WO2007094036A1

WO2007094036A1 - Information processing system

Info

Publication number: WO2007094036A1
Application number: PCT/JP2006/302466
Authority: WO
Inventors: Masakazu Uehata; Satoshi Kawatani; Noriaki Uchino
Original assignee: Seiko Instruments Inc.
Priority date: 2006-02-13
Filing date: 2006-02-13
Publication date: 2007-08-23
Also published as: JP4868322B2; JPWO2007094036A1

Abstract

A relation between a terminal device (7) and its sub-terminal device (9) is set. The sub-terminal device (9) encrypts its public key with a verifying server public key and transmits the encrypted sub-terminal device public key to a verifying server (5) through the terminal device (7). The verifying server (5) receives and decodes the encrypted sub-terminal device public key by its stored server secret key, transmits the decoded sub-terminal device public key to the terminal device (7), encrypts a common key generated by the terminal device (7) by using the sub-terminal device public key, and transmits the encrypted common key to the terminal device (9).

Description

Information processing system

Technical field

The present invention relates to a terminal device, a slave terminal, an information processing server, and an information processing method, and for example, relates to a device for establishing a parent-child relationship between measurement devices.

Background art

[0002] With the rapid advancement of network technology in recent years, various types of computerized information have been distributed over networks.

Attempts have also been made to connect measuring equipment installed remotely using such network technology to the network!

As a result, it has become possible for the meter reader to collect the measured values manually by turning each measuring device (for example, a gas meter) and collect them on the server via the power network.

[0003] As described above, when collecting measurement values at a remote place with a server, it is important to prove the position of the measured value or the location where the measurement value was measured and the time proof of the time when the measurement value was measured.

For example, in the case of a device fixed at a fixed position such as a gas meter, the measurement position is constant, but the measurement time is different each time, so the measured value is also sent to the time stamp server, and the time stamp Sano I was asked to issue.

The time stamp is obtained by adding the received time information to the measured value received from the device and performing a digital signature with the private key of the time stamp server.

By confirming the digital signature with the public key corresponding to the secret key, it is possible to prove that the time stamp server has received the measurement value at the time.

[0004] As a technology for constructing such a time stamp system, there are a system and a method for providing the following trusted third-party clock and trusted local clock.

Patent Document 1: Special Table 2003—519417

[0005] This technology provides an audit server that audits the clock of a time stamp server, This prevents time tampering at the stamp server.

Disclosure of the invention

Problems to be solved by the invention

[0006] For example, there is a demand for collecting data by installing a large amount of measuring devices such as measuring the temperature distribution in a greenhouse. In this case, it is suitable to collect measurement values from a large number of slave units with a single master unit by setting the parent-child relationship in the measurement device.

Therefore, there is a need for a system that prevents the setting of an illegal parent-child relationship, for example, impersonation of a slave unit.

Accordingly, an object of the present invention is to provide a mechanism for setting an appropriate parent-child relationship between a parent device and a child device.

Means for solving the problem

In order to achieve the above object, the present invention provides a verification server connected to a network and storing a verification server private key and a verification server public key paired with the verification server private key. Connects to the network and communicates with the slave unit terminal, and stores the slave unit secret key encrypted with the key and the slave unit secret key paired with the slave unit public key. A terminal device for use in an information processing system configured using the terminal device, and an encrypted slave device public key receiving means for receiving the encrypted slave device public key from the slave device terminal; An encrypted child device public key transmitting means for transmitting the received encrypted child device public key to a predetermined destination, and the verification server decrypts the transmitted encrypted child device public key with the verification server private key. A slave unit public key receiving means for receiving the slave unit public key Provide a terminal device characterized by having (first configuration).

In the first configuration, a common key may be generated, and the generated common key may be encrypted using the received handset public key and transmitted to the handset terminal (second handset). Configuration).

