JP6714551B2 - Authentication key sharing system and inter-terminal key copying method - Google Patents

Description

The present invention relates to an authentication key sharing system and a terminal-to-terminal key copying method in which a user uses an authentication key necessary for using a Web service from a terminal.

Internet users use various Web (World Wide Web) services such as online banking and online shopping using terminals such as personal computers (PCs), smartphones, and tablets. When using a Web service (also simply referred to as a service), user authentication is required, and a user ID (IDentifier) and a password are generally used. However, there are many cases where the password is stolen due to the password being set easily being guessed or the password being leaked from the Web server (also referred to as a server) that performs the Web service due to unauthorized access.

As an alternative user authentication technique to password authentication, there is a user authentication technique for web services using public key encryption called FIDO (Fast IDentity Online). In FIDO, a pair of secret key and public key authentication key pair, which are different for each service, are generated in a terminal, the public key is registered in a server, and the private key is confined in a secure area in the terminal. For example, as shown in FIG. 17A, the public key 11a is registered in the Web server 10a that provides the predetermined service A, and the public key 11b is registered in the Web server 10b that provides the predetermined service B. The private key 14a paired with the public key 11a and the private key 14b paired with the public key 11b are confined in the secure area 13a of the terminal 12a. In addition, "and a pair" means "and a pair". The same applies thereafter.

User authentication by the server (for example, 10a) is performed as follows by a signature or the like in challenge/response authentication (described later). That is, a procedure in which the server 10a generates a random number and transmits it to the terminal 12a, the terminal 12a signs the random number using the secret key 14a and returns it to the server 10a, and the server 10a verifies the signature with the public key 11a. Done in. If the signature verification is successful, the user authentication is successful, and the user can use the Web service. The challenge/response authentication is an authentication method that prevents a password or the like from being wiretapped during communication by performing special processing on a random character string (called a challenge) used for user authentication.

When the user uses the secret keys 14a and 14b of the terminal 12a before the user is authenticated by the server, it is premised that the biometric authentication or the like is performed on the terminal 12a. The private keys 14a and 14b are used in the secure area 13a of the terminal 12a, and the private keys 14a and 14b are not exposed outside the terminal 12a, so that high security is maintained.

However, when using the new terminal 12b shown in FIG. 17B, since there is no secret key in the secure area 13b, an authentication key pair is generated again for each of the services A and B of the Web servers 10a and 10b. Then you need to register the private key. At this time, when using a plurality of terminals, registration work is required for the number of terminals×the number of services. Therefore, the greater the number of terminals and services, the lower the convenience.

Therefore, Non-Patent Document 1 proposes a method of sharing a secure key between terminals. Assuming that a third party verifies the owner of the terminal and then issues the owner certificate to the terminal, the terminal can only be used between terminals with the same owner certificate. A method that enables the duplication of the private key between them is shown. This method will be described with reference to FIG.

A conventional authentication key sharing system 20 shown in FIG. 18 includes servers 10a and 10b having public keys 11a and 11b as authentication keys, terminals 12a and 12b, and a terminal management server 14. One terminal 12a holds private keys 14a and 14b and an owner certificate 15 issued by the identity verification in the secure area 13a. The secret keys 14a and 14b are authentication keys paired with the public keys 11a and 11b associated with the services A and B of the servers 10a and 10b. The other terminal 12b holds, in the secure area 13b, an owner certificate 15 issued by the same person as that of the terminal 12a, which has been verified by the owner. In this initial state, the secret keys 14a and 14b are not held.

In such a configuration, when the owner newly uses the services A and B on the terminal 12b having only the owner certificate 15, the public keys 11a and 11b associated with the services A and B are paired. It is necessary to newly register the private keys 14a and 14b. In this case, the terminal management server 14 determines whether or not the same owner certificate 15 is held in each of the terminals 12a and 12b. If it is determined that the same owner certificate 15 is held, the terminal 12a holding the private keys 14a and 14b sends the held private keys 14a and 14b to the arrow Y1 to the other new terminal 12b. Copy as instructed in.

Yusuke Ogata, Yoshihiko Omori, Takao Yamashita, Tetsuya Iwata, "A Study on Maintenance and Management of Private Key of Authentication Method Using Asymmetric Key", IEICE Communications Society Conference, B-7-9, 2016

In the method of copying the secret keys 14a and 14b as the authentication keys between the terminals 12a and 12b described above with reference to FIG. 18, sharing of the authentication key (secret key) is limited to the terminals 12a and 12b of the same owner. Therefore, it is premised that the owner certificate 15 is issued to each of the terminals 12a and 12b. Therefore, every time a terminal is added, a third party must receive a personal verification for issuing the owner certificate to the terminal.

There are various possible means for verifying the identity, but in order to prevent impersonation due to leakage of the authentication key, a certain level of accuracy is required to accurately verify the identity of the user, so the burden on the user is considerable. Specifically, the following methods (1) to (3) implemented in the city are assumed.

(1) Presentation of face-to-face identification.
(2) Send the confirmation code to the pre-registered email address or telephone number {SMS (short message) number} and enter the confirmation code on the new terminal.
(3) An IC (integrated circuit) card whose identity has been confirmed (eg my number card, etc.) is brought into contact with the terminal.

Assuming the current usage environment in which users generally use the service by occupying a few terminals, the burden of performing identity verification only at the start of using the terminals is within the allowable range. Is assumed.

