JP7200754B2 - Server device, terminal device, authentication system and authentication method - Google Patents

Description

The present disclosure relates to technology for a communication device to authenticate a communication partner.

A technique in which a communication device authenticates a communication partner is widely used to prevent unauthorized access by the communication partner.

For example, in a system that issues and purchases electronic tickets for an event between a server device on the Internet and a mobile phone such as a smartphone, authentication processing of the mobile phone is required to prevent illegal purchase of electronic tickets by a user without purchase authority. is done. As an example, the following proposal exists.

In this proposal, a ticket application (application software) installed in a mobile phone is activated, and a ticket purchase site provided by a server device is accessed from the mobile phone. Then, the user of the mobile phone performs an operation of inputting necessary items such as the e-mail address of the mobile phone on the application screen displayed on the browser of the display of the mobile phone, and applies for the purchase of the ticket. Then, a ticket purchase application is registered in the server device with the input contents.

When a registered user wins a lottery held by a server device, an e-mail notification of winning is delivered from the server device to the user's cellular phone. The user who receives the e-mail activates the ticket application on the mobile phone and displays the winning ticket receipt screen on the display browser. Then, an input operation is performed to request receipt of the ticket on the receipt screen. Then, a one-time password is generated by encrypting the terminal ID of the mobile phone and the time stamp with a common key. For the terminal ID of the mobile phone, for example, identification information unique to the ticket application of the mobile phone can be used.

The user's mobile phone sends an SMS (Short Message Service) message including the generated one-time password in the text as an authentication request to the server device using the SMS application. The transmitted authentication request is received by the server device via the communication network. The authentication request is also received at the gateway device of the communication network.

The server device decrypts the one-time password of the SMS message received as the authentication request with the common key, and acquires the terminal ID and time stamp of the mobile phone as an authentication request log.

The gateway device sends the sender phone number of the received SMS message as the authentication request, ie, the user's mobile phone number, to the server device together with the one-time password in the body of the SMS message.

The server device performs the first authenticity determination of the authentication request by matching the mobile phone number of the user received from the gateway device with the mobile phone number of the winner registered in itself. Also, the server device decrypts the one-time password received from the gateway device with the common key, and acquires the terminal ID and time stamp of the mobile phone as an authentication request log. Then, by comparing the obtained authentication request log, the terminal ID and time stamp of the mobile phone in the authentication request log, and the authentication request log obtained from the authentication request received by itself, the second authenticity determination of the authentication request is performed. .

If both the first and second authenticity determinations verify the authenticity of the authentication request, then the user's mobile phone is authenticated as the winner's mobile phone. When the mobile phone is authenticated, ticket data is transmitted from the server device to the user's mobile phone. Then, an electronic ticket is issued on the mobile phone of the user who received the ticket data (see, for example, Patent Document 1).

Japanese Patent No. 6259536

According to the above proposal, if a third party intercepts the contents of the communication between the server device and the user's mobile phone, the information that should have been sent from the user's mobile phone may be stolen by the third party for illegal purposes. It would be possible to copy and transmit from one's own mobile phone to the server device. If such an event occurs, the server device will perform an operation not intended by the user.

For example, if a legitimate user's transmission information that a third party snoops on is content that is repeatedly transmitted to the server device, the server device repeatedly executes the corresponding process each time it is received. Especially in such a case, it becomes difficult to ensure information security even if encrypted communication is performed with the server device.

The present disclosure has been made in view of the above circumstances, and the purpose of the present disclosure is to perform encrypted communication with a communication partner using a common key. To ensure the security of information even if it is illegally transmitted.

In order to achieve the above object, the server device according to the first aspect of the present disclosure includes:
a database unit that stores a database of identification information of events in which the communication terminal device is involved;
an ID issuing unit that issues an event ID associated with the event-related signal received from the communication terminal device each time a trigger condition is satisfied;
an ID transmission unit configured to transmit the issued event ID to the communication terminal device serving as a transmission source of the signal associated with the issued event ID each time the ID issuing unit issues the event ID;
an updating unit that updates the identification information in the database to identification information obtained by encrypting the issued event ID with a common key each time the ID issuing unit issues the event ID;
Terminal information of the communication terminal device from the communication terminal device that received the event ID, the identification information obtained by encrypting the latest event ID received by the communication terminal device with the common key, and a signal receiver that receives the signal containing event information;
a determining unit that compares the identification information in the signal received by the signal receiving unit with the identification information in the database to determine the authenticity of the signal;
Prepare.

According to the server device according to the first aspect of the present disclosure, an event ID associated with a signal received from the communication terminal device regarding an event involving the communication terminal device is issued each time a trigger condition is satisfied, and the signal is transmitted. It is transmitted to the original communication terminal device.

Also, every time an event ID is issued, the contents of the database stored in the database unit are updated. This database defines identification information of events in which communication terminals are involved. This identification information is generated by encrypting the event ID transmitted to each communication terminal device with a common key. Therefore, when an event ID is issued, the identification information defined in the database is updated with the identification information generated using the newly issued event ID.

On the other hand, when an event involving the communication terminal device occurs in the communication terminal device that is the source of the signal, identification information is generated by encrypting the event ID received from the server device with the same common key as the server device. Then, a signal including the generated identification information, terminal information for identifying its own communication terminal device, and event information regarding an event in which it participates is transmitted from the communication terminal device to the server device.

The server device that receives the signal from the communication terminal device determines the authenticity of the received signal. This determination checks whether the identification information in the signal received by the server device matches the identification information defined in the database.

As a result of collating the database, if the identification information in the received signal matches the identification information in the database, it is determined that the received signal is authentic, and if they do not match, it is determined that the received signal is not authentic. be.

Here, for the identification information generated by the communication terminal device, the latest event ID among the event IDs received by the communication terminal device up to the time when an event involving the communication terminal device occurs is used. Therefore, the identification information included in the signal that the communication terminal device transmits to the server device is updated with new content each time the communication terminal device receives a new event ID from the server device.

For this reason, even if a third party steals a peek at a signal transmitted from a communication terminal device at some point in time and later transmits a duplicated signal for fraudulent purposes, the received signal can be verified by matching the identification information using the database. determined to be inauthentic.

Therefore, even if a third party snoops on the communication content of the communication terminal device and duplicates it and sends it to the server device illegally in encrypted communication using a common key between the communication terminal device and the server device, It is possible to ensure the security of information in public communication.

Further, the server device according to the second aspect of the present disclosure is the server device according to the first aspect of the present disclosure,
The ID issuing unit issues the event ID for each communication terminal device corresponding to the event execution request received as the signal from each communication terminal device,
The ID transmission unit transmits the issued event ID to the communication terminal device as a request source of the execution request corresponding to the issued event ID,
The event information in the execution request received by the signal receiving unit includes content information of the event whose execution is requested by the communication terminal device that received the event ID by the execution request,
The determination unit converts the identification information in the execution request received by the signal reception unit to the identification information in the database stored in the database unit for the communication terminal device corresponding to the terminal information in the execution request. Authenticity of the execution request is determined by matching with the identification information.

According to the server device according to the second aspect of the present disclosure, in the server device according to the first aspect of the present disclosure, the event ID corresponding to the event execution request received from the communication terminal device is set each time the trigger condition is satisfied. publish. The issued event ID is transmitted to the communication terminal device that is the source of the event execution request.

The database unit stores a database of identification information of events requested to be executed by the communication terminal device for each communication terminal device. Then, each time an event ID is issued, the identification information in the database stored in the database unit for the communication terminal device to which the issued event ID is sent is updated.

On the other hand, when the communication terminal device requests the server device to execute an event, the communication terminal device transmits an event execution request to the server device. This execution request includes identification information obtained by encrypting the latest event ID received by the communication terminal device from the server device with the same common key as that of the server device, and identification information of its own communication terminal device. Contains information about the content of the event to be performed.

Therefore, the server device that receives the event execution request from the communication terminal device collates the identification information in the execution request with the identification information defined in the database for the communication terminal device of the terminal information in the same execution request. As a result of collation, if both pieces of identification information match, the server device determines that the received event execution request is genuine, and if they do not match, determines that the received event execution request is not genuine.

Therefore, when receiving an event execution request from the communication terminal device, the server device executes the event requested from the communication terminal device after confirming that the received execution request is genuine. Therefore, when the server device receives an execution request for an unauthorized event, the server device executes the requested unauthorized event, and the information security of the server device is prevented from being compromised by the execution of the unauthorized event. can be prevented.