In the first configuration or the second configuration, the encrypted slave unit public key transmission means transmits the encrypted slave unit public key to the verification server via the information processing server, and the slave unit public key The receiving means may be configured to receive the slave unit public key from the verification server via the information processing server (third configuration). The present invention also provides a verification server that is connected to a network and stores a verification server private key, and an encryption device that encrypts a slave unit public key with a verification server public key that is paired with the verification server private key. Information configured using a device public key, a child device terminal that stores a child device secret key that is paired with the child device public key, and a terminal device that is connected to the network and communicates with the child device terminal An encryption device public key storage means for storing an encryption slave device public key, which is a slave device terminal used in the processing system and encrypts the slave device public key with the verification server public key; A slave unit secret key storage unit that stores a slave unit secret key that is paired with the slave unit public key, and an encrypted slave unit public key transmission unit that transmits the stored encrypted slave unit public key to the terminal device; (4th configuration) ). In the fourth configuration, an encrypted common key encrypted by using the slave unit public key obtained by decrypting the transmitted encrypted slave unit public key is received from the terminal device. The stored secret key can also be used to decrypt the common key from the received encrypted common key (fifth configuration).

The present invention also provides a verification server that is connected to a network and stores a verification server private key, and an encryption device that encrypts a slave unit public key with a verification server public key that is paired with the verification server private key. A mobile device terminal that stores a mobile device public key and a mobile device private key that is paired with the mobile device public key; a terminal device that is connected to the network and communicates with the mobile device terminal; and An information processing server used in an information processing system configured using an information processing server that communicates with a terminal device, a correspondence storage unit that stores correspondence between the terminal device and a slave terminal, and a terminal The encrypted slave device public key receiving means for receiving the encrypted slave device public key stored in the slave device terminal from the device, and the terminal device and the slave device terminal force are associated with each other by the correspondence storage means. ! A confirmation unit for confirming whether or not the terminal device is associated, and when the terminal unit and the slave unit terminal are associated with each other by the correspondence confirmation unit, the received cipher slave public key is verified. There is provided an information processing server comprising: an encryption device public key transmission means for transmitting to a server (sixth configuration). The present invention also provides a verification server that is connected to a network and stores a verification server private key, and an encryption device that encrypts a slave unit public key with a verification server public key that is paired with the verification server private key. The handset terminal storing the handset public key and the handset secret key paired with the handset public key Information processing method performed by a terminal device used in an information processing system configured using a terminal device and a terminal device connected to the network and communicating with the child device terminal, wherein the terminal device A device public key receiving means, an encrypted child device public key transmitting means, and a child device public key receiving means,

An encryption slave unit public key receiving step for receiving the encrypted slave unit public key from the slave unit terminal by the encrypted slave unit public key receiving means, and an encryption slave unit public key transmitting step, The encrypted slave unit public key transmitting step for transmitting the received encrypted slave unit public key to a predetermined destination, and the slave unit public key receiving unit transmits the encrypted slave unit public key previously transmitted by the verification server. A slave unit public key receiving step for receiving a slave unit public key obtained by decrypting a key with the verification server private key is provided (seventh configuration).

The present invention also provides a verification server that is connected to a network and stores a verification server private key, and an encryption device that encrypts a slave unit public key with a verification server public key that is paired with the verification server private key. Information configured using a device public key, a child device terminal that stores a child device secret key that is paired with the child device public key, and a terminal device that is connected to the network and communicates with the child device terminal An information processing method performed by a handset terminal used in a processing system, wherein the handset terminal includes an encrypted handset public key storage means, a handset secret key storage means, and an encryption handset public key transmission means An encrypted slave device public key storage step for storing an encrypted slave device public key obtained by encrypting the slave device public key with the verification server public key by the encrypted slave device public key storage means; The child device secret key storage means provides the child device. A slave unit private key storage step for storing a slave unit private key that is paired with a public key; and the encrypted slave unit public key transmission unit transmits the stored encrypted slave unit public key to the terminal device. An information processing method characterized by comprising: a public key machine public key transmission step (eighth configuration).