However, if the number of terminals owned including wearable terminals increases dramatically in the future, or if you want to temporarily use the shared terminals in various places to use the service, It is expected that the usage style of releasing will be generalized. In this case, each time a new terminal is added or a shared terminal is used, it is necessary to verify the identity and register the owner certificate in the terminal, which causes a problem of a heavy burden on the user.

The present invention has been made in view of such circumstances, and even if the number of terminals owned by the same user increases, a certain level of security is ensured and the web service is conveniently used between terminals. It is an object of the present invention to provide an authentication key sharing system and an inter-terminal key copying method capable of copying an authentication key required for the purpose.

As a means for solving the above-mentioned problems, the invention according to claim 1 provides a server that provides various services by communication, and a secret key paired with a public key that is held in the server and performs authentication related to the service. An authentication key sharing system that has a copy source terminal that holds the secret key that is used for communication using the service and a copy destination terminal that the private key that is held by the copy source terminal is copied by communication Both of the copy source terminal and the copy destination terminal perform mutual confirmation to establish communication between them when a predetermined operation is performed at a predetermined distance at the same time. Section, and the owner certificate issued by the third party for identity verification is registered in the copy source terminal, and the owner certificate is not registered in the copy destination terminal, the mutual certificate If mutual confirmation can be properly performed by the confirmation unit, the private key held by the copy source terminal is copied to the copy destination terminal, and the copy source terminal, when transmitting the private key for copying, The copy destination terminal has a use condition added to the secret key when adding the use condition for restricting use of the service to the secret key, and the copy destination terminal holds the use condition added to the secret key when copying the secret key. The authentication key sharing system is characterized by executing authentication processing when the service is used in accordance with the held usage conditions .

The invention according to claim 3 holds a server that provides various services by communication, and a private key paired with a public key that is held by the server and authenticates the service, and the held private key holds the service. A method of copying keys between terminals of an authentication key sharing system, comprising: a copy source terminal that uses a communication source and a copy destination terminal to which a secret key held by the copy source terminal is copied by communication, The source terminal and the copy destination terminal perform a mutual confirmation to establish communication between the two when a predetermined operation is performed at a predetermined distance at the same time, and If the owner certificate issued by identity verification by three parties is registered and the owner certificate is not registered in the copy destination terminal, if the mutual confirmation can be properly performed, the copy source terminal in running a step of copying the private key to the copy destination terminal to hold the copy source terminal, when transmitting the secret key for the copy, the use condition for limiting use of said service The step of adding to the secret key, and the copy destination terminal holds the use condition added to the secret key at the time of copying the secret key, and the authentication process at the time of using the service according to the held use condition. And a step of executing.

According to the configuration of claim 1 and the method of claim 3 , even if the owner certificate is not registered in the copy destination terminal, if mutual confirmation is OK, the private key held by the copy source terminal is stored. Can be copied. Therefore, unlike the related art, it is not necessary to perform a process in which a third party receives a personal verification for issuing the owner certificate to the terminal each time the terminal is added. Therefore, even if the number of terminals owned by the same user increases, it is possible to copy the authentication key required for using the Web service conveniently between the terminals while ensuring a certain level of security.
In addition, in the copy destination terminal in which the private key is registered by mutual confirmation OK between the terminals, the use of the service is restricted, and it is discriminated from the copy destination terminal in which the private key is registered based on the registration of the identification information. Can be promoted.

The invention according to claim 2 holds a server that provides various services by communication, and a private key paired with a public key that is held by the server and performs authentication related to the service. An authentication key sharing system having a copy source terminal that uses the service for communication and a copy destination terminal to which a private key held by the copy source terminal is copied by communication, the copy source terminal and Both of the copy destination terminals, if a predetermined operation is performed at a predetermined distance at the same time, a mutual confirmation section that establishes mutual communication for establishing mutual communication, and if the mutual confirmation is appropriate. For example, the copy source terminal includes a copy unit between the terminals that copies each of the private keys held by the copy source terminal to the copy destination terminal, and the copy destination terminal stores each of the private keys . An authentication key management unit that holds copy information including at least a confirmation method and a copy time at the time of copying is provided, and the server, in accordance with the copy information transmitted by the copy destination terminal when the service is used, It is an authentication key sharing system characterized by comprising a copy key use control unit that determines availability and restriction of use of services.

The invention according to claim 4 holds a server that provides various services by communication, a private key paired with a public key held by the server and authenticating the service, and the held private key holds the service. A method of copying keys between terminals of an authentication key sharing system, comprising: a copy source terminal that uses a communication source and a copy destination terminal to which a secret key held by the copy source terminal is copied by communication, The source terminal and the copy destination terminal perform a mutual confirmation step for establishing communication between them when a predetermined operation is simultaneously performed at a predetermined distance, and the mutual confirmation is appropriate. For example, the step of copying each of all the secret keys held by the copy source terminal to the copy destination terminal, and the copy destination terminal, when copying each of the secret keys The server performs a step of holding copy information including at least a confirmation method and a copy time, and the server determines whether or not the service can be used according to the copy information transmitted by the copy destination terminal when the service is used. An inter-terminal key copying method characterized by executing a step of defining a limitation.

According to the configuration of claim 2 and the method of claim 4 , when the server receives the copy information including at least the confirmation method and the copy time when the copy destination terminal copies the private key when using the service. In addition, it is possible to confirm the copy information and determine whether the service can be used or not. Therefore, the function of determining whether to use the service and the function of determining the restriction can be removed from the terminal, so that the function of the terminal can be reduced and the size can be reduced.