Further, in the server device according to the third aspect of the present disclosure, in the server device according to the second aspect of the present disclosure, the event corresponding to the content information in the execution request determined to be authentic by the determination unit is The ID issuing unit issues the event ID assuming that the execution of the event by the event executing unit satisfies the trigger condition, and the ID transmitting unit is executed by the event executing unit. The issued event ID is transmitted to the communication terminal device of the request source of the event.

According to the server device according to the third aspect of the present disclosure, in the server device according to the second aspect of the present disclosure, every time an event requested by the communication terminal device is executed, a new event ID is issued and executed. is sent to the communication terminal device that requested the event.

Therefore, when a new event execution request is generated in the communication terminal device that requested the event to be executed, the event execution request including the identification information obtained by encrypting the newly issued event ID is transmitted from the communication terminal device. be.

Therefore, an event execution request sent by a third party for fraudulent purposes after the execution of the event is completed is checked against the identification information of the database updated by the new issuance of the event ID, so that it is definitely judged to be not genuine. can do.

Further, the server device according to the fourth aspect of the present disclosure is the server device according to the first aspect of the present disclosure,
The ID issuing unit issues the event ID corresponding to the event execution response received as the signal from the communication terminal device that executed the event in response to the event execution request,
The ID transmission unit transmits the issued event ID to the communication terminal device serving as a response source of the execution response corresponding to the issued event ID,
the event information in the execution response received by the signal receiving unit includes result information of the event executed by the communication terminal device that received the event ID in response to the execution request;
The determination unit converts the identification information in the execution response received by the signal reception unit to the identification information in the database stored in the database unit for the communication terminal device corresponding to the terminal information in the execution response. Authenticity of the execution response is determined by matching with the identification information.

According to the server device according to the fourth aspect of the present disclosure, in the server device according to the first aspect of the present disclosure, the event ID associated with the event execution response received from the communication terminal device is set each time the trigger condition is satisfied. publish. The issued event ID is transmitted to the communication terminal device that is the response source of the event execution response.

The database unit stores a database of identification information of events executed by the communication terminal device in response to an execution request from the server device for each communication terminal device. Then, each time an event ID is issued, the identification information in the database stored in the database unit for the communication terminal device to which the issued event ID is sent is updated.

On the other hand, when the communication terminal device executes the event in response to the event execution request from the server device, the communication terminal device transmits an event execution response to the server device. This execution response includes identification information obtained by encrypting the latest event ID received by the communication terminal device from the server device with the same common key as the server device, identification information of its own communication terminal device, and the event executed by the communication terminal device. contains the result information for

Therefore, the server device that receives the execution response of the event from the communication terminal device collates the identification information in the execution response with the identification information defined in the database for the terminal information in the same execution response. As a result of collation, if both pieces of identification information match, the server device determines that the received event execution response is authentic, and if they do not match, determines that the received event execution response is not authentic.

Therefore, when receiving an event execution response from the communication terminal device, the server device confirms that the received execution response is genuine, and then takes in result information of the event executed by the communication terminal device. Therefore, when the server device receives the execution response of the unauthorized event, it is possible to prevent the information security of the server device from being compromised by taking in the received result information of the unauthorized event.

Further, the server device according to the fifth aspect of the present disclosure is the server device according to the second, third or fourth aspect of the present disclosure, wherein the event ID including the terminal information issuance request from the communication terminal device wherein the ID issuing unit issues the event ID by regarding the reception of the issuing request by the issuing request receiving unit as the fulfillment of the trigger condition, and the ID transmitting unit receives the event The issued event ID is transmitted to an ID issue request source, and the update unit updates the identification in the database stored in the database unit for the communication terminal device corresponding to the terminal information in the issue request. Update information.

According to the server device according to the fifth aspect of the present disclosure, in the server device according to the second, third or fourth aspect of the present disclosure, when an event ID issuance request is received from the communication terminal device, a new event An ID will be issued. The issued event ID is transmitted to the communication terminal device that requested the issue of the event ID.

For this reason, when a communication terminal device first transmits a signal regarding an event in which the communication terminal device is involved, an event ID is issued and transmitted even to a communication terminal device that has not transmitted a signal to the server device in the past. can do.

Also, when an event ID is issued in response to an event ID issuance request received from a communication terminal device, it is possible to determine which communication terminal device the identification information obtained by encrypting the issued event ID corresponds to. , can be easily identified by the terminal information included in the issuance request.

Further, in order to achieve the above object, a communication terminal device according to a sixth aspect of the present disclosure includes:
an ID receiving unit that receives an event ID from a server device to which a signal regarding execution of the event is sent;
Signal transmission for transmitting the signal including identification information obtained by encrypting the latest event ID received by the ID receiving unit with a common key, own terminal information, and event information regarding execution of the event to the server device Department and
Prepare.

According to the communication terminal device according to the sixth aspect of the present disclosure, when an event ID is received from a server device that has transmitted a signal about an event in which the communication terminal device is involved, identification information obtained by encrypting this event ID with a common key is generated. Then, when an event involving the communication terminal device occurs, the generated identification information, the terminal information for identifying the own communication terminal device, and the event information concerning the execution of the event involving the communication terminal device. A signal including is sent to the server device.

Therefore, the server device that receives the signal from the communication terminal device can determine the authenticity of the received signal. This determination is to confirm whether or not the identification information in the signal transmitted from the communication terminal device to the server device matches the identification information obtained by encrypting the event ID transmitted from the server device to the communication terminal device with a common key. can be executed by the server device.

Specifically, for example, the server device encrypts the event ID transmitted to the communication terminal device with a common key to generate identification information. Then, it is checked whether or not the generated identification information matches the identification information in the signal received by the server device from the communication terminal device to which the event ID is transmitted. If both pieces of identification information match, it is determined that the received signal is authentic, and if they do not match, it is determined that the received signal is not authentic.

Therefore, even if a third party snoops on the communication content of the communication terminal device and duplicates it and sends it to the server device illegally in encrypted communication using a common key between the communication terminal device and the server device, It is possible to ensure the security of information in public communication.

Furthermore, the communication terminal device according to the seventh aspect of the present disclosure is the communication terminal device according to the sixth aspect of the present disclosure,
The ID receiving unit receives the event ID addressed to itself from the server device to which the event execution request, which is the signal, is requested,
The event information in the execution request transmitted by the signal transmission unit includes content information of the event for which execution is requested to the server device.

According to the communication terminal device according to the seventh aspect of the present disclosure, in the communication terminal device according to the sixth aspect of the present disclosure, the ID receiving unit receives an event ID addressed to itself from the server device of the other party requesting execution of the event. receive. When requesting the server device to execute the event, the signal transmission unit transmits the event execution request to the server device.

The event execution request sent by the signal transmission unit includes identification information obtained by encrypting the event ID issued by the server device with the same common key as that of the server device, and identification information of its own communication terminal device. Contains information about the content of the event to be performed.

Therefore, when the server device receives an event execution request from the communication terminal device, the server device can determine the authenticity of the received event execution request. This determination is made by confirming whether or not the identification information of the communication terminal device in the event execution request received by the server device matches the identification information obtained by encrypting the event ID generated by the server device with a common key. , can be performed by the server device.

Therefore, even if a third party snoops on the communication content of the communication terminal device and duplicates it and sends it to the server device illegally in encrypted communication using a common key between the communication terminal device and the server device, It is possible to ensure the security of information in public communication.

Further, the communication terminal device according to the eighth aspect of the present disclosure is the communication terminal device according to the sixth aspect of the present disclosure,
The ID receiving unit receives the event ID addressed to itself from the server device that requested the execution of the event,
When the event is executed in response to the event execution request received from the server device, the event information in the event execution response transmitted as the signal by the signal transmission unit is the event executed in response to the execution request. Contains result information.

According to the communication terminal device according to the eighth aspect of the present disclosure, in the communication terminal device according to the sixth aspect of the present disclosure, the ID receiving unit receives an event ID addressed to itself from the server device that is the source of the event execution request. receive. Then, when the event requested by the server device is executed, the signal transmission unit transmits an event execution response to the server device.

The event execution response transmitted by the signal transmission unit includes identification information obtained by encrypting the event ID issued by the server device with the same common key as that of the server device, and identification information of its own communication terminal device. Contains the result information of the executed event.

Therefore, when the server device receives an event execution response from the communication terminal device, the server device can determine the authenticity of the received event execution response. This determination is made by confirming whether or not the identification information of the communication terminal device in the event execution response received by the server device matches the identification information obtained by encrypting the event ID generated by the server device with a common key. , can be performed by the server device.

