as the session key Ka. The verification information generation unit 32 records the session key Ka. The method of generating the session key Ka is common to the terminal device 20.

  Note that the authentication device 30 acquires the key K in advance. For example, the authentication device 30 may obtain the key K from the user management device. For example, the authentication device 30 may acquire the key K associated with the user ID included in the transmission information received by the information receiving unit 31 from the user management device. Alternatively, the key K is a key generated from the user ID and the master key Km, and the authentication device 30 determines the master key Km set in advance and the user ID included in the transmission information received by the information receiving unit 31. , The key K may be generated.

(Step S24) The verification information generation unit 32 of the authentication device 30 generates a random number R3. The verification information generation unit 32 records the random number R3.

(Step S25) The verification information generation unit 32 of the authentication device 30 sends a message about the random number R3 and the random numbers R1 and R2 of the authentication information (random numbers R1 and R2) included in the transmission information received by the information reception unit 31. An authentication code is generated using the session key Ka. Specifically, the verification information generation unit 32 generates data “R1 || R2 || R3” in which the random number R1, the random number R2, and the random number R3 are connected. The verification information generation unit 32 generates the message authentication code MAC_Ka (R1 || R2 || R3) of the data “R1 || R2 || R3” using the session key Ka. The random number R3 corresponds to the authentication reception information. The message authentication code MAC_Ka (R1 || R2 || R3) corresponds to the verification information.

  The MAC generation method and the verification method are common to the verification information generation unit 32 of the authentication device 30 and the verification unit 23 of the terminal device 20. Further, the MAC may be a CMAC or an HMAC.

(Step S26) The notification unit 33 of the authentication device 30 generates a session key Ks. Specifically, the notification unit 33 performs an exclusive OR operation on the random number R3 and the random number R1 and the random number R2 of the authentication information (random number R1 and random number R2) included in the transmission information received by the information receiving unit 31. , An exclusive OR “R1 XOR R2 XOR R3” of the operation result is obtained. Using the session key Ka, the notification unit 33 generates a message authentication code MAC_Ka (R1 XOR R2 XOR R3) of the exclusive OR “R1 XOR R2 XOR R3”. The notification unit 33 uses the message authentication code MAC_Ka (R1 XOR R2 XOR R3) as the session key Ks. The notification unit 33 records the session key Ks.

(Step S27) The notification unit 33 of the authentication device 30 generates notification information including authentication reception information (random number R3). The notification unit 33 may further include the verification information (message authentication code MAC_Ka (R1 || R2 || R3)) in the notification information. For example, the notification unit 33 may include, in the notification information, data “MAC_Ka (R1 || R2 || R3) || R3” obtained by connecting the message authentication code MAC_Ka (R1 || R2 || R3) and the random number R3. Good. In addition, the notification unit 33 may further include access information necessary for accessing the authentication device 30 in the notification information. The access information includes, for example, an access destination address required when the terminal device accesses the authentication device 30, and a set of an account ID and a password required for terminal authentication executed in the access. Examples of the access destination address include a wireless LAN identifier such as an ESS-ID (Extended Service Set Identifier). For example, the notification unit 33 may encrypt the access information with the session key Ks, and include the encrypted data E_Ks (access information) of the access information in the notification information. For example, the notification unit 33 transmits the data “E_Ks (access information) || MAC_Ka () obtained by linking the encrypted data E_Ks (access information) of the access information, the message authentication code MAC_Ka (R1 || R2 || R3), and the random number R3. R1 || R2 || R3) || R3 "may be included in the broadcast information.

  Here, the notification unit 33 includes the data “E_Ks (access information) || MAC_Ka (R1 || R2 || R3) || R3” in the notification information.

(Step S28) The notification unit 33 of the authentication device 30 transmits notification information by a broadcast signal of wireless communication. The broadcast information is received by the terminal device 20 existing within the coverage of the wireless communication. The broadcast information receiving unit 22 of the terminal device 20 receives broadcast information by a broadcast signal of the wireless communication.

(Step S29) The verification unit 23 of the terminal device 20 shares the message authentication code MAC_Ka (R1 || R2 || R3) included in the broadcast information received by the broadcast information receiving unit 22 with the session key Ka and the terminal device 10. Verification is performed using authentication information (random number R1 and random number R2) and random number R3 included in the broadcast information. Specifically, the verification unit 23 transmits data “R1 || R2 |” obtained by connecting the random numbers R1 and R2 of the authentication information (random numbers R1 and R2) shared with the terminal device 10 and the random number R3 included in the broadcast information. | R3 "is generated. The verification unit 23 generates a message authentication code MAC_Ka (R1 || R2 || R3) of the data “R1 || R2 || R3” using the session key Ka. The verification unit 23 compares the generated message authentication code MAC_Ka (R1 || R2 || R3) with the message authentication code MAC_Ka (R1 || R2 || R3) included in the broadcast information. If the result of this comparison is that they match, then the verification of the message authentication code has passed. If the verification of the message authentication code passes, the verification unit 23 records a random number R3. If the verification of the message authentication code passes, the process proceeds to the subsequent steps.