According to the present invention, even if the number of terminals owned by the same user increases, a certain level of security is ensured and the authentication key is used to copy the authentication key required for conveniently using the Web service between the terminals. A key sharing system and an inter-terminal key copying method can be provided.

It is a block diagram showing a configuration of an authentication key sharing system according to the present invention. It is a block diagram which shows the structure of the authentication key sharing system which concerns on 1st Embodiment of this invention. It is a 1st block diagram of a key management table. It is a 2nd block diagram of a key management table. It is a sequence diagram for explaining a registration process of the authentication key of the first embodiment. It is a sequence diagram for explaining the copy processing of the authentication key of the first embodiment. It is a 3rd block diagram of a key management table. It is a 4th block diagram of a key management table. It is a 5th block diagram of a key management table. FIG. 9 is a sequence diagram for explaining a process of using the authentication key according to the first embodiment. It is a block diagram which shows the structure of the authentication key sharing system which concerns on 2nd Embodiment of this invention. It is a 6th block diagram of a key management table. It is a 7th block diagram of a key management table. It is a sequence diagram for explaining the registration processing of the authentication key of the second embodiment. It is a sequence diagram for explaining the copy processing of the authentication key of the second embodiment. It is a sequence diagram for explaining the processing of using the authentication key of the second embodiment. The structure of the user authentication technology of the Web service using the conventional public key cryptography is shown, (a) is a block diagram showing the case where the authentication key is in the secure area of the terminal, and (b) is the secure area of the terminal. It is a block diagram showing the case where there is no authentication key. It is a block diagram which shows the structure of the conventional authentication key sharing system.

Embodiments of the present invention will be described below with reference to the drawings.
First, the principle of the present invention will be described with reference to FIG. FIG. 1 is a block diagram showing the configuration of an authentication key sharing system 30 according to the present invention.
The authentication key sharing system (also referred to as a system) 30 includes Web servers (also referred to as servers) 31a and 31b that provide various Web services (also referred to as services) A and B such as online banking and online shopping, and users (users). The personal computer, the smartphone, the tablet, and the like used by the first, second, and third terminals 32a, 32b, and 32c, and the terminal management server 33.

The servers 31a and 31b hold public keys 11a and 11b as authentication keys associated with the services A and B, respectively. In the first and third terminals 32a, 32c, private keys 14a, 14b as authentication keys paired with the public keys 11a, 11b of the servers 31a, 31b are registered. Further, the owner certificate 15 issued by the third party to verify the identity is registered in the first and third terminals 32a, 32c. The second terminal 32b is in a state where the private keys 14a and 14b and the owner certificate 15 are not registered.

The terminal management server 33 issues the owner certificate 15 to the first and third terminals 32a and 32c by the third party's identity verification and registers the registration, as shown by the double-headed arrow Y2. Check.

In the present invention, even between the second terminal 32b to which the owner certificate 15 has not been issued and the first terminal 32a to which the owner certificate 15 has been issued, those If mutual confirmation (described later) indicated by the bidirectional arrow Y3 can be made between the terminals 32a and 32b, it is considered that the owners can be easily confirmed. At this time, sharing of the secret keys 14a and 14b, which are the authentication keys, is permitted. That is, the secret key held by the first terminal 32a (for example, the secret key 14a) is copied (also referred to as an authentication key copy or a key copy) to the second terminal 32b as indicated by an arrow Y4.

The above-mentioned mutual confirmation is conditional on the terminals 32a and 32b performing a predetermined operation at a predetermined short distance (a short distance of about 2 m or less) at the same time. Specific examples of means for performing mutual confirmation include connecting the terminals 32a and 32b with a short cable such as a USB cable having a predetermined length, RFID (Radio Frequency Identification), NFC (Near Field Communication), and BLE ( A short-distance wireless connection such as Bluetooth (registered trademark) Low Energy) is made, and the same confirmation code is input to establish short-distance communication. The reason for establishing this near field communication is to prevent spoofing and improve security.

However, in sharing the authentication key (secret key 14a, 14b) based on the mutual confirmation between the terminals 32a, 32b, one terminal 32b issues the owner certificate 15 by confirming the identity of the third party. Has not been done. Therefore, as compared with the authentication key copy designated by the arrow Y5 between the first and third terminals 32a and 32c for which the owner certificate 15 is issued, the authentication key copy under the limited use condition described later. To be able to.

The following (1) to (3) are examples of limited usage conditions for the authentication key copy.
(1) The authentication key can be used only for a certain period of time after the authentication key is copied.
(2) After the authentication key is copied, the authentication key can be used only a certain number of times.
(3) Only a specific secret key (see the secret key 14a shown in the second terminal 32b in FIG. 1) can be used instead of all the secret keys 14a and 14b.

Such a copy condition of the authentication key (secret key 14a, 14b) can be designated by a service provider who performs user authentication based on the existence of the authentication key (secret key 14a, 14b), and the copy process can be performed. It is also possible for the executing user to specify it at the time of copying.

<Structure of First Embodiment>
Next, the authentication key sharing system according to the first embodiment of the present invention will be described. FIG. 2 is a block diagram showing the configuration of the authentication key sharing system 30A according to the first embodiment of the present invention. However, in the system 30A, the same parts as those of the authentication key sharing system 30 shown in FIG. 1 are designated by the same reference numerals, and the description thereof will be appropriately omitted.

The system 30A shown in FIG. 2 includes servers 31a, 31b, 31c that provide various services, and a copy source terminal 32a and a copy destination terminal 32b used by the user.