The present invention also provides a verification server that is connected to a network and stores a verification server private key, and an encryption device that encrypts a slave unit public key with a verification server public key that is paired with the verification server private key. A mobile device terminal that stores a mobile device public key and a mobile device private key that is paired with the mobile device public key; a terminal device that is connected to the network and communicates with the mobile device terminal; An information processing method performed by an information processing server used in an information processing system configured using an information processing server that communicates with the terminal device via a work, wherein the information processing server includes: A correspondence storage means for storing the correspondence between the terminal device and the slave terminal; an encrypted slave public key reception means; a correspondence confirmation means; and an encrypted slave public key transmission means. The device public key receiving means receives the encrypted slave device public key stored in the slave device from the terminal device from the terminal device, and the corresponding confirmation means means In the correspondence confirmation step for confirming whether or not the device and the child device terminal are associated with each other in the correspondence storage means, and in the correspondence confirmation step, the terminal device and the child device terminal are associated with each other. The encryption handset public Provided is an information processing method characterized by comprising an encryption slave unit public key transmission step of transmitting the received encrypted slave unit public key to the verification server by an open key transmission means. Ninth configuration).

The invention's effect

According to the present invention, an appropriate parent-child relationship between the parent device and the child device can be set through the verification by the verification server.

BEST MODE FOR CARRYING OUT THE INVENTION

[0010] (1) Outline of Embodiment

A pair of handset private key and handset public key is generated inside handset 9 (Fig. 18), and the handset public key is sent to CA3. CA 3 creates a slave unit public key certificate of the slave unit public key, encrypts it with the public key of the verification server 5, and transmits it to the slave unit 9. The handset 9 stores the encryption device public key certificate and is shipped to the customer.

[0011] The device 7 (already connected to the information processing system 1) has a function of setting the slave unit 9 as a slave unit. When a connection request is received from the slave unit 9, the following procedure is performed. After that, the parent-child relationship is set. First, the slave unit 9 transmits the encrypted slave unit public key to the device 7.

The device 7 transmits this to the customer server 4. The customer server 4 has a slave unit master in which the device 7 and the slave unit 9 are associated in advance, and the correspondence between the device 7 and the slave unit 9 is confirmed using this. After confirming the correspondence, the customer server 4 sends the encryption client public key certificate to the verification server 5. The verification server 5 decrypts the encryption slave unit public key certificate using the verification server private key, extracts the slave unit public key, and transmits it to the customer server 4. The customer server 4 receives the slave unit public key from the verification server 5 and transfers it to the device 7.

When the device 7 receives the child device public key, the device 7 generates a common key, encrypts it using the child device public key, and transmits it to the child device 9. The slave unit 9 decrypts this using the slave unit private key and extracts the common key. Thereafter, the device 7 and the slave device 9 perform communication by performing encryption / decryption using the common key.

[0013] (2) Details of the embodiment

In the present embodiment, the installation of a measurement device on a network and the use of the measurement device after installation will be described.

[0014] [Installation of equipment]

FIG. 1 is a block diagram showing an example of a network configuration of the information processing system according to the present embodiment.

In the information processing system 1, CA3, 3, verification server 5, customer server 4, 4, device registration server 6, device 7, 7, 7, ..., base station 8, etc. can be connected via network 10. The parent CA2 is provided above CA3,3.

In the following, for items such as CA3, 3, customer server 4, 4, equipment 7, 7,..., They are simply referred to as CA3, customer server 4, equipment 7 unless otherwise distinguished.

[0015] Both the parent CA2 and CA3 are certificate authority authentication servers that create public key certificates, and a certificate that proves the legitimacy of CA3's CA public key by the root certificate issued by the parent CA2. Make up the screen.

The reason why multiple CA3s are provided in Information Processing System 1 is that equipment 7 circulates in large quantities.For this reason, it is possible to assign these to CA3 separately for each production lot or for each customer who uses equipment 7. This is to make it possible.