  On the other hand, if the result of the comparison is that they do not match, the verification of the message authentication code has failed. If the verification of the message authentication code fails, the process ends.

(Step S30) The authentication request unit 24 of the terminal device 20 generates a session key Ks. Specifically, the authentication request unit 24 performs an exclusive OR operation on the random number R3 and the random numbers R1 and R2 of the authentication information (the random numbers R1 and R2) shared with the terminal device 10, and calculates the result of the operation. An exclusive OR “R1 XOR R2 XOR R3” is obtained. The authentication request unit 24 generates the message authentication code MAC_Ka (R1 XOR R2 XOR R3) of the exclusive OR “R1 XOR R2 XOR R3” using the session key Ka. The authentication request unit 24 uses the message authentication code MAC_Ka (R1 XOR R2 XOR R3) as the session key Ks. The authentication request unit 24 records the session key Ks. The method of generating the session key Ks is common to the authentication device 30.

(Step S31) The authentication request unit 24 of the terminal device 20 generates the message authentication code MAC_Ks (R3) of the random number R3 using the session key Ks. Note that the MAC generation method and the verification method are common to the authentication request unit 24 of the terminal device 20 and the authentication reception unit 34 of the authentication device 30. Further, the MAC may be a CMAC or an HMAC.

(Step S32) The authentication request unit 24 of the terminal device 20 decrypts the encrypted data E_Ks (access information) included in the broadcast information received by the broadcast information receiving unit 22 with the session key Ks. The authentication request unit 24 acquires access information from decrypted data that is a decryption result of the encrypted data E_Ks (access information). The authentication request unit 24 accesses the authentication device 30 by wireless communication using the access information. The authentication request unit 24 wirelessly transmits the message authentication code MAC_Ks (R3) to the authentication device 30. The authentication receiving unit 34 of the authentication device 30 wirelessly receives the message authentication code MAC_Ks (R3) from the terminal device 20. The message authentication code MAC_Ks (R3) corresponds to the authentication request information.

(Step S33) The authentication reception unit 34 of the authentication device 30 verifies the message authentication code MAC_Ks (R3) using the session key Ks and the random number R3. Specifically, the authentication receiving unit 34 generates a message authentication code MAC_Ks (R3) of the random number R3 using the session key Ks. The authentication reception unit 34 compares the generated message authentication code MAC_Ks (R3) with the message authentication code MAC_Ks (R3) received from the terminal device 20. As a result of the comparison, if they match, the verification of the message authentication code is passed. On the other hand, if the result of the comparison is that they do not match, the verification of the message authentication code has failed. The authentication receiving unit 34 records the result of the verification of the message authentication code.

  If the verification of the message authentication code of the authentication request information does not pass by a predetermined time after the notification information is transmitted by the notification unit 33, the authentication reception unit 34 performs predetermined error processing, for example, Output of an error message or the like may be executed. In addition, the notification unit 33 may retransmit the notification information if the authentication request information is not received until a predetermined time has elapsed after the transmission of the notification information. The notification unit 33 may repeat retransmission of notification information up to a preset upper limit number of retransmissions.

(Step S34) The service execution determination unit 35 of the authentication device 30 determines whether the service represented by the service information included in the transmission information received by the information reception unit 31 is to be provided to the terminal device 20 by the authentication reception unit 34. The determination is made based on the result of the verification of the message authentication code of the request information. Specifically, when the result of the verification of the message authentication code of the authentication request information is passed, the service execution determination unit 35 determines that the service represented by the service information included in the transmission information received by the information reception unit 31 is a terminal. It is determined that the information is to be provided to the device 20. Thereby, for example, the authentication device 30 instructs the service providing device of the content distribution service to distribute the content specified by the service information to the terminal device 20. The service providing device distributes the content specified by the service information to the terminal device 20 according to the instruction.

  On the other hand, if the result of the verification of the message authentication code of the authentication request information is rejected, the service execution determination unit 35 displays the service represented by the service information included in the transmission information received by the information reception unit 31 in the terminal device 20. Judge not to provide. In this case, the service execution determination unit 35 may execute a predetermined error process, for example, output an error message.

[Authentication stage of multiple terminal devices]
Next, an authentication step of a plurality of terminal devices according to the present embodiment will be described with reference to FIG. The step of authenticating a plurality of terminal devices is executed, for example, when the user wants to distribute the content to the plurality of terminal devices 20 by the content distribution service and authenticates the plurality of terminal devices 20.

  FIG. 6 is a sequence diagram illustrating an example of the authentication method according to the present embodiment. In FIG. 6, portions corresponding to the respective steps in FIG. 5 are denoted by the same reference numerals. Here, for simplification of description, a case where two terminal devices 20a and 20b are authenticated as the terminal device 20 will be described as an example. Note that the same can be applied to the case where three or more terminal devices 20 are authenticated.