The server 31a includes an authentication unit 41a that holds a public key 11a as an authentication key associated with the service A.
The server 31b includes an authentication unit 41b that holds a public key 11b as an authentication key associated with the service B.
The server 31c includes an authentication unit 41b that holds a public key 11c as an authentication key associated with the service C.

The copy source terminal 32a includes a Web client 43a, a mutual confirmation unit 44a, and a secure area 42a. The secure area 42a includes an authentication key management unit 45a, a copy unit 46a, and a certificate management unit 47a. ..
The copy destination terminal 32b includes a Web client 43b, a mutual confirmation unit 44b, and a secure area 42b. The secure area 42b includes an authentication key management unit 45b, a copy unit 46b, and a certificate management unit 47b. ..
The secure areas 42a and 42b are safe areas separated from the normal areas and are realized by a technique such as TEE (Trusted Execution Environment).

The web clients 43a and 43b are, for example, smartphone applications for using web browsers and services on the web. In the FIDO technology that is the base of the present invention, the Web clients 43a and 43b are architectures that implement not only servers and clients (browsers and Web applications) for normal use of Web services but also software components that realize FIDO authentication. Has become. Since the present invention is also based on this architecture, a web client exists.

The mutual confirmation units 44a and 44b perform the above-described mutual confirmation, as indicated by a double-headed arrow Y7.
The authentication key management unit 45a includes a key management table T1a shown in FIG. The authentication key management unit 45b includes a key management table T1b shown in FIG. In the key management table T1a, a key ID that is a service-specific ID, a secret key, and a copy policy are registered, and in the key management table T1b, the above-mentioned usage conditions are registered.

If the mutual confirmation is possible, the copy units 46a and 46b copy the secret keys 14a and 14b held by the copy source terminal 32a to the copy destination terminal 32b as indicated by arrow Y8.
The certificate management units 47a and 47b store the owner certificate 15.

In this embodiment, the copy unit 46a, which is an application that realizes the authentication key copy that operates in the secure area 42a of the copy source terminal 32a, uses the authentication key to be copied based on the condition specified by the service provider or the user. A certain secret key (for example, the secret keys 14a and 14b) is determined, the usage condition is given, and then the copy process of the secret keys 14a and 14b is executed.

In the copy destination terminal 32b, the copy unit 46b receives the private keys 14a and 14b, and the authentication key management unit 45b, which also operates in the secure area 42b, within the range according to the specified usage conditions, the private key It is possible to use 14a and 14b.

<Registration Processing of Authentication Key of First Embodiment>
The process of registering the public key as the authentication key corresponding to the service in the server (see the double-headed arrow Y22 in FIG. 2) will be described with reference to the sequence diagram shown in FIG.

In step S1 shown in FIG. 5, the Web client 43a of the copy source terminal 32a requests the authentication unit 41a of the server (for example, the server 31a) to register the public key 11a as an authentication key. As shown by the arrow Y11a, the authentication unit 41a holds information in which the key ID (service-specific ID) is associated with the copy policy.

That is, the copy policy is associated with the key ID “service3.org”. The copy policy is a confirmation means "mutual confirmation" which is a confirmation level of owner agreement for allowing copying, the number of times the service is used after copying "1", and the essential hardware that the copy destination terminal must have. It is essential hardware such as "TPM (Trusted Platform Module)".

In step S2, the authentication unit 41a transmits the registration request for the authentication key (public key 11a) and the copy policy held by the authentication unit 41a to the authentication key management unit 45a of the copy source terminal 32a.

Next, in step S3, biometric authentication of the user is performed at the copy source terminal 32a. This is done, for example, by the user presenting his or her fingerprint to the fingerprint authentication means of the terminal 32a. In addition, there is biometric authentication such as vein authentication.

If this biometric authentication is OK, in step S4, the authentication key management unit 45a generates a key pair of the private key 14a and the public key 11a as a pair of authentication keys. After the generation, the authentication key management unit 45a indicates the secret key 14a in hexadecimal notation "FE0085B126" in the secret key column associated with the key ID "service3.org" in the key management table T1a, as indicated by arrow Y10. ..”, “Mutual confirmation” in the confirmation means column of the copy policy column, “1” in the number of times column, and “TPM” in the essential hardware column. This copy policy, like the private key 14a, is stored in the secure area 42a of the copy source terminal 32a so that it cannot be easily tampered with. If the biometric authentication is NG (No Good), an error is notified to the copy source terminal 32a so that the user can recognize it. Hereinafter, “FE0085B126...” In which the secret key 14a is represented in hexadecimal notation is described as the secret key 14a “FE0085B126...”. The same applies to other keys.

Further, in step S5, the authentication key management unit 45a transmits the public key 11a generated in step S4 to the authentication unit 41a of the server 31a for registration.

In step S6, the authentication unit 41a registers the public key 11a “62C951BA2F...” In the public key column of the key management table T2, as indicated by the arrow Y11. The key management table T2 is a table that holds as many entries associating an account name with a public key (authentication key) for the number of accounts using the server 31a. After the registration, the authentication unit 41a transmits the registration completion to the Web client 43 of the copy source terminal 32a in step S7.

<Process of Copying Authentication Key of First Embodiment>
Next, a case where the private key as the authentication key is copied from the copy source terminal 32a to the copy destination terminal 32b for which the owner certificate is not registered will be described with reference to FIG.

When copying the secret key, the two terminals 32a and 32b mutually perform a predetermined operation at a predetermined short distance (a short distance of about 2 m or less) at the same time to establish communication with each other. Confirm. Therefore, in step S10 shown in FIG. 6, a copy instruction from the user is issued to the copy unit 46a of the copy source terminal 32a, and in step S11, a request corresponding to the copy instruction is issued from the copy unit 46a. This is performed by the confirmation unit 44a.