In this way, the use of a certificate trust chain is for business convenience, and a single CA may be configured to handle all devices 7.

[0016] The authenticity of the CA public key certificate that certifies the public key of CA3 is confirmed by the root certificate issued by the parent CA2. More specifically, the CA public key of CA3 is digitally signed by the parent CA private key of the parent CA2, and the authenticity of the CA public key is verified by verifying the authenticity of this digital signature with the parent CA public key. Can be confirmed.

The CA public key certificate and root certificate are provided to the customer server 4, the verification server 5, and the device 7 in advance by a secure method.

The customer server 4 is an information processing server operated by a customer who performs measurement using the device 7. Note that the user of the device 7 is called the customer because the user of the device 7 is the customer of the seller when viewed from the seller side of the device 7.

Customer servers 4 are operated by customers, such as those operated by Company A and those operated by Company B, respectively.

The device 7 is a measuring device such as a gas meter, for example, and the customer server 4 collects measurement values from these devices 7 via the network 10. Gas charges etc. are calculated based on the collected measurements.

[0018] The device 7 is a measuring device or the like installed so as to be connectable to the network 10, and may be a mobile device in addition to a fixed device such as a gas meter.

For example, when the device 7 of the company A is connected to the customer server 4 of the company A and the device 7 of the company B is connected to the customer server 4 of the company B, the customer server 4 corresponding to the owner 4 Connect to and send information such as measurement values to the customer server 4.

The device 7 can be connected to the network 10 by wire as well as wirelessly. In this case, the device 7 is connected to the network 10 via the base station 8.

[0019] The verification server 5 is a server for verifying the legitimacy of the device 7 when the device 7 is installed in the network 10 and connected to the customer server 4 and preventing unauthorized use of the device 7 such as impersonation. .

After the verification server 5 verifies that the device 7 is authentic, the customer server 4 connects to the device 7.

[0020] The device registration server 6 mediates between the device 7 and the CA3 when the device 7 issues a device public key certificate or the like to the CA3, and registers the device 7 in the verification server 5. It is. The device registration server 6 stores a device registration server secret key, and the verification server 5 stores a device registration server public key corresponding to the secret key.

Then, the device registration server 6 encrypts the registration request information for registering the device 7 with the verification server public key and transmits it to the verification server 5, which verifies the verification server private key. I started to decrypt!

The verification server 5 can confirm that this information is surely transmitted from the device registration server 6 by digitally signing the registration request information with the registration server private key.

[0021] In the information processing system 1 configured as described above, the parent CA2, CA3, the verification server 5, and the device registration system are the sales side operators such as the manufacturer 7 and the sales operator of the device 7. The customer server 4 is operated by the customer who purchased the device 7.

Since the sales company has information on the serial number of device 7 and the customer to whom the device 7 is delivered, etc., operate the parent CA2, CA3, verification server 5, and device registration server 6 to provide the device verification service to the customer. Is in a good position to provide.

[0022] The communication path formed by the device 7, the verification server 5, the device registration server 6, the customer server 4 and the like via the network 10 is encrypted using a technology such as SSL (Secure Sockets Layer). Therefore, the security of the information processing system 1 is enhanced.

Next, the hardware configuration of the device 7 will be described with reference to FIG.

The device 7 is roughly divided into a tamper-resistant part 20 and a measuring part 35 connected by a bus line.

The tamper resistant part 20 is a functional part that performs information processing related to security such as device authentication. For example, the tamper resistant part 20 is a tamper resistant module constituted by an IC chip containing a tamper resistant integrated circuit.

[0024] The tamper-proof specification is a sufficient protection measure against fraudulent acts such as tampering and duplication, and decoding of the internal logical structure, such as automatically destroying the internal structure when trying to analyze the internal structure. It is a specification to take.

Therefore, the tamper resistant part 20 is a kind of black box that is extremely difficult to analyze from the outside. For example, secret information such as a device secret key can be safely held. Note that tamper means that the device is tampered with, and that information is illegally changed.Tamper resistance means that it is resistant to these operations. Means.