Therefore, even if a third party snoops on the communication content of the communication terminal device and duplicates it and sends it to the server device illegally in encrypted communication using a common key between the communication terminal device and the server device, It is possible to ensure the security of information in public communication.

Further, the communication terminal device according to the ninth aspect of the present disclosure is the communication terminal device according to the seventh or eighth aspect of the present disclosure, which transmits a request for issuing the event ID including the own terminal information to the server device. The ID receiving unit receives the self-addressed event ID from the server device that has received the issuing request.

According to the communication terminal device according to the ninth aspect of the present disclosure, in the communication terminal device according to the seventh or eighth aspect of the present disclosure, when an event ID issuance request including its own terminal information is transmitted to the server device, the server device An event ID is generated at the device. This event ID is generated as an event ID for the communication terminal device corresponding to its own terminal information included in the issue request. Then, it is transmitted from the server device with the self as the destination.

Therefore, by transmitting an event ID issuance request to the server device, the server device generates an event ID necessary for ensuring the security of information in encrypted communication using a common key, and the server device sends the event ID to itself. can be sent.

Further, in order to achieve the above object, the authentication system according to the tenth aspect of the present disclosure includes:
a server device according to the first aspect of the present disclosure;
a communication terminal device according to the sixth aspect of the present disclosure;
Prepare.

According to the authentication system according to the tenth aspect of the present disclosure, the effect exhibited by the server device according to the first aspect of the present disclosure and the effect exhibited by the communication terminal device according to the sixth aspect of the present disclosure are obtained. be done.

That is, each time a trigger condition is met in the server device that receives a signal about an event in which the communication terminal device is involved from the communication terminal device, a new event ID is issued and transmitted to the communication terminal device that requested the executed event. be done.

Therefore, the communication terminal device that has transmitted the signal regarding the event in which the communication terminal device is involved to the server device receives the new event ID issued by the server device after the trigger condition is established in the server device. When a new event involving the communication terminal device occurs, the communication terminal device that has received the new event ID generates its own identification information by encrypting the new event ID with a common key. Then, a new signal including the generated identification information, terminal information for identifying its own communication terminal device, and event information related to the event in which it participates is transmitted from the communication terminal device to the server device.

Therefore, in the server device, the authenticity of the received event execution request is verified by comparing the identification information in the new signal received from the communication terminal device with the identification information obtained by encrypting the event ID sent to the communication terminal device with a common key. gender can be determined.

Therefore, the server device that receives the signal about the event in which the communication terminal device is involved can determine the authenticity of the received signal to ensure the security of information in the encrypted communication.

Further, the authentication system according to the eleventh aspect of the present disclosure comprises:
a server device according to the second or third aspect of the present disclosure;
a communication terminal device according to the seventh aspect of the present disclosure;
Prepare.

According to the authentication system according to the eleventh aspect of the present disclosure, the effect exhibited by the server device according to the second or third aspect of the present disclosure and the effect exhibited by the communication terminal device according to the seventh aspect of the present disclosure is obtained.

That is, in the server device, each time an event requested by a communication terminal device is executed, a new event ID is issued and transmitted to the communication terminal device that requested the executed event.

Therefore, when a new event execution request is generated in the communication terminal device that requested the executed event, new identification information is generated by encrypting the event ID newly issued by the server device with the common key. Then, a new event execution request including the generated new identification information, terminal information for identifying the own communication terminal device, and content information of the event requested to be executed by the server device is transmitted to the server device. be.

Therefore, in the server device, by comparing the identification information in the event execution request received from the communication terminal device with the identification information obtained by encrypting the event ID transmitted to the communication terminal device with the common key, the received event execution request is processed. can determine the authenticity of

Therefore, in the server device that receives the event execution request from the communication terminal device, the authenticity of the received event execution request can be determined, and the security of the information in the encrypted communication can be ensured.

Also, in order to achieve the above object, the authentication system according to the twelfth aspect of the present disclosure includes:
a server device according to the fourth aspect of the present disclosure;
a communication terminal device according to the eighth aspect of the present disclosure;
Prepare.

According to the authentication system according to the twelfth aspect of the present disclosure, the effect exhibited by the server device according to the fourth aspect of the present disclosure and the effect exhibited by the communication terminal device according to the eighth aspect of the present disclosure are obtained. be done.

That is, every time the trigger condition is met, a new event ID is issued in the server device that receives the event execution response transmitted from the communication terminal device that executed the event in response to the execution request from the server device, and the event is executed. It is sent to the communication terminal device that sent the response.

On the other hand, in the communication terminal device that has transmitted the event execution response to the server device, when the event is newly executed in response to the new execution request from the server device, the event ID newly issued by the server device is shared with the server device. A new identity encrypted with the key is generated. Then, a new event execution response including the generated new identification information, terminal information for identifying its own communication terminal device, and result information of the newly executed event is transmitted to the server device.

Therefore, in the server device, by comparing the identification information in the event execution response received from the communication terminal device with the identification information obtained by encrypting the event ID transmitted to the communication terminal device with the common key, the received event execution response can determine the authenticity of

Therefore, in the server device that has received the event execution response from the communication terminal device, the authenticity of the received event execution response can be determined, thereby ensuring information security in encrypted communication.

Furthermore, to achieve the above object, the authentication system according to the thirteenth aspect of the present disclosure includes:
a server device according to the fifth aspect of the present disclosure;
a communication terminal device according to the ninth aspect of the present disclosure;
Prepare.

According to the authentication system according to the thirteenth aspect of the present disclosure, the effect exhibited by the server device according to the fifth aspect of the present disclosure and the effect exhibited by the communication terminal device according to the ninth aspect of the present disclosure are obtained. be done.

That is, when an event ID issuance request including its own terminal information is transmitted to the server device, the event ID is generated in the server device. This event ID is generated as an event ID for the communication terminal device corresponding to its own terminal information included in the issue request. Then, it is transmitted from the server device with the self as the destination.

Also, in the communication terminal device that receives the self-addressed event ID from the server device, identification information is generated by encrypting this event ID with the same common key as that of the server device. Then, when an event execution request or execution response to be sent to the server device occurs, the generated identification information, terminal information for identifying its own communication terminal device, and event content information or result information are sent to the server device. An execution request or an execution response of the containing event is sent to the server device.

For this reason, in the server device, the identification information in the event execution request or execution response received from the communication terminal device is collated with the identification information obtained by encrypting the event ID sent to the communication terminal device with a common key. The authenticity of an event execution request or execution response can be determined.

Therefore, in a server device that receives an event execution request or an execution response from a communication terminal device, the authenticity of the received event execution request or execution response is determined, thereby ensuring information security in encrypted communication. can do.

Further, in order to achieve the above object, an authentication method according to a fourteenth aspect of the present disclosure includes:
an ID issuing step in which the server device issues an event ID associated with a signal received by the server device from the communication terminal device regarding an event in which the communication terminal device is involved, each time a trigger condition is satisfied;
an ID transmission step of transmitting the issued event ID to the communication terminal device serving as a transmission source of the signal corresponding to the issued event ID each time the event ID is issued by the server device;
Each time the event ID is issued by the server device, the identification information of the event involving the communication terminal device in the database stored in the database unit of the server device is encrypted with the issued event ID using a common key. an updating step for updating to the modified identification information;
The communication terminal device sends the signal including identification information obtained by encrypting the latest event ID received from the server device with the common key, its own terminal information, and event information related to the event to the server device a transmitting signal transmission step;
a determination step in which the server device compares the identification information in the signal received from the communication terminal device with the identification information in the database to determine the authenticity of the signal;
including.

According to the authentication method according to the fourteenth aspect of the present disclosure, in the server device, an event ID associated with a signal related to an event received from the communication terminal device is issued each time a trigger condition is satisfied, is sent to the communication terminal device that

Also, in the server device, the contents of the database stored in the database unit are updated each time an event ID is issued. This database defines identification information of events in which communication terminals are involved. This identification information is generated by encrypting the event ID transmitted to each communication terminal device with a common key. Therefore, when the event ID is issued in the server device, the identification information defined in the database is updated to the identification information generated using the newly issued event ID.

On the other hand, when an event involving the communication terminal device occurs in the communication terminal device that is the source of the signal, the communication terminal device receives identification information obtained by encrypting the event ID received from the server device with the same common key as the server device. is generated. Then, a signal including the generated identification information, terminal information for identifying its own communication terminal device, and event information regarding an event in which it participates is transmitted from the communication terminal device to the server device.