In step S12, the mutual confirmation unit 44a issues a close proximity communication establishment request to the mutual confirmation unit 44b of the copy destination terminal 32b. Upon receiving this request, the copy destination terminal 32b displays a connection code (passcode) to be shown to the user on the display (not shown) of the copy source terminal 32a in step S13. This connection code is a code string for connecting the terminals 32a and 32b to each other. The user who sees the connection code displayed on the display inputs the connection code to the mutual confirmation unit 44a of the copy source terminal 32a in step S14.

The mutual confirmation unit 44a transmits the connection code to the mutual confirmation unit 44b of the copy destination terminal 32b in step S15. Upon receiving this connection code, the mutual confirmation unit 44b sends a near field communication establishment response to the mutual confirmation unit 44a of the copy source terminal 32a in step S16. The mutual confirmation unit 44a notifies the copy unit 46a that the near field communication is completed in step S17.

On the other hand, the copy unit 46b of the copy destination terminal 32b transmits the information about the hardware and the like included in the self terminal 32b to the copy unit 46a in Step S18 after transmitting the near field communication establishment response in Step S16. .. Upon receiving the information of the copy destination terminal 32b and the completion of the near field communication establishment in step S17, the copy unit 46a holds the key management table shown in FIG. 7 held in the authentication key management unit 45a in step S19. Reference is made to T1a as follows.

That is, the copy unit 46a refers to the copy policy designated by the service A side of the server 31a in the key management table T1a, and extracts, for example, the secret keys “129CC8B6A2...” And “9D2F104C25...” that are permitted to be copied. The extracted secret keys “129CC8B6A2...” And “9D2F104C25...” are associated with the key IDs “service2.jp” and “service4.ru”.

Next, in step S20, the biometric authentication of the user is performed by the authentication key management unit 45a of the copy source terminal 32a. If the biometric authentication is OK, the biometric authentication OK is notified from the authentication key management unit 45a to the copy unit 46a in step S21. Further, in step S22, the user additionally specifies copy conditions in the copy unit 46a. This is for the user to select the authentication key (secret key) that he wants to copy and to specify the usage conditions (duration etc.) after copying.

The copy unit 46a that has received the above-mentioned biometric authentication OK and additional designation transmits the authentication key (secret key) and the usage conditions to the authentication key management unit 45b via the copy unit 46b of the copy destination terminal 32b in step S23. .. The authentication key (secret key) and the usage condition are associated with each other as in the key management table T1a shown in FIG. 8, and are transmitted in a confidential state by encryption.

In the authentication key management unit 45b, biometric authentication of the user is performed in step S24. If the biometric authentication is OK, the authentication key management unit 45b stores the private key and the usage condition in step S25. The key IDs "service2.jp" and "service4.ru" of the key management table T1b shown in FIG. 9 store secret keys "129CC8B6A2... "And "9D2F104C25..." And usage conditions. As the usage conditions, for example, the secret key “129CC8B6A2...” Is associated with the remaining time “2 hours”, and the secret key “9D2F104C25...” Is associated with the remaining number “10” and the remaining time “2 hours”. Be stored.

<Process of Using Authentication Key of First Embodiment>
Next, a process of performing user authentication (see bidirectional arrow Y21 in FIG. 2) for using the service A of the server 31a by using the secret key as the authentication key copied to the copy destination terminal 32b, This will be described with reference to the sequence diagram shown in FIG.

The process at this time is based on the normal challenge/response authentication in FIDO, but the secret key copied from another terminal is secret only if it meets the usage conditions specified at the time of copying. It is possible to perform signature using a key.

In step S31 shown in FIG. 10, it is assumed that the Web client 43b of the copy destination terminal 32b makes a user authentication request for using the service A of the server 31a to the authentication unit 41a of the server 31a. In step S32, the authentication unit 41a transmits the challenge, which is a random character string including the key ID unique to the service A, to the authentication key management unit 45b of the copy destination terminal 32b.

Next, in step S33, the biometric authentication of the user is performed by the authentication key management unit 45b that has received the challenge including the key ID. If the biometric authentication is OK, the authentication key management unit 45b signs the challenge with the secret key 14a in step S34. This signature is performed after the authentication key management unit 45b refers to the usage conditions of the key management table T1b designated by the arrow Y14 and confirms that the private key of the corresponding key ID can be used. For example, the signature is performed after confirming that the private key “9D2F104C25...” With the corresponding key ID “service4.ru” is available. After using the service with this signature, the table is updated if it needs to be updated. For example, the remaining number of times in the key management table T1b is updated to “10→9”.

In step S35, the authentication key management unit 45b returns the signed authentication challenge as the response issued by the signature to the authentication unit 41a of the server 31a. In step S36, the authentication unit 41a verifies the signed authentication challenge with the public key 11a "62C951BA2F... "Stored in the key management table T2 indicated by the arrow Y15. If the verification is OK, in step S37, the authentication unit 41a notifies the Web client 43 of the copy destination terminal 32b of the completion of authentication. If the verification in step S36 is NG, the copy destination terminal 32b is notified of the error so that the user can recognize it.

<Effects of First Embodiment>
As described above, the authentication key sharing system 30A of the first embodiment has the following characteristic configuration. The system 30A holds servers 31a to 31c that provide various services through communication, secret keys 14a to 14c paired with the public keys 11a to 11c that are held by the servers 31a to 31c and authenticate services, and hold this. The copy source terminal 32a uses the service by communication with the generated secret keys 14a to 14c, and the copy destination terminal 32b to which the secret keys 14a to 14c held by the copy source terminal 32a are copied by communication.