[0025] The tamper resistant unit 20 includes a CPU (Central Processing Unit) 21, an internal clock 22, a ROM (Read Only Memory) 23, a RAM (Random Access Memory) 24, an EEPROM OM (Electrically Erasable and Programmable ROM) 25, and the like. It is configured to be connected by a bus line (not shown).

The CPU 21 is a central processing unit that performs various types of information processing according to programs stored in the EEPROM 25, the ROM 23, the RAM 24, and the like.

In the present embodiment, a pair of a device public key and a device private key is generated, device authentication of device 7 is performed by communicating with verification server 5, and information is encrypted when communicating with customer Sano. I do habit.

[0027] The internal clock 22 generates a clock for driving the tamper resistant part 20, and for example, the tamper resistant part 20 relates to a device 7 of a type that gives time information to the measurement value of the measuring part 35. Can be used as a clock for giving time information. The internal clock 22 is synchronized with the external clock 28 of the measurement unit 35, and the CPU 21 and the CPU 29 can operate in synchronism with each other.

The ROM 23 is a read-only storage device (memory) and stores basic programs and parameters for driving the tamper resistant unit 20.

The RAM 24 is a readable / writable storage device, and provides a working area when the CPU 21 performs various types of information processing.

[0028] The EEPROM 25 is a readable / writable nonvolatile storage device, and stores program data and the like.

In this embodiment, as an example, an asymmetric encryption key generation program, device private key, device public key certificate, verification server public key certificate, verification server connection information, verification request program, CA public key certificate, Communication program, OS (Operating System), etc. are stored. [0029] The asymmetric encryption key generation program is a program executed by the administrator of the device 7 (usually the manufacturer of the device 7) before the device 7 is delivered to the customer. When this program is executed by the CPU 21, An asymmetric encryption key pair (pair) of a device private key and a device public key is generated inside the tamper resistant unit 20.

The device 7 stores the generated device secret key in the EEPROM 25 and cannot know the device secret key from outside!

[0030] The device public key certificate is generated by the device 7 via the device registration server ^.

A public key certificate sent to CA3 and digitally signed by CA3 with the CA private key.

Those who have received the device public key certificate can verify that the device public key described in the device public key certificate is authentic by verifying the digital signature with the CA public key.

The verification server public key certificate is a public key certificate in which CA 3 digitally signs the verification server public key, which is the public key of verification server 5, with the CA private key.

As will be described later, the device 7 encrypts information using the verification server public key recorded in the verification server public key, and transmits the encrypted information to the verification server 5. Since this encrypted information is a verification server private key possessed by the verification server 5 and cannot be decrypted, it cannot be decrypted even if a non-verification server 5 receives this encryption information. Can increase security.

The legitimacy of the verification server public key can be confirmed by verifying the digital signature of the verification server public key certificate with the CA public key.

[0032] The CA public key certificate is a public key certificate obtained by digitally signing the CA public key, which is the public key of CA3, with the parent CA2 using the parent CA private key. The device 7 uses the CA public key described in the CA public key certificate to verify the verification server public key certificate of the verification server 5 and the customer server public key certificate of the customer server 4 (both are CA public keys of CA3). The legitimacy of the digital signature can be verified.

In addition, although not shown, the device 7 stores the root certificate issued by the parent CA2 in the EEPROM 25, and the legitimacy of the CA public key certificate is confirmed by the parent CA public key described in the root certificate. Can be confirmed. [0033] The verification server connection information is address information for connecting to the verification server 5 when the device 7 is connected to the network 10, and includes, for example, a URL (Uniform Resource Locators) of the verification server 5. Yes.

When the device 7 is installed in the network 10, it connects to the verification server 5 using the verification server connection information and receives device verification.

As described above, in this embodiment, since the verification server connection information is embedded in the device 7 in advance, the device 7 can access the verification server 5 regardless of the network environment. Can do.