The server device that receives the signal from the communication terminal device determines the authenticity of the received signal. This determination checks whether the identification information in the signal received by the server device matches the identification information defined in the database.

Then, in the server device, if the identification information in the received signal matches the identification information in the database as a result of matching with the database, the received signal is determined to be authentic. Also, if the identification information in the received signal does not match the identification information in the database, it is determined that the received signal is not authentic.

Here, for the identification information generated by the communication terminal device, the latest event ID among the event IDs received by the communication terminal device up to the time when an event involving the communication terminal device occurs is used. Therefore, the identification information included in the signal that the communication terminal device transmits to the server device is updated with new content each time the communication terminal device receives a new event ID from the server device.

Therefore, even if a third party steals a peek at the signal transmitted from the communication terminal device at some point in time and later transmits a duplicated signal for fraudulent purposes, the server device will be able to identify the received event by collating the identification information. Determine that the execution request is not genuine.

Therefore, even if a third party snoops on the communication content of the communication terminal device and duplicates it and sends it to the server device illegally in encrypted communication using a common key between the communication terminal device and the server device, It is possible to ensure the security of information in public communication.

According to this disclosure, in encrypted communication using a common key between communication partners, even if a third party snoops on the communication contents and duplicates the information and sends it to the communication partner illegally, information security can be ensured. can be made possible.

1 is a block diagram illustrating a communication system according to an embodiment of the present disclosure; FIG. 2 is an explanatory diagram of a database stored in a file storage unit of the server device of FIG. 1; FIG. 4 is a flow chart showing a procedure of an authentication method executed in authentication processing for an event execution request transmitted from the terminal device of FIG. 1 to the server device; 2 is a flowchart showing a procedure of processing including authentication processing for an event execution request from a terminal device executed by a CPU of the server device of FIG. 1 according to a program such as a ROM; 2 is a flow chart showing a procedure of processing including authentication enabling processing for an event execution request to a server device executed by a CPU of the terminal device of FIG. 1 according to a program in a storage unit; FIG. 4 is a block diagram showing a communication system according to another embodiment of the present disclosure; FIG. 7 is a flowchart showing a procedure of processing including authentication processing for information signals from a terminal device executed by a CPU of the server device of FIG. 6 according to a program such as a ROM; FIG. 7 is a flow chart showing a procedure of processing including authentication enabling processing for an event execution request to the server device executed by the CPU of the terminal device of FIG. 6 according to the program of the storage unit; FIG.

Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. FIG. 1 is a block diagram showing a communication system according to one embodiment of the present disclosure.

A communication system 1 (authentication system) of the embodiment shown in FIG. One terminal device 200 may be connected to the network 300, or a plurality thereof may be connected. The network 300 can be configured by, for example, a wired or wireless communication line.

Note that FIG. 1 shows a case where one terminal device 200 is connected to the network 300 for ease of explanation.

The server device 100 has a CPU 101 , a ROM 103 , a RAM 105 and a communication section 109 . ROM 103 , RAM 105 , file storage section 107 and communication section 109 are connected to CPU 101 .

The CPU 101 executes a program in the ROM 103 or each program in the ROM 103 and the file storage unit 107 to virtually create an instruction execution unit 111, an ID issuing unit 113, an ID transmitting unit 115, and an encryption unit 117 on the CPU 101. To construct. When executing a program in the ROM 103 or the like, the CPU 101 uses the RAM 105 as a work area.

The command execution unit 111 (determination unit, issue request reception unit, event execution unit) outputs an event ID issue command to the ID issue unit 113 each time the trigger condition is satisfied. Also, the command execution unit 111 determines the authenticity of a signal received by the server device 100 from the terminal device 200 regarding an event in which the terminal device 200 is involved.

The trigger condition can be satisfied, for example, when the server device 100 receives an event ID issuance request from the terminal device 200 . Alternatively, the trigger condition may be satisfied when the server device 100 finishes executing the processing related to the signal received from the terminal device 200 .

Further, when the signal received from the terminal device 200 is a genuine signal, the command execution unit 111 causes the server device 100 to execute the process related to the signal received from the terminal device 200 .

The ID issuing unit 113 issues an event ID corresponding to a signal received by the server device 100 from the terminal device 200 . The event ID may have unique contents for each signal received from the terminal device 200, and does not have to be limited to a specific format.

Note that when a plurality of terminal devices 200 are connected to the network 300 , the ID issuing unit 113 issues a unique event ID for each terminal device 200 . Accordingly, the server device 100 can determine the authenticity of the signal received from each terminal device 200 by distinguishing between each terminal device 200 .

The ID transmission section 115 transmits the event ID issued by the ID issuing section 113 to the terminal device 200 via the communication section 109 .

The encryption unit 117 (update unit) encrypts the event ID issued by the ID issuing unit 113 with a common key to generate identification information. For example, a common key stored in the file storage unit 107, which will be described later, can be used.

The processing performed by the instruction execution unit 111, the ID issuing unit 113, the ID transmitting unit 115, and the encryption unit 117 will be described in detail in the following description.

Note that when a plurality of terminal devices 200 are connected to the network 300, a unique common key may be used for each terminal device 200. FIG. In that case, for example, the identification information used in the terminal device 200 to which the event ID is sent is encrypted with the common key unique to the terminal device 200 in the file storage unit 107. can be generated by transforming

Alternatively, a shared key common to a plurality of terminal devices 200 connected to network 300 may be used. In that case, for example, the event ID transmitted to the terminal device 200 is encrypted with a shared key common to each terminal device 200 in the file storage unit 107, and identification information used in the terminal device 200 to which the event ID is transmitted is encrypted. can be generated.

Further, the encryption unit 117 uses the identification information generated from the event ID issued by the ID issuing unit 113 as the identification information used in the terminal device 200 to which the ID transmitting unit 115 has transmitted the event ID, and stores it in the database of the file storage unit 107. 119.

The file storage unit 107 (database unit) can be configured by, for example, a non-volatile memory (flash memory), a hard disk drive, or a combination thereof.

As described above, the file storage unit 107 can store the same common key as used in the terminal device 200 . When a plurality of terminal devices 200 are connected to network 300 , file storage unit 107 can store a unique common key for each terminal device 200 or a shared key common to each terminal device 200 .

A database 119 stored in the file storage unit 107 is a data file that defines identification information used in the terminal device 200 . When the identification information is stored in the database 119, the identification information in the database 119 is updated to the latest identification information each time the encryption unit 117 generates the identification information.

Incidentally, when a plurality of terminal devices 200 are connected to the network 300, as shown in the explanatory diagram of FIG. Each terminal device 200 may be updated.

When the identification information for a plurality of terminal devices 200 is defined in the database 119, when the server device 100 receives an event ID issuance request from the terminal device 200 and the trigger condition is met, the request source terminal device in the database 119 200 identification information is updated.

Further, for example, when the server device 100 finishes executing the event requested by the terminal device 200 and the trigger condition is established, the identification information of the terminal device 200 that is the source of the request is updated in the database 119 .

The communication unit 109 can be connected to the communication unit 201 of the terminal device 200 via a wired or wireless network 300 . The communication units 109 and 201 of the server device 100 and terminal device 200 are communication interfaces that control communication between the server device 100 and terminal device 200 .

The terminal device 200 has a CPU 203, a storage unit 205, an input unit 207, a display unit 209, and the like, in addition to the communication unit 201 described above.

The CPU 203 virtually constructs an ID reception unit 211 , an issuance request transmission unit 213 , and an execution request transmission unit 215 on the CPU 203 by executing the programs in the storage unit 205 .

The CPU 203 can generate a command having contents according to the input operation of the input unit 207 and output the command to the CPU 101 of the server apparatus 100 via the network 300 . The command generated by the CPU 203 can be, for example, a command requesting execution of an event in the server device 100 or a command requesting issuance of an event ID corresponding to the event execution request.

The ID receiving unit 211 receives, through the communication unit 201, the event ID that the server device 100 has transmitted to itself each time the trigger condition is satisfied.

The issuance request transmission unit 213 transmits an event ID issuance request to the server apparatus 100 via the communication unit 201 each time the request condition is satisfied. The event ID requirement is satisfied, for example, when the power of the terminal device 200 is turned on, or when an event execution request to the server device 100 is input from the input unit 207 for the first time after the power of the terminal device 200 is turned on. can be done.