(1) Both the copy source terminal 32a and the copy destination terminal 32b perform mutual confirmation to establish mutual communication when a predetermined operation is performed at a predetermined distance at the same time. 44a and 44b are provided. When the owner certificate 15 issued by the third party's identity verification is registered in the copy source terminal 32a and the owner certificate 15 is not registered in the copy destination terminal 32b, the mutual confirmation unit 44a, If mutual confirmation can be properly performed by 44b, the private keys 14a to 14c held in the copy source terminal 32a are copied to the copy destination terminal 32b.

According to this configuration, even if the owner certificate 15 is not registered in the copy destination terminal 32b, if the mutual confirmation is OK, the private keys 14a to 14c held by the copy source terminal 32a can be copied. it can. For this reason, unlike the conventional case, it is not necessary to perform a process in which a third party receives a personal identification for issuing the owner certificate 15 to the terminal each time the terminal is added. Therefore, even if the number of terminals owned by the same user increases, it is possible to copy the authentication key necessary for using the Web service conveniently between the terminals 32a and 32b while ensuring a certain level of security. it can.

Therefore, if the number of terminals that you own, including wearable terminals, increases dramatically in the future, or you want to temporarily use the shared terminals in various places to use the service, When the usage style of releasing is generalized, the private key can be easily copied to a new terminal to use the service.

(2) The copy source terminal 32a includes an authentication key management unit 45a that adds a usage condition for restricting the use of services to the secret keys 14a to 14c when transmitting the secret keys 14a to 14c for copying. .. The copy destination terminal 32b holds the usage conditions added to the private keys 14a to 14c at the time of copying the private keys 14a to 14c, and uses the service according to the held usage conditions.

As a result, the following effects can be obtained. In the copy destination terminal 32b in which the secret keys 14a to 14c are registered by mutual confirmation OK between the terminals 32a and 32b, the use of the service is restricted, and the secret keys 14a to 14c are registered based on the registration of the personal identification information. Differentiating from the copied destination terminal 32b can be achieved.

<Structure of Second Embodiment>
Next, an authentication key sharing system according to the second embodiment will be described with reference to the authentication key sharing system 30B shown in FIG. However, in the system 30B, the same parts as those of the authentication key sharing system 30A of the first embodiment shown in FIG. 2 are designated by the same reference numerals, and the description thereof will be appropriately omitted.

The system 30B shown in FIG. 11 is different from the system 30A in the following points. First, the servers 31a to 31c include copy key use control units 49a to 49c in addition to the authentication units 41a to 41c. Next, the copy source terminal 32a copies all the authentication keys (secret keys 14a to 14c) to the copy destination terminal 32b after the mutual confirmation instructed by the arrow Y7, as shown by the arrow Y8a. The copy destination terminal 32b holds objective information at the time of copying, such as what year, what month, and what time. Then, when the copy destination terminal 32b uses the service, it transmits information at the time of copying to the servers 31a to 31c, and the copy key usage control units 49a to 49c of the servers 31a to 31c confirm the information at the time of copying and use the service. The point is to perform processing such as deciding whether or not to allow or restrict.

However, the authentication key management unit 45a of the copy source terminal 32a includes a key management table T1a shown in FIG. The authentication key management unit 45b includes a key management table T1b shown in FIG. In the key management table T1a, a key ID and a secret key that are service-specific IDs are registered, and in the key management table T1b, a key ID, a secret key, and copy information that is information at the time of copying are registered.

<Registration Processing of Authentication Key of Second Embodiment>
The process of registering the public key as the authentication key corresponding to the service in the server (see the double-headed arrow Y22A in FIG. 11) will be described with reference to the sequence diagram shown in FIG.

In step S1A shown in FIG. 14, the Web client 43a of the copy source terminal 32a requests the authentication unit 41a of the server (for example, the server 31a) to register the public key 11a as an authentication key. The authentication unit 41a acquires the key ID corresponding to the service A as indicated by the arrow Y31, and as shown in step S2A, the registration request for the authentication key (public key 11a) and the key ID are transmitted to the copy source terminal 32a. To the authentication key management unit 45a.

Next, in step S3A, biometric authentication of the user is performed at the copy source terminal 32a. If the biometric authentication is OK, in step S4A, the authentication key management unit 45a generates a key pair of the private key 14a and the public key 11a as a pair of authentication keys. After this generation, the authentication key management unit 45a holds the private key 14a "FE0085B126... "In the private key column associated with the key ID "service1.com" of the key management table T1a designated by the arrow Y32.

Further, in step S5A, the authentication key management unit 45a transmits the public key 11a generated in step S4A to the authentication unit 41a of the server 31a for registration.

In step S6A, the authentication unit 41a registers the public key 11a "62C951BA2F..." In the public key column associated with the account name "User1" of the key management table T2 designated by the arrow Y33. After this registration, the authentication unit 41a transmits the registration completion to the Web client 43 of the copy source terminal 32a in step S7A.

It should be noted that also in the other servers 31b and 31c, the process of registering the public keys 11b and 11c as the authentication keys corresponding to the services B and C is performed in the same manner as above.

<Process of Copying Authentication Key of Second Embodiment>
Next, a case where the private key as the authentication key is copied from the copy source terminal 32a to the copy destination terminal 32b for which the owner certificate is not registered will be described with reference to FIG. However, in FIG. 15, the same steps as those in the sequence diagram shown in FIG. 6 of the first embodiment are designated by the same reference numerals, and the description thereof will be appropriately omitted.