[0034] The verification request program is a program for requesting the verification server 5 to verify the device.

After the device 7 is connected to the network 10 (for example, immediately after the power is turned on), when the CPU 21 executes the verification request program, the CPU 21 generates verification information described later. Then, the CPU 21 connects the device 7 to the verification server 5 using the verification server connection information, and transmits the verification information to the verification server 5.

Although not shown, the EEPROM 25 stores a program for performing information processing related to security, such as encrypting the measured value measured by the measuring unit 35. In addition to the forces described above for the components of the tamper resistant part 20, a communication control part for controlling communication between the tamper resistant part 20 and the measuring part 35 is also configured.

The measurement unit 35 is a functional unit that performs measurement, and includes a CPU 29, a ROM 27, a RAM 30, an external clock 28, a display unit 31, an input unit 32, a storage unit 33, a measurement device unit 34, and the like. The measurement device unit 34 is a device that performs measurement, and outputs a measurement value to the CPU 29 as digital information when requested by the CPU 29.

For example, in addition to measuring gas, water, and electricity consumption, the measuring device unit 34 performs temperature measurement, humidity measurement, water quality measurement, air pollution measurement, and is installed in a vending machine for inventory and sales. Various things, such as what measures a situation etc., are employable.

The CPU 29 is a central processing unit that performs various types of information processing according to programs stored in the storage unit 33, the ROM 27, the RAM 30, and the like.

The CPU 29 operates in cooperation with the CPU 21.For example, when installing the device 7, the tamper resistant part The verification information output from 20 is transmitted to the verification server 5, and after installation, the measurement device section 34 also acquires the measured value, digitally signs it with the tamper resistant section 20, and transmits it to the customer server 4. To do.

The external clock 28 generates a clock for driving the measuring unit 35. Also, since the external clock 28 is generally more accurate than the internal clock 22, it is configured to correct the external clock 28 using an external signal, etc., and to correct the internal clock 22 using the corrected external clock 28. Yes.

The ROM 27 is a read-only storage device, and stores basic programs, parameters, and the like for driving the CPU 29.

The RAM 30 is a readable / writable storage device, and provides a working area when the CPU 29 performs various types of information processing.

[0039] The storage unit 33 is corrected by, for example, EEPROM, and stores various programs and data.

By executing the program stored in the storage unit 33 on the CPU 29, the measuring device unit 3

4) A function to acquire measurement values from 4), a function to communicate with and cooperate with the tamper resistant unit 20, and a function to communicate with the verification server 5 and customer sano by controlling the communication unit 26 be able to.

Further, the storage unit 33 is used for temporarily storing the measurement value measured by the measurement device unit 34.

[0040] The display unit 31 includes, for example, a display device such as a liquid crystal display panel, and an operation instruction when the person in charge of installation installs the device 7 on the network 10 or a measurement value of the measurement device unit 34. Various types of information can be displayed.

The input unit 32 includes operation buttons and the like, and is used, for example, when the person in charge of installation installs the device 7 on the network 10 to operate the device 7.

[0041] The communication unit 26 constitutes an interface for connecting the device 7 to the network 10. The CPU 21 and the CPU 29 communicate with the device registration server 6, the verification server 5, the customer server 4, and the like via the communication unit 26. can do. When the device 7 is connected to the network 10 wirelessly, the communication unit 26 includes an RF circuit and the like. Next, the hardware configuration of the verification server 5 will be described with reference to FIG.

The verification server 5 includes a CPU 41, a ROM 42, a RAM 43, a storage unit 46, a communication unit 45, and the like.

The CPU 41 operates in accordance with programs stored in the ROM 42, RAM 43, storage unit 46, and the like, and performs various types of information processing for verifying the device 7.

[0043] The ROM 42 is a read-only storage device, and stores basic programs, parameters, and the like for driving the CPU 41.

The RAM 43 is a readable / writable storage device, and provides a working area when the CPU 41 performs various types of information processing.