  Hereinafter, points different from the terminal device authentication stage described with reference to FIG. 5 will be mainly described. Here, it is assumed that the terminal device 10 and the authentication device 30 communicate with each other by the NFC device, as in the description of FIG. 5 described above. Also, as in the description of FIG. 5 described above, the authentication device 30 and the terminal devices 20a and 20b perform wireless communication.

  The terminal device 20a and the terminal device 10 share the authentication information (the random number R1a and the random number R2a) in the step of sharing the authentication information between the terminal devices described above. The authentication information (the random number R1a and the random number R2a) is authentication information shared by the terminal device 20a that has been authenticated in advance by the terminal device 10. Thus, the authentication information (the random number R1a and the random number R2a) is safely shared between the terminal device 10 and the terminal device 20a. In addition, the terminal device 20a has a session key Kaa. Note that the terminal device 10 may also have the session key Kaa. The terminal device 20b and the terminal device 10 share the authentication information (the random number R1b and the random number R2b) in the step of sharing the authentication information between the terminal devices described above. The authentication information (random number R1b and random number R2b) is authentication information shared by the terminal device 20b that has been authenticated in advance by the terminal device 10. Thus, the authentication information (the random number R1b and the random number R2b) is safely shared between the terminal device 10 and the terminal device 20b. The terminal device 20b has a session key Kab. Note that the terminal device 10 may also have the session key Kab.

(Step S21) The information transmitting unit 12 of the terminal device 10 transmits the authentication information (random numbers R1a and R2a) shared with the terminal device 20a, the authentication information (random numbers R1b and R2b) shared with the terminal device 20b, and the user ID To the authentication device 30. The information transmitting unit 12 combines the authentication information (random numbers R1a and R2a) shared with the terminal device 20a, the authentication information (random numbers R1b and R2b) shared with the terminal device 20b, and the user ID into the same transmission information. Or a set of authentication information (random number R1a and random number R2a) and user ID shared with terminal device 20a, and a set of authentication information (random number R1b and random number R2b) and user ID shared with terminal device 20b, respectively. It may be included in separate transmission information. The information transmitting unit 12 may further include other information such as service information with respect to the transmission information including the authentication information.

(Step S22) The user brings the NFC device portion of the terminal device 10 closer to or touches the NFC device portion of the authentication device 30. Thereby, the information transmission unit 12 of the terminal device 10 transmits the transmission information by the NFC device. The information receiving unit 31 of the authentication device 30 receives the transmission information by the NFC device. The information receiving unit 31 records information such as one piece of authentication information (random numbers R1a and R2a) and another piece of authentication information (random numbers R1b and R2b) included in the transmission information received by the NFC device.

(Step S23) The verification information generation unit 32 of the authentication device 30 generates a session key Kaa corresponding to the terminal device 20a and a session key Kab corresponding to the terminal device 20b. Specifically, the verification information generation unit 32 acquires the key K corresponding to the user ID included in the transmission information received by the information reception unit 31. The verification information generation unit 32 generates the message authentication code MAC_K (R1a XOR R2a) using the authentication information (random numbers R1a and R2a) included in the transmission information received by the information reception unit 31 and the obtained key K. Generate and use the message authentication code MAC_K (R1a XOR R2a) for the session key Kaa. Similarly, the verification information generation unit 32 uses the authentication information (the random number R1b and the random number R2b) included in the transmission information received by the information reception unit 31 and the obtained key K to generate a message authentication code MAC_K (R1b XOR). R2b), and uses the message authentication code MAC_K (R1b XOR R2b) for the session key Kab. The verification information generation unit 32 records the session key Kaa and the session key Kab.

(Step S24) The verification information generation unit 32 of the authentication device 30 generates a random number R3a of the authentication reception information corresponding to the terminal device 20a and a random number R3b of the authentication reception information corresponding to the terminal device 20b. The verification information generation unit 32 records the random numbers R3a and R3b.

(Step S25) The verification information generation unit 32 of the authentication device 30 generates a message authentication code of the verification information corresponding to the terminal device 20a and a message authentication code of the verification information corresponding to the terminal device 20b. Specifically, the verification information generation unit 32 uses the session key Kaa, the random number R3a, and the authentication information (the random number R1a and the random number R2a) included in the transmission information received by the information reception unit 31, and transmits the verification result to the terminal device. A message authentication code MAC_Kaa (R1a || R2a || R3a) of the verification information corresponding to 20a is generated. Similarly, the verification information generating unit 32 uses the session key Kab, the random number R3b, and the authentication information (random number R1b and random number R2b) included in the transmission information received by the information receiving unit 31 to send the information to the terminal device 20b. A message authentication code MAC_Kab (R1b || R2b || R3b) of the corresponding verification information is generated.