The execution request transmission unit 215 (signal transmission unit) encrypts the event ID received by the ID reception unit 211 with a common key to generate an identification signal. For example, a common key stored in the storage unit 205, which will be described later, can be used.

The processing performed by the ID reception unit 211, the issuance request transmission unit 213, and the execution request transmission unit 215 will be described in detail in the following description.

The storage unit 205 can be configured by, for example, a nonvolatile memory (flash memory), a hard disk drive, or a combination thereof.

The storage unit 205 can store, for example, terminal information for identifying the terminal device 200 . The terminal information of the terminal device 200 can be attached to, for example, a command generated by the CPU 203 requesting execution of an event in the server device 100 as terminal information indicating the terminal device 200 that is the source of the request.

Also, the storage unit 205 can store, for example, a common key used for encryption. The common key stored in the storage unit 205 is the same as the common key stored in the file storage unit 107 of the server device 100 as the common key used by the terminal device 200 itself. This common key can be used to encrypt the event ID received from the server device 100 and generate identification information. This identification information can be used, for example, to distinguish signals that the terminal device 200 transmits to the server device 100 regarding events in which the terminal device 200 is involved from other signals.

The input unit 207 can be composed of, for example, a keyboard, a mouse, a touch panel provided on the screen of the display unit 209, and the like. Further, the input contents of the input unit 207 can be confirmed on a UI (user interface) screen displayed on the display unit 209, for example. The display unit 209 can be configured by, for example, a liquid crystal display.

Between the server device 100 and the terminal device 200 described above, authentication processing is executed according to the authentication method shown in the flowchart of FIG. . This signal is transmitted by the terminal device 200 to the server device 100 regarding an event in which the terminal device 200 is involved.

The authentication method shown in FIG. 3 includes steps of ID issuance, ID transmission, update, signal transmission, and judgment (steps S1, S3, S5, S7 and S9).

Among these steps, the ID issuing step of step S1 is a step in which the server device 100 issues an event ID associated with a signal received from the terminal device 200 via the network 300 each time the trigger condition described above is satisfied.

Further, the ID transmission step of step S3 is a step in which the server device 100 transmits the issued event ID to the terminal device 200 each time an event ID is issued in the ID issuing step of step S1.

The destination of the event ID can be, for example, the terminal device 200 that is the source of the event ID issuance request received by the server device 100 . Further, for example, the terminal device 200 that requested the execution of the event that has been executed by the server device 100 can be set as the transmission destination of the event ID. The details of the transmission destination of the event ID will be described later.

Further, the update step of step S5 is a step in which the server device 100 updates the identification information used in the terminal device 200 that has transmitted the event ID in the ID transmission step of step S3, in the database 119 of the file storage unit 107. FIG.

In this updating step, the server device 100 encrypts the event ID issued in the ID issuing step of step S1 with a common key to generate new identification information. Then, for the terminal device 200 to which the event ID is sent, the identification information in the database 119 is updated to the newly generated identification information. For encryption of the event ID, for example, a common key stored in the file storage unit 107 can be used. The common key of the file storage unit 107 is the same common key used in the terminal device 200 to which the event ID is sent in the ID sending step of step S3.

The signal transmission step of step S7 is a step in which the terminal device 200 that has received the event ID transmitted by the server device 100 in the ID transmission step of step S3 transmits to the server device 100 a signal related to the event in which the terminal device 200 participates. .

Here, the signal that the terminal device 200 transmits to the server device 100 may include, for example, terminal information of the terminal device 200 that is the transmission source, identification information of the signal, and event information regarding an event in which the terminal device 200 is involved. can.

The identification information of the event in which the terminal device 200 is involved is obtained by encrypting the received event ID with a common key by the terminal device 200 that has received the event ID transmitted by the server device 100 in the ID transmission step of step S3, for example. can be generated. For encryption of the event ID, for example, a common key stored in the storage unit 205 can be used. The common key of the storage unit 205 is the same common key used by the server apparatus 100 to encrypt the event ID in the update step of step S5.

Furthermore, the determination step of step S9 is a step of determining the authenticity of the signal transmitted by the terminal device 200 in the signal transmission step of step S7. The details of the procedure for determining the authenticity of the signal transmitted by the terminal device 200 will be described later.

The steps described above are not necessarily performed in the order shown in the flowchart of FIG. All or part of each step can also be performed in a sequence different from the order shown in FIG.

Next, in order to authenticate an event execution request received by the server device 100 from the terminal device 200 by the method shown in FIG. explain.

FIG. 4 is a flowchart showing an example of a procedure of processing including authentication processing for an event execution request received from the terminal device 200, which is performed by the CPU 101 of the server device 100 according to a program in the ROM 103 or the like. The CPU 101 of the server device 100 periodically and repeatedly executes the processing of the procedure shown in FIG.

First, as shown in FIG. 4, the CPU 101 of the server device 100 checks whether or not an event ID issuance request has been received from the terminal device 200 connected to the communication unit 109 (step S11). If the event ID issuance request has not been received (NO in step S11), the process proceeds to step S21, which will be described later.

When an event ID issue request is received (YES in step S11), the CPU 101 assumes that the trigger condition is met and issues an event ID (step S13).

Then, the CPU 101 transmits the issued event ID to the terminal device 200 that issued the event ID issue request via the communication unit 109 (step S15). Furthermore, the CPU 101 encrypts the event ID issued in step S13 with the common key of the event ID issue requester stored in the file storage unit 107 to generate identification information (step S17).

Further, the CPU 101 updates the identification information used in the terminal device 200 that issued the event ID issue request in the database 119 of the file storage unit 107 to the new identification information generated in step S17 (step S19).

Here, the event ID issuance request includes terminal information for identifying the terminal device 200 that issued the event ID issuance request. Therefore, among the identification information in the database 119 of the file storage unit 107, the identification information to be updated to the new identification information generated in step S17 is the terminal information of the terminal device 200 during the event ID issuance request received in step S11. can be identified by

In some cases, the database 119 of the file storage unit 107 does not store the identification information used in the terminal device 200 that requested the issuance of the event ID. In this case, the terminal information of the terminal device 200 requesting the issuance of the event ID received in step S11 is associated with the identification information generated in step S17 using the event ID issued in step S13. Then, the associated terminal information and identification information are added and stored in the database 119 of the file storage unit 107 to update the identification information used in the terminal device 200 that requested the issuance of the event ID.

Step S15 and steps S17 and S19 described above may be executed in reverse order, or may be executed in parallel. After executing the processing up to step S19, the series of processing ends.

On the other hand, in step S21, when the event ID issuance request has not been received (NO) in step S11, the CPU 101 receives an event execution request (corresponding to a signal) from the terminal device 200 connected to the communication unit 109. ) has been received. If an event execution request has not been received (NO in step S21), the series of processing ends.

When an event execution request is received (YES in step S21), the CPU 101 determines whether the received event execution request is authentic (step S23).

Here, the received event execution request includes the terminal information of the terminal device 200 that requested the event execution, the identification information of the event execution request (corresponding to the identification information of the signal), and the content of the event requested to be executed. The content information (equivalent to event information) to be displayed is included. The identification information included in the event execution request is generated by encrypting the received event ID with a common key by the terminal device 200 that has received the event ID transmitted in step S15 and has requested the issuance of the event ID.

Therefore, the authenticity of the event execution request received in step S21 is determined by, for example, the identification information in the received execution request and the identification information defined in the database 119 of the file storage unit 107 for the terminal device 200 that requested the execution. can be determined by matching. The identification information defined in the database 119 for the terminal device 200 that requested the execution can be identified by the terminal information in the event execution request received in step S21.

Then, for example, if the identification information in the received event execution request matches the identification information in the database 119, the CPU 101 determines that the received event execution request is authentic. For example, if the identification information in the received event execution request does not match the identification information in the database 119, the CPU 101 determines that the received event execution request is not authentic.

As a result of the determination, if the received event execution request is not authentic (NO in step S23), the CPU 101 discards the received event execution request (step S25). Then, the CPU 101 notifies the terminal device 200 that has issued the event execution request that the event execution request has been discarded (step S27), and terminates the series of processes.

If the received event execution request is genuine (YES in step S23), CPU 101 causes server device 100 to execute the event corresponding to the content information in the received event execution request (step S29).

Then, the CPU 101 confirms whether or not the event executed by the server device 100 has ended (step S31). If the event has not ended (NO in step S31), step S31 is repeated. When the event has ended (YES in step S31), the CPU 101 assumes that the trigger condition is met and issues an event ID (step S33).