The communication unit 45 is an interface that connects the verification server 5 to the network 10.

The storage unit 46 is configured using a large-capacity storage medium such as a hard disk, for example, and stores various programs and data as illustrated.

The verification program is a program for verifying the device 7. The CPU 41 executes the device verification program, verifies the verification information transmitted from the device 7, and transmits the verification result to the customer server 4. Can do.

[0045] The CA public key certificate is a public key certificate of the CA public key of CA3. In addition, the root certificate of force parent CA2 (not shown) is also stored. These certificates are provided in a secure manner, for example, handed over between personnel.

The verification server private key is a private key corresponding to the verification server public key, and is used for information encryption, digital signature, and the like.

[0046] The customer server connection information is information for connecting to the customer server 4 via the network 10, and is configured by, for example, the URL or IP address of the customer sano. The customer server connection information is stored in the storage unit 46 in advance by the customer.

When transmitting the verification result to the customer server 4, the verification server 5 connects to the customer server 4 using the customer server connection information and transmits it.

Next, the device registration database will be described.

The device registration database is a database in which devices 7 that require verification are registered in advance. An example of the logical configuration is shown in FIG.

As shown in the figure, the device registration database includes items such as “customer”, “customer server connection information”, “device ID”, “device public key”, and so on.

[0048] "Customer ID" is an I blueprint that identifies each customer who operates customer servers 4, 4,.

Thus, the customer is registered in the verification server 5 in advance, and HD information is given.

“Customer server connection information” is connection information for connecting to the customer server 4, and is stored in association with the customer ID.

In the figure, one customer server connection information is described for each customer. However, when a customer uses multiple customer servers, the multiple customer server connection information is associated with a customer ID.

“Equipment” is information assigned to each of the devices 7, 7,..., And for example, a production serial number can be used.

The “device public key” is a device public key corresponding to the device private key stored for each device 7. The device public key is obtained by the device public key certificate that CA3 sent to the verification server 5.

[0050] Which customer server connection information the device 7 is registered to correspond to, for example, receives the designation of the customer server 4 to which the device 7 is connected from the customer when the device 7 is sold, The administrator has made it compatible.

As described above, the hardware configuration of the verification server 5 has the same hardware configuration as the verification server 5 such as the customer server 4, the device registration server 6, and the CA 3.

CA3 and parent CA2 perform various information processing functions such as creating a public key certificate by the CPU executing a predetermined program stored in advance.

Further, in the case of CA3, the revocation list storing the revocation information of the device 7 that issued the device public key certificate is stored in the storage unit 46.

The revocation list is a data list that stores whether the device 7 to which CA3 issued the device public key certificate is currently revoked or not, corresponding to the presence or absence of the device ID. Immediately after the device public key certificate is issued, No information about the device is registered. And revocation is the customer It is set by registering the device ID in the revocation list by powerful declaration.

The verification server 5 verifies the validity by referring to the revocation list of CA 3 when there is an inquiry about validity such as customer sano.

In other words, the verification server 5 verifies the validity of the device 7 by using the revocation status storage means (revocation list of CA3) that stores whether the device is in a revocation status or not when verifying the legitimacy of the device 7. There should be a means of verifying the effectiveness.

[0052] In the case of the customer server 4, the storage unit 46 stores a device master, a measured value database, and the like.

The device master is master information of the device 7 to which the customer server 4 is connected. For example, basic information such as the device ID of the device 7, the device connection information for connecting to the device 7, the device public key, and the device 7 Attached information power, such as the installation location and date of installation. The customer server 4 manages each device 7 by the device master.

[0053] For example, basic items are received and stored from the verification server 5 at the time of device verification, and incidental items are input by the administrator of the customer server 4.

When the device 7 is revoked, the administrator of the customer server 4 inputs the revocation of the device 7 to the customer server 4 and deletes it from the device master. At this time, the customer server 4 sends a revocation request to CA3 and is revoked when CA3 is registered in the revocation list.