(Step S26) The notification unit 33 of the authentication device 30 generates a session key Ksa corresponding to the terminal device 20a and a session key Ksb corresponding to the terminal device 20b. Specifically, the notification unit 33 uses the session key Kaa, the random number R3a, and the authentication information (the random number R1a and the random number R2a) included in the transmission information received by the information receiving unit 31, to generate a message authentication code MAC_Kaa ( R1a XOR R2a XOR R3a) is generated, and the message authentication code MAC_Kaa (R1a XOR R2a XOR R3a) is used as the session key Ksa. Similarly, the notification unit 33 uses the session key Kab, the random number R3b, and the authentication information (the random number R1b and the random number R2b) included in the transmission information received by the information receiving unit 31, to generate a message authentication code MAC_Kab (R1b XOR). R2b XOR R3b), and uses the message authentication code MAC_Kab (R1b XOR R2b XOR R3b) as the session key Ksb. The notification unit 33 records the session key Ksa and the session key Ksb.

(Step S27) The notification unit 33 of the authentication device 30 generates notification information a corresponding to the terminal device 20a and notification information b corresponding to the terminal device 20b. Here, similarly to the description in FIG. 5 described above, the authentication reception information, the verification information, and the encrypted data of the access information are included in the broadcast information. Specifically, the notification unit 33 includes the data “E_Ksa (access information) || MAC_Kaa (R1a || R2a || R3a) || R3a” corresponding to the terminal device 20a in the notification information a. Similarly, the notification unit 33 includes the data “E_Ksb (access information) || MAC_Kab (R1b || R2b || R3b) || R3b” corresponding to the terminal device 20b in the notification information b.

(Step S28) The notification unit 33 of the authentication device 30 transmits the notification information a and the notification information b by the broadcast signal of the wireless communication. The broadcast information a and the broadcast information b are received by the terminal devices 20a and 20b existing within the coverage of the wireless communication. The broadcast information receiving unit 22 of the terminal device 20a receives the broadcast information a and the broadcast information b by the broadcast signal of the wireless communication. The broadcast information receiving unit 22 of the terminal device 20b receives the broadcast information a and the broadcast information b by the broadcast signal of the wireless communication. The notification unit 33 may transmit the notification information a and the notification information b in the same broadcast signal, or may include the notification information a and the notification information b in each individual broadcast signal and transmit the information twice. You may transmit separately.

(Step S29) The verification unit 23 of the terminal device 20a sends the message authentication code MAC_Kaa (R1a || R2a || R3a) included in the broadcast information a received by the broadcast information receiving unit 22 to the session key Kaa and the terminal device 10. Verification is performed using the shared authentication information (the random number R1a and the random number R2a) and the random number R3a included in the broadcast information a. Since the message authentication code included in the notification information a corresponds to the terminal device 20a, the verification of the message authentication code passes. Since the verification of the message authentication code passes, the verification unit 23 of the terminal device 20a records the random number R3a.

  In addition, the verification unit 23 of the terminal device 20a shares the message authentication code MAC_Kab (R1b || R2b || R3b) included in the broadcast information b received by the broadcast information receiving unit 22 with the session key Kaa and the terminal device 10. Verification is performed using authentication information (random number R1a and random number R2a) and random number R3b included in broadcast information b. Since the message authentication code included in the notification information b does not correspond to the terminal device 20a, the verification of the message authentication code fails. Since the verification of the message authentication code has failed, the verification unit 23 of the terminal device 20a does not record the random number R3b.

  The verification unit 23 of the terminal device 20b transmits the message authentication code MAC_Kaa (R1a || R2a || R3a) included in the broadcast information a received by the broadcast information receiving unit 22 to the session key Kab and the terminal device 10 in the authentication information. Verification is performed using (the random number R1b and the random number R2b) and the random number R3a included in the broadcast information a. Since the message authentication code included in the notification information a does not correspond to the terminal device 20b, the verification of the message authentication code fails. Since the verification of the message authentication code fails, the verification unit 23 of the terminal device 20b does not record the random number R3a.

  In addition, the verification unit 23 of the terminal device 20b shares the message authentication code MAC_Kab (R1b || R2b || R3b) included in the broadcast information b received by the broadcast information receiving unit 22 with the session key Kab and the terminal device 10. The verification is performed using the authentication information (the random number R1b and the random number R2b) and the random number R3b included in the broadcast information b. Since the message authentication code included in the notification information b corresponds to the terminal device 20b, the verification of the message authentication code passes. Since the verification of the message authentication code has passed, the verification unit 23 of the terminal device 20b records the random number R3b.

(Step S30) The authentication request unit 24 of the terminal device 20a generates a session key Ksa. Specifically, the authentication request unit 24 of the terminal device 20a uses the session key Kaa, the random number R3a, and the authentication information (the random number R1a and the random number R2a) shared with the terminal device 10 to transmit the message authentication code MAC_Kaa (R1a). XOR R2a XOR R3a) is generated, and the message authentication code MAC_Kaa (R1a XOR R2a XOR R3a) is used as the session key Ksa. The authentication request unit 24 of the terminal device 20a records the session key Ksa.