Then, the CPU 101 transmits the issued event ID to the terminal device 200 that requested the execution of the event via the communication unit 109 (step S35). Furthermore, the CPU 101 encrypts the event ID issued in step S33 with the common key of the event execution request source to generate identification information (step S37).

Further, CPU 101 updates the identification information about the event execution request source in database 119 of file storage unit 107 to the new identification information generated in step S37 (step S39).

The terminal device 200 that is the transmission source of the signal can be specified by the terminal information that is requesting the execution of the event received in step S21.

Step S35, step S37, and step S39 described above may be executed in reverse order, or may be executed in parallel at the same time. After executing the processing up to step S39, the series of processing ends.

As is clear from the above description, in this embodiment, step S11 in the flowchart of FIG. 4 corresponds to the processing performed by the instruction execution unit 111 of FIG. 1 corresponding to the issue request receiving unit. Further, in this embodiment, step S23 in FIG. 4 corresponds to the processing performed by the instruction execution unit 111 in FIG. .

Furthermore, in this embodiment, step S29 in FIG. 4 corresponds to the processing performed by the instruction execution unit 111 in FIG. 1, which corresponds to the event execution unit. Further, in this embodiment, steps S13 and S33 in FIG. 4 correspond to the processing performed by the ID issuing unit 113 in FIG. 1 and the processing of the ID issuing step in step S1 in FIG.

Furthermore, in this embodiment, steps S15 and S35 in FIG. 4 correspond to the process performed by the ID transmission unit 115 in FIG. 1 and the process of the ID transmission step of step S3 in the flowchart in FIG. In this embodiment, steps S17, S19, S37, and S39 in FIG. 4 correspond to the processing performed by the encryption unit 117 in FIG. 1 and the update step processing in step S5 in FIG. are doing. Further, in the present embodiment, step S21 in FIG. 4 performed by the CPU 101 corresponds to the signal receiving unit that receives the signal regarding the event from the communication terminal device.

Next, an example of the procedure of processing performed by the CPU 203 of the terminal device 200 according to the program in the storage unit 205 in order to authenticate the event execution request received by the server device 100 from the terminal device 200 by the method shown in FIG. explain.

FIG. 5 is a flowchart showing an example of a procedure of processing including authentication enabling processing for an event execution request transmitted to the server device 100, which is performed by the CPU 203 of the terminal device 200 according to the program in the storage unit 205. FIG. The CPU 203 of the terminal device 200 periodically and repeatedly executes the processing of the procedure shown in FIG.

First, as shown in FIG. 5, the CPU 203 of the terminal device 200 checks whether an event ID has been received from the server device 100 connected to the communication section 201 (step S41). When the event ID is received (YES in step S41), the CPU 203 causes the storage unit 205 to store the received event ID (step S43), and then ends the series of processes. If the event ID has already been stored in the storage unit 205, the storage unit 205 is overwritten with the new event ID received in step S41.

If the event ID has not been received (NO in step S41), the CPU 203 confirms whether or not a condition for requesting the server device 100 to issue an event ID has been met (step S45).

The condition for requesting the server device 100 to issue an event ID may be satisfied, for example, when the power supply of the terminal device 200 is turned on. may hold when (before the input).

If the issuance of an event ID is requested when the terminal device 200 is powered on, the event ID issued by the server device 100 can be obtained before the terminal device 200 transmits the event execution request to the server device 100.例文帳に追加.

Therefore, the terminal device 200 can generate identification information obtained by encrypting the event ID with the same common key as the server device 100 in advance before transmitting the event execution request. Therefore, it is possible to advance the timing at which the terminal device 200 outputs to the server device 100 an event execution request including identification information together with terminal information and content information.

On the other hand, if an event ID issuance is requested when an event execution request to the server device 100 is first input from the input unit 207, the event ID issuance by the server device 100 and the event execution request by the terminal device 200 are transmitted. The time difference becomes shorter. Therefore, for example, the server device 100 breaks down after issuing the event ID, and the event ID in the file storage unit 107 that is the same as the event ID in the storage unit 205 of the terminal device 200 is deleted. be able to.

Then, when the condition for requesting the issuance of the event ID is satisfied (YES in step S45), the CPU 203 transmits the event ID issuance request to the server device 100 via the communication unit 201 (step S47). Then, the series of processing ends.

The event ID issuance request transmitted by the CPU 203 to the server device 100 includes terminal information for identifying the terminal device 200 stored in the storage unit 205 .

On the other hand, if the condition for requesting the issuance of the event ID is not met (NO in step S45), the CPU 203 determines whether there is an input from the input unit 207 requesting the server apparatus 100 to execute the event. (step S49). If there is no input requesting the execution of the event (NO in step S49), the series of processing ends.

Also, when there is an input requesting the execution of an event (YES in step S49), the CPU 203 transmits an event execution request to the server device 100 via the communication unit 201 (step S51). Then, the series of processing ends.

Note that the event execution request sent by the CPU 203 to the server device 100 includes the terminal information of the terminal device 200 stored in the storage unit 205, the identification information of the event execution request, and the event requesting the server device 100 to execute. and content information indicating the content of the

The identification information of the event execution request can be generated by encrypting the event ID stored in the storage unit 205 with the common key stored in the storage unit 205 .

The content of the event requested to be executed by the server device 100 can be specified from the content information in the event execution request from the input unit 207, the input of which is confirmed in step S45.

As is clear from the above description, in the present embodiment, step S41 in the flowchart of FIG. 5 corresponds to the processing performed by the ID receiving section 211 of FIG. Further, in this embodiment, step S47 in FIG. 5 corresponds to the processing performed by the issuance request transmission unit 213 in FIG. Furthermore, in this embodiment, step S51 in FIG. 5 corresponds to the processing performed by the execution request transmission unit 215 in FIG. 1 and the processing of the signal transmission step in step S7 in FIG.

According to the communication system 1 of the present embodiment described above, when the server device 100 receives an event ID issuance request from the terminal device 200 including the terminal information of the terminal device 200, the event ID is issued and the terminal information is transmitted to the terminal device 200 corresponding to the issuance request source. Further, the identification information used in the terminal device 200 that requested the issuance of the event ID in the database 119 of the file storage unit 107 of the server device 100 encrypts the issued event ID with the common key of the terminal device 200 that is the source of the issuance request. updated with the new identification information.

On the other hand, in the terminal device 200 that has received the event ID from the server device 100 and has requested the issuance of the event ID, the event ID in the storage unit 205 is updated to the received new event ID.

Further, when an event execution request to the server device 100 is input from the input unit 207 of the terminal device 200, the event ID stored in the storage unit 205 is encrypted with the common key stored in the storage unit 205. An identification of the event execution request is generated. It includes identification information of the generated event execution request, content information of the event requested to the server device 100 input from the input unit 207, and terminal information of the terminal device 200 stored in the storage unit 205. An event execution request is transmitted to the server device 100 .

The server device 100 that has received the event execution request from the terminal device 200 determines the authenticity of the received event execution request. In this determination, it is confirmed whether or not the identification information in the execution request received by the server apparatus 100 matches the identification information defined in the database 119 of the file storage unit 107 for the terminal apparatus 200 that requested the execution of the event. be.

If the identification information in the event execution request received by the server device 100 does not match the identification information in the database 119, it is determined that the received event execution request is not authentic. Then, the execution request for the event determined to be non-authentic is discarded. Therefore, the server device 100 will not execute an event execution request that is not authentic.

On the other hand, if the identification information in the event execution request received by the server device 100 matches the identification information in the database 119, it is determined that the received event execution request is genuine. Then, the server device 100 executes the event indicated by the content information of the event of the execution request determined to be authentic.

When the event requested by the terminal device 200 has been executed by the server device 100, the event ID is issued by the server device 100, and an execution request corresponding to the terminal information in the event execution request received by the server device 100 is issued. It is transmitted to the original terminal device 200 . In addition, new identification information is generated in the server device 100 by encrypting the issued event ID with the common key of the terminal device 200 that requested the execution. Then, in the database 119 of the file storage unit 107 of the server device 100, the identification information used in the terminal device 200 that requested the execution of the event is updated to the generated new identification information.

On the other hand, in the terminal device 200 that has received the event ID from the server device 100 and has requested the execution of the event, the event ID in the storage unit 205 is updated to the received new event ID.

Therefore, every time an event requested by the terminal device 200 is executed by the server device 100, the event ID used to determine the authenticity of the event execution request is updated.