The processing from steps S10 to S17 shown in FIG. 15 is the same as that in FIG. In the final step S17 of those processes, the copy unit 46a is notified of the completion of the near field communication establishment.
Upon receiving this notification, the copy unit 46a refers to the key management table T1a designated by the arrow Y35 in step S41, and retrieves all the stored secret keys 14a, 14b, 14c. That is, the secret keys 14a, 14b, 14c “OA295BE44F... ”, “129CC8B6A2... ," and "FE0085B126...".

Next, in step S42, the biometric authentication of the user is performed by the authentication key management unit 45a of the copy source terminal 32a. If the biometric authentication is OK, the authentication key management unit 45a notifies the copy unit 46a of the biometric authentication OK in step S43. Upon receiving this notification, the copy unit 46a copies the secret keys 14a, 14b, 14c searched in Step S41 to the copy unit 46b of the copy destination terminal 32b in Step S44. That is, the secret keys 14a, 14b, 14c "OA295BE44F... ", "129CC8B6A2... "And "FE0085B126" associated with the key IDs "service1.com", "service2.jp" and "service3.org" indicated by the arrow Y36. ..." is copied to the copy unit 46b of the copy destination terminal 32b.

The copy unit 46b notifies the authentication key management unit 45b of the copied secret keys 14a to 14c in step S45. After this notification, in step S46, the authentication key management unit 45b performs biometric authentication of the user. If this biometric authentication is OK, the authentication key management unit 45b stores the private key in step S47. At this time, the authentication key management unit 45b stores the copy information (information at the time of copying) in the key management table T1b designated by the arrow Y37 as follows. That is, as the copy information, mutual confirmation or coincidence confirmation of the owner certificate 15 (FIG. 11) is stored in the confirmation method column, and the copy execution time is stored in the execution time column. This storage is performed in association with the relevant secret keys 14a, 14b, 14c "OA295BE44F... ", "129CC8B6A2..." And "FE0085B126...".

<Process of Using Authentication Key of Second Embodiment>
Next, a process of performing user authentication (see bidirectional arrow Y21A in FIG. 11) for using the service A of the server 31a by using the secret key as the authentication key copied to the copy destination terminal 32b, This will be described with reference to the sequence diagram shown in FIG.

The process at this time is based on the normal challenge/response authentication in FIDO, but when the copy destination terminal 32b uses the secret keys 14a to 14c copied from the copy source terminal 32a, the corresponding secret key ( For example, the copy information associated with 14a) and the additional information consisting of the information of the copy source terminal 32a itself (for example, the hardware function provided) are added and returned. The server 31a side confirms the additional information and determines whether or not the service can be used and the limitation. Such processing will be described in detail below.

In step S51 shown in FIG. 16, it is assumed that the Web client 43b of the copy destination terminal 32b makes a user authentication request for using the service A of the server 31a to the authentication unit 41a of the server 31a. In step S52, the authentication unit 41a transmits a challenge, which is a random character string including the key ID unique to the service A, to the authentication key management unit 45b of the copy destination terminal 32b.

Next, in step S53, the biometric authentication of the user is performed by the authentication key management unit 45b that has received the challenge including the key ID. If this biometric authentication is OK, the authentication key management unit 45b signs the challenge with the secret key 14a in step S54. For this signature, the authentication key management unit 45b performs a signature by searching the key management table T1b designated by the arrow Y41 for the copy information associated with the relevant private key 14a "OA295BE44F... ". After this signature, the number of signatures in the copy information column is updated to “0→1”. This signature creates a signed challenge as a response.

Further, the authentication key management unit 45b adds the TPM information (see FIG. 7) which is a hardware function of the copy source terminal 32a itself to the copy information, as indicated by the arrow Y42, as the terminal information of the copy source terminal 32a itself. The additional information is added to the signed authentication challenge and returned to the authentication unit 41a of the server 31a in step S55.

The authentication unit 41a receiving this return notifies the copy key usage control unit 49a of the additional information including the terminal information in step S56. In step S57, the copy key use control unit 49a confirms the copy information of the additional information and the terminal information, and determines whether or not the service can be used and the restriction. For example, if there is mutual confirmation as the method of confirming the copy information, the use of the service related to the private key copied by the mutual confirmation is refused. Or, it decides that the use of the service related to the private key copied by mutual confirmation will be possible, but that there will be restrictions.
In step S58, the copy key usage control unit 49a notifies the authentication unit 41a of the result of the permission/prohibition and the limitation information.

If the service use notified in step S58 is “possible”, the authentication unit 41a determines, in step S59, the public key 11a “62C951BA2F” stored in the key management table T2 that indicates the signed authentication challenge with the arrow Y43. To verify. If this verification is OK, in step S60, the authentication unit 41a notifies the Web client 43b of the copy destination terminal 32b of the completion of authentication. In addition, when the service use “no” is notified in step S58, the verification process for the service use is not performed. If the verification in step S59 is NG, the copy destination terminal 32b is notified of the error by the user.

<Effects of Second Embodiment>
As described above, the authentication key sharing system 30B of the second embodiment has the following characteristic configuration. The system 30B holds servers 31a to 31c that provide various services through communication, private keys 14a to 14c paired with the public keys 11a to 11c held by the servers 31a to 31c and authenticating the services, and hold this. The copy source terminal 32a uses the service by communication with the generated secret keys 14a to 14c, and the copy destination terminal 32b to which the secret keys 14a to 14c held by the copy source terminal 32a are copied by communication.