  The authentication request unit 24 of the terminal device 20b generates a session key Ksb. Specifically, the authentication request unit 24 of the terminal device 20b uses the session key Kab, the random number R3b, and the authentication information (the random number R1b and the random number R2b) shared with the terminal device 10 to generate the message authentication code MAC_Kab (R1b). XOR R2b XOR R3b) is generated, and the message authentication code MAC_Kab (R1b XOR R2b XOR R3b) is used as the session key Ksb. The authentication request unit 24 of the terminal device 20b records the session key Ksb.

(Step S31) The authentication request unit 24 of the terminal device 20a generates the message authentication code MAC_Ksa (R3a) of the random number R3a using the session key Ksa.

  The authentication request unit 24 of the terminal device 20b generates the message authentication code MAC_Ksb (R3b) of the random number R3b using the session key Ksb.

(Step S32) The authentication request unit 24 of the terminal device 20a transmits the encrypted data E_Ksa (accessed) included in the notification information a whose message authentication code has passed the verification among the notification information a and b received by the notification information receiving unit 22. ) Is decrypted with the session key Ksa. The authentication request unit 24 of the terminal device 20a acquires access information from decrypted data that is a decryption result of the encrypted data E_Ksa (access information). The authentication request unit 24 of the terminal device 20a accesses the authentication device 30 by wireless communication using the access information. The authentication request unit 24 of the terminal device 20a wirelessly transmits the message authentication code MAC_Ksa (R3a) to the authentication device 30. The authentication reception unit 34 of the authentication device 30 wirelessly receives the message authentication code MAC_Ksa (R3a) from the terminal device 20a. The message authentication code MAC_Ksa (R3a) corresponds to the authentication request information of the terminal device 20a.

  The authentication request unit 24 of the terminal device 20b transmits the encrypted data E_Ksb (access information) included in the broadcast information b whose message authentication code has passed the verification among the broadcast information a and b received by the broadcast information receiving unit 22. Decrypt with the session key Ksb. The authentication request unit 24 of the terminal device 20b acquires access information from decrypted data that is a decryption result of the encrypted data E_Ksb (access information). The authentication request unit 24 of the terminal device 20b accesses the authentication device 30 by wireless communication using the access information. The authentication request unit 24 of the terminal device 20b wirelessly transmits the message authentication code MAC_Ksb (R3b) to the authentication device 30. The authentication reception unit 34 of the authentication device 30 wirelessly receives the message authentication code MAC_Ksb (R3b) from the terminal device 20b. The message authentication code MAC_Ksb (R3b) corresponds to the authentication request information of the terminal device 20b.

(Step S33) The authentication receiving unit 34 of the authentication device 30 verifies the message authentication code MAC_Ksa (R3a) of the authentication request information of the terminal device 20a using the session key Ksa and the random number R3a corresponding to the terminal device 20a. . The authentication receiving unit 34 records the result of the verification of the message authentication code. The authentication receiving unit 34 of the authentication device 30 verifies the message authentication code MAC_Ksb (R3b) of the authentication request information of the terminal device 20b using the session key Ksb and the random number R3b corresponding to the terminal device 20b. The authentication receiving unit 34 records the result of the verification of the message authentication code.

(Step S34) If the verification result of the message authentication code MAC_Ksa (R3a) of the authentication request information of the terminal device 20a is passed, the service execution determination unit 35 of the authentication device 30 transmits the transmission information received by the information reception unit 31. Is determined to be provided to the terminal device 20a. Thereby, for example, the authentication device 30 instructs the service providing device of the content distribution service to distribute the content specified by the service information to the terminal device 20a. The service providing device distributes the content specified by the service information to the terminal device 20a according to the instruction.

  On the other hand, when the result of the verification of the message authentication code of the authentication request information of the terminal device 20a is unsuccessful, the service execution determination unit 35 determines that the service indicated by the service information included in the transmission information received by the information reception unit 31 Is not provided to the terminal device 20a. In this case, the service execution determination unit 35 may execute a predetermined error process, for example, output an error message.

  If the verification result of the message authentication code MAC_Ksb (R3b) of the authentication request information of the terminal device 20b is passed, the service execution determination unit 35 of the authentication device 30 includes the message in the transmission information received by the information reception unit 31. It is determined that the service represented by the service information to be provided is provided to the terminal device 20b. Thereby, for example, the authentication device 30 instructs the service providing device of the content distribution service to distribute the content specified by the service information to the terminal device 20b. The service providing device distributes the content specified by the service information to the terminal device 20b according to the instruction.