Therefore, even if a third party snoops on the communication contents of the terminal device 200 and duplicates the information and sends it to the server device 100 illegally in the encrypted communication using the common key between the terminal device 200 and the server device 100 . , it is possible to ensure the security of information in encrypted communication.

A configuration in which the terminal device 200 transmits an event ID issuance request to the server device 100, the server device 100 that receives the event ID issues an event ID, and transmits the event ID to the terminal device 200 that issued the issuance request is omitted. good too.

Alternatively, when the event requested by the terminal device 200 is executed by the server device 100, the server device 100 issues an event ID and transmits the event ID to the terminal device 200 that requested the execution of the event. good.

Further, when a plurality of terminal devices 200 are connected to the network 300, the ID issuing unit 113 may issue a common event ID to each terminal device 200 at the same time.

For example, when the server device 100 requests and collects information that each terminal device 200 has, each terminal device 200 sends a signal to provide the server device 100 with a common identification information generated from the event ID can be used.

Also in another embodiment of the present disclosure related to this case, as shown in the block diagram of FIG. is configured as One terminal device 200 may be connected to the network 300, or a plurality thereof may be connected. The network 300 can be configured by, for example, a wired or wireless communication line.

Note that FIG. 6 also shows a case where one terminal device 200 is connected to the network 300 for ease of explanation, as in the previous embodiment.

In the communication system 1 of this embodiment, the issuance request transmission unit 213 virtually constructed on the CPU 203 of the terminal device 200 in the previous embodiment is omitted, and the execution request transmission unit 215 is replaced by the information signal transmission unit 217. has been replaced by Other parts of the terminal device 200 are configured in the same manner as the terminal device 200 of the previous embodiment, except for the program of the storage unit 205 executed by the CPU 203 . The server device 100 is also configured similarly to the server device 100 of the previous embodiment, except for the program of the file storage unit 107 executed by the CPU 101 .

Next, an example of the procedure of processing performed by the CPU 101 of the server device 100 according to the program stored in the ROM 103 or the like in order to authenticate the information signal received by the server device 100 from the terminal device 200 by the method shown in FIG. 3 will be described. .

FIG. 7 is a flowchart showing an example of a procedure of processing including authentication processing for an information signal received from the terminal device 200, which is performed by the CPU 101 of the server device 100 according to a program such as the ROM 103, according to another embodiment of the present disclosure. be. The CPU 101 of the server device 100 periodically and repeatedly executes the processing of the procedure shown in FIG.

First, as shown in FIG. 7, the CPU 101 of the server device 100 confirms whether or not a condition for requesting each terminal device 200 to collect information is established (step S61). If the condition is not satisfied (NO in step S61), the process proceeds to step S71, which will be described later.

If the condition is met (YES in step S61), CPU 101 issues an event ID (step S63).

Then, the CPU 101 broadcasts an information collection request (corresponding to an event execution request) including the issued event ID to each terminal device 200 on the network 300 via the communication unit 109 (step S65). Furthermore, the CPU 101 encrypts the event ID issued in step S63 with the common key corresponding to each terminal device 200 stored in the file storage unit 107 to generate identification information (step S67).

At this time, if the common key is different for each terminal device 200, the identification information used by each terminal device 200 is generated by encrypting the common event ID with the common key for each terminal device 200, respectively. Moreover, when the common key of each terminal device 200 is the same, common identification information used by each terminal device 200 is generated by encrypting the common event ID with the same common key.

Then, CPU 101 updates the identification information used in each terminal device 200 in database 119 of file storage unit 107 to the new identification information generated in step S67 (step S69).

It should be noted that the identification information used in each terminal device 200 may not be stored in the database 119 of the file storage unit 107 . In this case, the terminal information of each terminal device 200 is associated with the identification information generated in step S17 using the event ID issued in step S63. Then, the terminal information and the identification information of the associated terminal device 200 are added and stored in the database 119 of the file storage unit 107, and the identification information used in each terminal device 200 is updated.

Step S65 and steps S67 and S69 described above may be executed in reverse order, or may be executed in parallel. After executing the processing up to step S69, the CPU 101 checks whether or not an information signal (corresponding to a signal, event execution response) has been received from each terminal device 200 in response to the collection information transmission request (step S71). .

If the information signal from each terminal device 200 (even part of it) has not been received (NO in step S71), step S71 is repeated. When (all) information signals have been received from each terminal device 200 (YES in step S71), the CPU 101 determines whether or not the received information signals are authentic (step S73).

Here, the received information signal includes the terminal information of the terminal device 200 that is the transmission source of the information signal, the identification information of the information signal (corresponding to the identification information of the signal), and the content of the information collected by the terminal device 200 that is the transmission source. It contains content information (equivalent to event result information) indicating (data). The identification information included in the information signal is generated by the terminal device 200, which is the transmission source of the information signal that received the event ID transmitted in step S65, by encrypting the received event ID with a common key.

Therefore, the authenticity of the information signal received in step S71 is determined by, for example, the identification information in the received information signal and the identification information defined in the database 119 of the file storage unit 107 for the terminal device 200 that is the transmission source of the information signal. can be determined by matching. The identification information defined in the database 119 for the terminal device 200 that transmitted the information signal can be identified by the terminal information in the information signal received in step S71.

Then, for example, if the identification information in the received information signal matches the identification information in the database 119, the CPU 101 determines that the received information signal is authentic. For example, if the identification information in the received information signal does not match the identification information in the database 119, the CPU 101 determines that the received information signal is not authentic.

As a result of determination, if the received information signal is not authentic (NO in step S73), the CPU 101 discards the received information signal (step S75). Then, the CPU 101 notifies the terminal device 200, which is the transmission source of the information signal, that the information signal has been discarded (step S77), and terminates the series of processes.

If the received information signal is authentic (YES in step S73), CPU 101 acquires the content information data in the received information signal (step S79). For example, the acquired data can be stored in the file storage unit 107 together with a time stamp and used for analysis or the like.

If the received information signal is not authentic, only the incorrect information signal may be discarded in step S75, and only the sender of the incorrect information signal may be notified of the discard in step S77. Alternatively, if the received information signal is not authentic, all information signals including the authentic information signal may be discarded in step S75, and the discarded information signal may be notified to the sender of all information signals in step S77. .

As is clear from the above description, in this embodiment, step S63 in the flowchart of FIG. Yes. Also, in this embodiment, step S55 in FIG. 7 corresponds to the processing performed by the ID transmission unit 115 in FIG. 6 and the processing of the ID transmission step in step S3 in the flowchart in FIG.

Furthermore, in this embodiment, steps S67 and S69 in FIG. 7 correspond to the processing performed by the encryption unit 117 in FIG. 6 and the update step processing in step S5 in FIG. Also, in this embodiment, step S73 in FIG. 7 corresponds to the processing performed by the instruction execution unit 111 in FIG. .

Next, an example of a processing procedure performed by the CPU 203 of the terminal device 200 according to the program of the storage unit 205 in order to authenticate the information signal received by the server device 100 from the terminal device 200 by the method shown in FIG. 3 will be described. do.

FIG. 8 shows an example of a processing procedure including authentication enable processing for an information signal to be transmitted to the server device 100, which is performed by the CPU 203 of the terminal device 200 according to the program in the storage unit 205 according to another embodiment of the present disclosure. It is a flow chart showing. The CPU 203 of the terminal device 200 periodically and repeatedly executes the processing of the procedure shown in FIG.

First, as shown in FIG. 8, the CPU 203 of the terminal device 200 checks whether or not an information collection request has been received from the server device 100 connected to the communication unit 201 (step S81). If the collection request has not been received (NO in step S81), the series of processing ends.

If a collection request has been received (YES in step S81), the CPU 203 stores the received event ID in the collection request in the storage unit 205 (step S83). If the event ID has already been stored in the storage unit 205, the storage unit 205 is overwritten with the new event ID received in step S81.

Then, CPU 203 transmits an information signal to server device 100 via communication unit 201 (step S85). Then, the series of processing ends.

The information signal transmitted by the CPU 203 to the server device 100 includes the terminal information of the terminal device 200 stored in the storage unit 205, the identification information of the information signal, and the content (data) of the information collected in the terminal device 200. and content information to indicate.

The identification information of the information signal can be generated by encrypting the event ID stored in the storage unit 205 with the common key stored in the storage unit 205 .

Information transmitted from the terminal device 200 to the server device 100 by an information signal is collected by information collection processing performed by the CPU 203 according to a program (not shown) in the storage unit 205 .