(1) Both the copy source terminal 32a and the copy destination terminal 32b perform mutual confirmation to establish mutual communication when a predetermined operation is performed at a predetermined distance at the same time. If the mutual confirmation is proper, the inter-terminal copy units 46a and 46b for copying all the secret keys 14a to 14c held in the copy source terminal 32a to the copy destination terminal 32b are provided. The copy destination terminal 32b includes an authentication key management unit 45b that holds copy information including at least a confirmation method and copy time when all the secret keys 14a to 14c are copied. The servers 31a to 31c are configured to include copy key usage control units 49a to 49c that determine whether or not to use the service and to limit the usage of the service according to the copy information that the copy destination terminal 32b transmits when using the service.

According to this configuration, the servers 31a to 31c copy when the copy destination terminal 32b receives the copy information including at least the confirmation method and the copy time when the private keys 14a to 14c are copied when the service is used. By checking the information, it is possible to determine whether or not to use the service and to determine the restrictions. Therefore, the function of determining whether to use the service and the function of determining the restriction can be removed from the terminals 32a and 32b, so that the functions of the terminals 32a and 32b can be reduced and the size can be reduced.

In addition, the specific configuration can be appropriately changed without departing from the gist of the present invention.

11a, 11b, 11c Public key 14a, 14b, 14c Private key 30, 30A, 30B Authentication key sharing system 31a, 31b, 31c Web server (server)
32a Copy source terminal 32b Copy destination terminal 41a, 41b, 41c Authentication unit 43a, 43b Web client 44a, 44b Mutual confirmation unit 45a, 45b Authentication key management unit 46a, 46b Copy unit 47a, 47b Copy key usage control unit T1a, T1a, T2 key management table

Claims (4)

A copy that holds a server that provides various services by communication and a private key that is paired with a public key that is held by the server and that performs authentication related to the service, and that uses the held private key for communication using the service An authentication key sharing system having an original terminal and a copy destination terminal to which a secret key held in the copy source terminal is copied by communication,
Both the copy source terminal and the copy destination terminal, when a predetermined operation is performed at a predetermined distance at the same time, a mutual confirmation unit for performing mutual confirmation for establishing communication between the both,
If the owner certificate issued by the third party's identity verification has been registered in the copy source terminal and the owner certificate has not been registered in the copy destination terminal, the mutual confirmation unit performs mutual verification. If it can be confirmed properly, copy the private key held by the copy source terminal to the copy destination terminal ,
The copy source terminal includes an authentication key management unit that adds a usage condition for restricting use of the service to the private key when transmitting the private key for copying,
The copy destination terminal holds the use condition added to the secret key at the time of copying the secret key, and executes the authentication process when using the service according to the held use condition. Key sharing system. A copy that holds a server that provides various services by communication and a private key that is paired with a public key that is held by the server and that performs authentication related to the service, and that uses the held private key for communication using the service An authentication key sharing system having an original terminal and a copy destination terminal to which a secret key held in the copy source terminal is copied by communication,
Both the copy source terminal and the copy destination terminal,
When a predetermined operation is performed at a predetermined distance at the same time, a mutual confirmation unit that performs mutual confirmation to establish communication between the both,
If the mutual confirmation is proper, a copy unit between the terminals that copies each of the private keys held by the copy source terminal to the copy destination terminal is provided,
The copy destination terminal includes an authentication key management unit that holds copy information including at least a confirmation method and a copy time when copying each of all the secret keys,
The server includes a copy key usage control unit that determines availability and restriction of usage of the service according to the copy information transmitted when the copy destination terminal uses the service. system. A copy source terminal that holds a server that provides various services by communication and a secret key paired with a public key that is held by the server and authenticates the service, and that uses the held secret key to use the service for communication And a copy destination terminal to which a private key held in the copy source terminal is copied by communication, the method of copying keys between terminals in an authentication key sharing system,
The copy source terminal and the copy destination terminal are
When a predetermined operation is performed at a predetermined distance at the same time, a step of performing mutual confirmation for establishing communication between the both,
If the owner certificate issued by the third party's identity verification is registered in the copy source terminal and the owner certificate is not registered in the copy destination terminal, the mutual confirmation is properly performed. If possible, execute the step of copying the private key held in the copy source terminal to the copy destination terminal,
The copy source terminal, when transmitting the private key for copying, adding a usage condition for restricting usage of the service to the private key;
The copy destination terminal holds the use condition added to the secret key when the secret key is copied, and executes the authentication process when using the service according to the held use condition. A terminal-to-terminal key copying method characterized by: A copy source terminal that holds a server that provides various services by communication and a secret key paired with a public key that is held by the server and authenticates the service, and that uses the held secret key to use the service for communication And a copy destination terminal to which a private key held in the copy source terminal is copied by communication, the method of copying keys between terminals in an authentication key sharing system,
The copy source terminal and the copy destination terminal are
When a predetermined operation is performed at a predetermined distance at the same time, a step of performing mutual confirmation for establishing communication between the both,
If the mutual confirmation is proper, execute a step of copying each of all the private keys held in the copy source terminal to the copy destination terminal,
The copy destination terminal is
Perform the step of holding the copy information including at least confirmation method and copy time when the copy of each of all said private key,
The server is
An inter-terminal key copy method, characterized by executing a step of determining permission/prohibition of use of the service in accordance with the copy information transmitted from the copy destination terminal when the service is used.

Images