  On the other hand, when the result of the verification of the message authentication code of the authentication request information of the terminal device 20b is unsuccessful, the service execution determination unit 35 determines that the service indicated by the service information included in the transmission information received by the information reception unit 31. Is not provided to the terminal device 20b. In this case, the service execution determination unit 35 may execute a predetermined error process, for example, output an error message.

  The service represented by the service information may be different between the terminal device 20a and the terminal device 20b. In this case, the authentication device 30 provides each service based on the verification result of the message authentication code of the authentication request information of each terminal device 20a, 20b so as to provide a service corresponding to each terminal device 20a, 20b. Instruct the service providing device. For example, when the service information indicates that the content a is distributed to the terminal device 20a and that the content b is distributed to the terminal device 20b, the authentication device 30 transmits the message authentication code of the authentication request information of each of the terminal devices 20a and 20b. If both verification results pass, the service providing device of the content distribution service is instructed to distribute the content a to the terminal device 20a and to distribute the content b to the terminal device 20b. The service providing device distributes the content a to the terminal device 20a and the content b to the terminal device 20b in response to the instruction.

[Example 1]
FIG. 7 is a diagram illustrating Example 1 according to the present embodiment. In the first embodiment, a wireless LAN base station device (referred to as a wireless LAN access point) 60 includes the authentication device 30. Further, a service providing device 61 is connected to the wireless LAN access point 60. The user approaches or touches the NFC device portion of the terminal device 10 to the NFC device portion of the wireless LAN access point 60 (authentication device 30). Thus, the terminal device 10 and the wireless LAN access point 60 (authentication device 30) communicate with each other by the NFC device.

  When the terminal device 20 exists within the coverage of the wireless LAN access point 60, the terminal device 20 performs communication with the wireless LAN access point 60 by wireless LAN (referred to as wireless LAN communication). The service providing device 61 provides a service to the terminal device 20 by wireless LAN communication via the wireless LAN access point 60. For example, in response to an instruction from the wireless LAN access point 60 (authentication device 30), the service providing device 61 of the content distribution service transmits the content specified by the service information by wireless LAN communication via the wireless LAN access point 60. Delivery to the terminal device 20. Note that the terminal device 10 provides a service by its own operation unit 44 by the user before the NFC device portion of the terminal device 10 is brought close to or touched by the NFC device portion of the wireless LAN access point 60 (authentication device 30). After the service to be received from the providing device 61 is specified, the own NFC device portion is brought close to or touched by the NFC device portion of the wireless LAN access point 60 (authentication device 30). From 61, the service provided to the terminal device 20 can be designated.

  According to the first embodiment, for example, the user authenticates the terminal device 20 by the wireless LAN access point 60 (authentication device 30) installed in a store, a station, or the like, and performs the wireless LAN access to the authenticated terminal device 20. The service can be received from the service providing device 61 by communication.

[Example 2]
FIG. 8 is a diagram showing Example 2 according to the present embodiment. In the second embodiment, the service providing device 70 includes the authentication device 30. The service providing device 70 includes an operation unit 71. The operation unit 71 has a function for performing an operation of designating a service that the user wants the terminal device 20 to provide. For example, the operation unit 71 may include an operation button for each service that can be provided. The user specifies a service desired to be provided to the terminal device 20 by pressing an operation button of a desired service. For example, the operation unit 71 of the service providing apparatus 70 of the content distribution service includes an operation button for each content (eg, a moving image) that can be provided. The user specifies the content to be distributed to the terminal device 20 by pressing the operation button of the desired content.

  Further, for example, the operation unit 71 may include a touch panel and display a service menu screen having an operation area for each service that can be provided. The user touches the operation area of the desired service from the operation area of the service menu screen displayed on the display screen of the touch panel, and specifies the service desired to be provided to the terminal device 20. For example, the operation unit 71 of the service providing apparatus 70 of the content distribution service displays a service menu screen having an operation area for each content (eg, a moving image) that can be provided on the display screen of the touch panel. The user touches the operation area of the desired content from the operation area of the service menu screen displayed on the display screen of the touch panel to specify the content desired to be distributed to the terminal device 20.

  The user approaches or touches the NFC device portion of the terminal device 10 to the NFC device portion of the service providing device 70 (authentication device 30). Thereby, the terminal device 10 and the service providing device 70 (authentication device 30) communicate with each other by the NFC device.

  The terminal device 20 performs wireless communication with the service providing device 70. This wireless communication may be, for example, wireless communication using a wireless communication network such as a mobile phone network or a wireless LAN, or wireless communication using a short-range wireless communication method. The service providing device 70 provides a service to the terminal device 20 by wireless communication. For example, the service providing device 70 of the content distribution service distributes the content specified by the user via the operation unit 71 to the terminal device 20 by wireless communication in response to an instruction from the authentication device 30.