As is clear from the above description, in this embodiment, step S81 in the flowchart of FIG. 8 corresponds to the processing performed by the ID receiving section 211 of FIG. Also, in this embodiment, step S85 in FIG. 8 corresponds to the processing performed by the execution request transmission unit 215 in FIG. 6 and the processing of the signal transmission step in step S7 in FIG.

According to the communication system 1 of the present embodiment described above, an event ID is issued in the server device 100 each time the condition for requesting each terminal device 200 to collect information is satisfied. Then, an information collection request including the issued event ID is broadcast from the server device 100 to each terminal device 200 . Further, the identification information used in the terminal device 200 that requested the issuance of the event ID in the database 119 of the file storage unit 107 of the server device 100 encrypts the issued event ID with the common key of the terminal device 200 that is the source of the issuance request. updated with the new identification information.

In each terminal device 200 that has received the information collection request from the server device 100, the event ID in the storage unit 205 is updated to the event ID in the received information collection request. Further, identification information of the information signal is generated by encrypting the updated event ID with the common key stored in the storage unit 205 . Then, an information signal containing identification information of the generated information signal, content information indicating the content (data) of information collected in the terminal device 200, and terminal information of the terminal device 200 stored in the storage unit 205, It is transmitted to the server device 100 .

The server device 100 that has received the information signal from each terminal device 200 determines the authenticity of the received information signal for each information signal from each terminal device 200 . In this determination, it is confirmed whether or not the identification information in the information signal received by the server apparatus 100 matches the identification information defined in the database 119 of the file storage unit 107 for the terminal apparatus 200 which is the transmission source of the information signal. be.

If the identification information in the information signal received by server device 100 matches the identification information in database 119, the received information signal is determined to be authentic. Then, the server device 100 acquires the data indicated by the content information of the information signal determined to be authentic.

On the other hand, if the identification information in the information signal received by server device 100 does not match the identification information in database 119, it is determined that the received information signal is not authentic. Information signals determined to be non-authentic are then discarded. At this time, authentic information signals from other terminal devices 200 may be discarded together with non-authentic information signals, or may not be discarded. When only the non-authentic information signal is discarded, the server apparatus 100 acquires the content information data of the authentic information signal. In any case, the data of the information signal that is not authentic is never acquired by the server device 100 .

Thereafter, every time the condition for requesting each terminal device 200 to collect information is met, the series of processes described above is repeatedly executed.

Therefore, even if a third party snoops on the communication contents of the terminal device 200 and duplicates the information and sends it to the server device 100 illegally in the encrypted communication using the common key between the terminal device 200 and the server device 100 . , it is possible to ensure the security of information in encrypted communication.

The server device, the communication terminal device, and the method for authenticating the authenticity of an event execution request from the communication terminal device to the server device according to the present disclosure described in each of the above embodiments include: It is widely applicable in systems that perform communication in

1 Communication system (authentication system)
100 Server Device 101 CPU (Issue Request Receiving Unit)
103 ROMs
105 RAMs
107 file storage unit (database unit)
109, 201 communication unit 111 instruction execution unit (judgment unit, event execution unit)
113 ID issuing unit 115 ID transmitting unit 117 encryption unit (update unit)
119 database 200 terminal device (communication terminal device)
203 CPUs
205 storage unit 207 input unit 209 display unit 211 ID reception unit 213 issuance request transmission unit 215 execution request transmission unit 217 information signal transmission unit 300 network

Claims (14)

a database unit that stores a database of identification information of events in which the communication terminal device is involved;
an ID issuing unit that issues an event ID associated with the event-related signal received from the communication terminal device each time a trigger condition is satisfied;
an ID transmission unit configured to transmit the issued event ID to the communication terminal device serving as a transmission source of the signal associated with the issued event ID each time the ID issuing unit issues the event ID;
an updating unit that updates the identification information in the database to identification information obtained by encrypting the issued event ID with a common key each time the ID issuing unit issues the event ID;
Terminal information of the communication terminal device from the communication terminal device that received the event ID, the identification information obtained by encrypting the latest event ID received by the communication terminal device with the common key, and a signal receiver that receives the signal containing event information;
a determining unit that compares the identification information in the signal received by the signal receiving unit with the identification information in the database to determine the authenticity of the signal;
A server device comprising The ID issuing unit issues the event ID for each communication terminal device corresponding to the event execution request received as the signal from each communication terminal device,
The ID transmission unit transmits the issued event ID to the communication terminal device as a request source of the execution request corresponding to the issued event ID,
The event information in the execution request received by the signal receiving unit includes content information of the event whose execution is requested by the communication terminal device that received the event ID by the execution request,
The determination unit converts the identification information in the execution request received by the signal reception unit to the identification information in the database stored in the database unit for the communication terminal device corresponding to the terminal information in the execution request. determining the authenticity of the execution request against the identification information;
The server device according to claim 1. Further comprising an event execution unit that executes the event corresponding to the content information in the execution request determined to be authentic by the determination unit, wherein the ID issuing unit causes the event execution unit to execute the event. 3. The event ID as claimed in claim 2, wherein the event ID is issued as the trigger condition is met, and the ID transmission unit transmits the issued event ID to the communication terminal device that is the source of the request for the event executed by the event execution unit. server equipment. The ID issuing unit issues the event ID corresponding to the event execution response received as the signal from the communication terminal device that executed the event in response to the event execution request,
The ID transmission unit transmits the issued event ID to the communication terminal device serving as a response source of the execution response corresponding to the issued event ID,
the event information in the execution response received by the signal receiving unit includes result information of the event executed by the communication terminal device that received the event ID in response to the execution request;
The determination unit converts the identification information in the execution response received by the signal reception unit to the identification information in the database stored in the database unit for the communication terminal device corresponding to the terminal information in the execution response. determining the authenticity of the execution response by matching it to the identification information;
The server device according to claim 1. It further comprises an issuance request receiving unit for receiving an issuance request for the event ID including the terminal information from the communication terminal device, wherein the ID issuing unit receives the issuance request by the issuance request receiving unit as the trigger condition. is established, the ID transmission unit transmits the issued event ID to a source requesting the issuance of the event ID, and the updating unit corresponds to the terminal information in the issuance request. 5. The server device according to claim 2, 3 or 4, wherein said identification information in said database stored in said database unit for said communication terminal device is updated. an ID receiving unit that receives an event ID from a server device to which a signal regarding execution of the event is sent;
Signal transmission for transmitting the signal including identification information obtained by encrypting the latest event ID received by the ID receiving unit with a common key, own terminal information, and event information regarding execution of the event to the server device Department and
A communication terminal device. The ID receiving unit receives the event ID addressed to itself from the server device to which the event execution request, which is the signal, is requested,
The event information in the execution request transmitted by the signal transmission unit includes content information of the event requesting the server device to be executed.
7. The communication terminal device according to claim 6. The ID receiving unit receives the event ID addressed to itself from the server device that requested the execution of the event,
When the event is executed in response to the event execution request received from the server device, the event information in the event execution response transmitted as the signal by the signal transmission unit is the event executed in response to the execution request. containing result information,
7. The communication terminal device according to claim 6. It further comprises an issuance request transmission unit that transmits an issuance request for the event ID including the own terminal information to the server device, and the ID reception unit receives the event addressed to the self from the server device that received the issuance request. 9. A communication terminal device according to claim 7 or 8, which receives an ID. a server device according to claim 1;
a communication terminal device according to claim 6;
An authentication system with a server device according to claim 2 or 3;
a communication terminal device according to claim 7;
An authentication system with a server device according to claim 4;
a communication terminal device according to claim 8;
An authentication system with a server device according to claim 5;
a communication terminal device according to claim 9;
An authentication system with an ID issuing step in which the server device issues an event ID associated with a signal received by the server device from the communication terminal device regarding an event in which the communication terminal device is involved, each time a trigger condition is satisfied;
an ID transmission step of transmitting the issued event ID to the communication terminal device serving as a transmission source of the signal corresponding to the issued event ID each time the event ID is issued by the server device;
Each time the event ID is issued by the server device, the identification information of the event involving the communication terminal device in the database stored in the database unit of the server device is encrypted with the issued event ID using a common key. an updating step for updating to the modified identification information;
The communication terminal device sends the signal including identification information obtained by encrypting the latest event ID received from the server device with the common key, its own terminal information, and event information related to the event to the server device a transmitting signal transmission step;
a determination step in which the server device compares the identification information in the signal received from the communication terminal device with the identification information in the database to determine the authenticity of the signal;
Authentication methods, including

Images