  According to the second embodiment, for example, the user authenticates the terminal device 20 by the service providing device 70 (authentication device 30) installed in a store, a station, or the like, and designates a service desired to be provided to the terminal device 20. The service can be provided from the service providing device 70 to the authenticated terminal device 20 by wireless communication. In the second embodiment, the transmission information transmitted from the terminal device 10 to the authentication device 30 may not include the service information.

  According to the above-described embodiment, authentication of the terminal device 20 is automatically performed by another terminal device 10 that shares authentication information used for authentication of the terminal device 20 to be authenticated with the terminal device 20 in advance. Can be implemented. Thereby, the convenience of the user having a plurality of terminal devices can be improved.

For example, it is assumed that the user has a smartphone that is usually used easily and a tablet PC that is used when, for example, watching a moving image. According to the present embodiment, the user can easily perform an operation for receiving the provision of the content distribution service using the smartphone (corresponding to the terminal device 10). Then, the user can have the content (for example, a moving image) provided by the content distribution service distributed to the tablet PC (corresponding to the terminal device 20). This eliminates the need for the user to operate the tablet PC to authenticate the content distribution service, thereby improving user convenience.
Also, for example, in the terminal device authentication stage shown in FIG. 5, the authentication information (random numbers R1 and R2) transmitted from the terminal device 10 to the authentication device 30 is the same as the terminal device 20 that the terminal device 10 has already authenticated. Authentication information to be shared. Thereby, since the authentication information (the random number R1 and the random number R2) is safely shared between the terminal device 10 and the terminal device 20, impersonation and erroneous registration of the terminal device 20 are prevented. The authentication reception information (random number R3) notified from the authentication device 30 in step S28 of FIG. 5 is the same as the authentication information (random number R1 and random number R2) shared by the pre-authentication between the terminal device 10 and the terminal device 20. The combination is effective as the session key Ks. Therefore, if the authentication information (random number R1 and random number R2) is secure, the security of the authentication reception information (random number R3) is not essential, and the authentication reception information (random number R3) is broadcasted in step S28 in FIG. By doing so, it is possible to prevent spoofing of the terminal device 20 even if it is acquired by an unspecified terminal device. This provides an effect that the authentication reception information (random number R3) can be easily reported by broadcasting.

[Other embodiments]
Another embodiment will be described. This embodiment is a modification of the above-described embodiment. Hereinafter, points different from the above-described embodiment will be mainly described. FIG. 9 is a diagram illustrating a configuration example of an authentication system 1a according to another embodiment. In FIG. 9, portions corresponding to the respective portions in FIG. 1 are denoted by the same reference numerals, and description thereof will be omitted. The authentication system 1a shown in FIG. 9 includes a terminal device 10, a terminal device 20, and an authentication device 30a. FIG. 9 shows a functional configuration example of each device. The authentication device 30a further includes an inter-terminal authentication unit 36 in addition to the authentication device 30 shown in FIG. The inter-terminal authentication unit 36 of the authentication device 30a and the inter-terminal authentication unit 11 of the terminal device 10 perform mutual authentication.

  FIG. 10 is a sequence diagram illustrating an example of the authentication method according to the present embodiment. In FIG. 10, portions corresponding to the respective steps in FIG. The authentication step of the terminal device according to the present embodiment will be described with reference to FIG. In the terminal device authentication stage according to the present embodiment, a mutual authentication step S100 between the authentication device 30a and the terminal device 10 is added to the terminal device authentication stage shown in FIG. Steps other than step S100 are the same as those in FIG. 5 described above.

  FIG. 11 is a sequence diagram showing an example of the authentication method in step S100 shown in FIG. Step S100 shown in FIG. 10 will be described with reference to FIG. Here, as an example, it is assumed that the terminal device 10 and the authentication device 30a perform communication using an NFC device.

  The authentication method in step S100 shown in FIG. 11 is the same as the authentication method shown in FIG. 4 described above. In FIG. 11, the terminal device 10 executes the same processing as the terminal device 20 shown in FIG. 4, and the authentication device 30a executes the same processing as the terminal device 10 shown in FIG. Hereinafter, points different from the processing in FIG. 4 will be mainly described. Steps S101 to S109 shown in FIG. 11 correspond to steps S1 to S9 shown in FIG. In FIG. 11, the random number R11 corresponds to the random number R1 in FIG. 4, and the random number R12 corresponds to the random number R2 in FIG. In step S102, the terminal-to-terminal authentication unit 11 of the terminal device 10 transmits the random number R11 and the user ID to the authentication device 30a. The terminal-to-terminal authentication unit 36 of the authentication device 30a receives and records the random number R11 and the user ID. In step S104, the terminal-to-terminal authentication unit 36 of the authentication device 30a acquires the key K corresponding to the user ID received from the terminal device 10. The terminal authentication unit 36 generates a message authentication code (MAC) for the random number R11 and the random number R12 using the obtained key K. Other processes are the same as the processes of steps S1 to S9 shown in FIG.

  In step S100 described above, if the mutual authentication between the authentication device 30a and the terminal device 10 has succeeded, the processing from step S21 in FIG. 10 is executed. On the other hand, if the mutual authentication between the authentication device 30a and the terminal device 10 has failed in step S100 described above, the processing in FIG. 10 ends.

  According to this embodiment, since the mutual authentication between the authentication device 30a and the terminal device 10 is performed, the effect of improving the reliability of the terminal device 10 accessing the authentication device 30a is obtained.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes a design change or the like without departing from the gist of the present invention.

  In the above-described embodiment, various services provided to the terminal device 20 include, for example, various services such as a content distribution service such as a moving image and music, a software update service of the terminal device 20, and an image upload service to an image management server. Applicable to

Also, a computer program for realizing the functions of the terminal device 10, the terminal device 20, or the authentication devices 30, 30a is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in a computer system. May be read and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
The “computer-readable recording medium” includes a writable nonvolatile memory such as a flexible disk, a magneto-optical disk, a ROM, and a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a computer system. Storage device such as a hard disk.

Further, a “computer-readable recording medium” refers to a volatile memory (for example, a DRAM (Dynamic Random Access Memory), which holds programs for a certain period of time.
Further, the above program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
Further, the program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

1, 1a: Authentication system, 10: Terminal device (first terminal device), 11, 21, 36: Inter-terminal authentication unit, 12: Information transmission unit, 20: Terminal device (second terminal device), 22: Notification information receiving unit, 23 verification unit, 24 authentication request unit, 30 and 30a authentication device, 31 information reception unit, 32 verification information generation unit, 33 notification unit, 34 authentication reception unit, 35 service Execution determination units, 41, 51 CPU, 42, 52 memory, 43, 53 nonvolatile memory, 44, 71 operation unit, 45 display unit, 46, 54 communication unit, 47, 55 NFC unit 48, 56: Program, 60: Wireless LAN access point, 61, 70: Service providing device

Claims (5)

A first terminal device, a second terminal device, and an authentication device;
The first terminal device transmits transmission information that is authentication information shared with the second terminal device and includes first authentication information of the first terminal device and second authentication information of the second terminal device. An information transmitting unit that transmits to the authentication device,
The authentication device,
An information receiving unit that receives the transmission information from the first terminal device;
A notifying unit that notifies, by communication, notification information including authentication reception information used for authentication of the second terminal device;
The validity of the authentication request information received by the communication, the first authentication information and the second authentication information included in the transmission information received by the information receiving unit and the notification information included in the notification information notified by the notification unit An authentication reception unit that performs verification based on the authentication reception information,
The second terminal device includes:
A notification information receiving unit that receives the notification information from the authentication device by communication,
Communicating the authentication request information based on the authentication reception information included in the notification information received by the notification information receiving unit and the first authentication information and the second authentication information shared with the first terminal device; And an authentication request unit for transmitting to the authentication device by
The first terminal device further includes an inter-terminal authentication unit that performs mutual authentication with the second terminal device and shares the first authentication information and the second authentication information with the second terminal device,
The second terminal apparatus performs the first terminal device and the mutual authentication, further comprising a terminal between the authentication unit to share the first terminal device and the first authentication information and the second authentication information, authentication The system
The second terminal device generates a first session key used for generating the authentication request information from a combination of the authentication reception information, the first authentication information, and the second authentication information,
The first session key is a message authentication code for a combination of the authentication reception information, the first authentication information, and the second authentication information,
The authentication device generates, from a combination of the authentication reception information, the first authentication information, and the second authentication information, a second session key used for verifying the validity of the authentication request information,
The second session key is a message authentication code for a combination of the authentication reception information, the first authentication information, and the second authentication information.
Authentication system. The authentication device further includes a verification information generation unit that generates verification information based on the authentication reception information and the first authentication information and the second authentication information included in the transmission information received by the information reception unit. ,
The notification unit further includes the verification information generated by the verification information generation unit in the notification information,
The second terminal device shares the validity of the authentication reception information included in the notification information received by the notification information receiving unit with the verification information and the first terminal device included in the notification information. A verification unit that performs verification based on the first authentication information and the second authentication information;
The authentication system according to claim 1 . The information transmitting unit further includes service information indicating a service received by the second terminal device in the transmission information,
The authentication device determines whether or not to provide a service represented by the service information included in the transmission information received by the information receiving unit to the second terminal device. Further comprising a service execution determination unit for determining based on the result of the verification of the performance.
Authentication system according to any one of claims 1 or 2. The information transmitting unit transmits the transmission information by short-range wireless communication,
The information receiving unit receives the transmission information by the short-range wireless communication,
Authentication system according to any one of claims 1 to 3. The notification unit transmits the notification information by a broadcast signal of wireless communication,
The broadcast information receiving unit receives the broadcast information by a broadcast signal of the wireless communication,
Authentication system according to any one of claims 1 to 4.

Images