The measured value database is a database that stores and accumulates measured values transmitted from the device 7 via the network 10.

In the measurement value database, each measurement value is associated with the device ID of the device 7 that measured it, and the measurement date and time are also stored.

[0055] The device registration server 6 generates a function for mediating between the device 7 and CA3 when the device 7 obtains a device public key certificate, and generates registration request information and transmits it to the verification server 5 to transmit the verification server. In addition, a program for causing the CPU to perform functions such as registering the device 7 is stored in the storage unit 46, and these functions are exhibited by executing this program. The device registration server 6 also stores verification server connection information for input to the device 7.

Next, the overall configuration of the procedure up to the installation of the processing power before shipping of the device 7 will be described with reference to FIG. In the figure, the order of the procedures is shown in parentheses. I will do it.

Steps (1) to (4) are performed before installation of the device 7 (preferably before shipment to the customer).

(1) (Generate asymmetric encryption key pair of device private key and device public key)

When the hardware of device 7 is completed, the operator operates device 7 to execute the asymmetric encryption key generation program, and causes CPU 21 to generate a device private key / device public key pair within tamper resistant unit 20 (asymmetric Encryption key generation means).

The device 7 stores the generated device secret key in a predetermined area of the EEPROM 25 (secret key storage means).

[0057] (2) (Send device public key)

The device 7 is connected by a worker in charge to the device registration server in charge of the device 7, and transmits the generated device public key, device unique information, and the like to the device registration server (public key providing means).

Here, the device-specific information includes information unique to the device 7 such as the device and the MAC address of the tamper-proof part.

The device registration server 6 receives these pieces of information from the device 7 (public key acquisition means). Then, the device registration server 6 sends the device public key, device ID, etc. to CA3 and requests CA3 to issue a device public key certificate (public key certificate issue request means).

[0058] (3) (Write device certificate)

CA3 creates a device certificate from the device public key from the device registration server 6. CA 3 adds the verification server public key certificate of the verification server 5 to the device certificate to create a device certificate, and transmits the device certificate to the device registration server 6.

When the device registration server 6 receives the device certificate from CA3, it adds the verification server connection information to the device certificate and transmits it to the device ⁷ .

The device 7 receives the device certificate from the device registration server 6 and stores it in the tamper resistant unit 20. As described above, the device certificate includes the device public key certificate, the verification server connection information, and the verification server public key certificate. The book is included. [0059] More specifically, the device public key certificate is a public key certificate obtained by digitally signing the device public key of device 7 with the CA3 CA private key (certificate server private key). Means). Thus, CA3 has a secret key storage means.

More specifically, the device public key certificate includes, for example, a message having a content such as “Public key [abl2,... 01] is a device public key of device ID [12. It is composed of a digital signature that is obtained by encrypting the digest (for example, using the hash value of the message) generated from CA with the CA3 private key.

When the device public key certificate is received, the digital signature is decrypted using the CA public key (certification server public key) of CA3, and a message digest is created to confirm the match between the two. It can be confirmed that the message has not been modified.

[0060] The verification server connection information is information for connecting to the verification server 5 on the network 10. For example, the verification server connection information includes a URL (Uniform Resource Locators) and an IP address of the verification server 5 (validation server Connection information storage means).

[0061] The verification server public key certificate is a public key certificate obtained by digitally signing the verification server public key with the CA3 private key.

Since the verification server public key certificate includes the verification server public key, the device 7 acquires the verification server public key using this.

Note that the device 7 can verify the legitimacy of the device public key certificate and the verification server public key certificate by using a pre-installed CA public key.

The device registration server 6 according to the present embodiment includes the verification server public key certificate in the device certificate received from CA3 and transmits it to the device 7. However, the present invention is not limited to this, and the device certificate received from CA3. And the configuration to send the verification server connection information to the device 7 separately.

[0062] (4) (Registration request for device 7)

The device registration system can obtain a device public key certificate when CA3 issues a device certificate to device 7.

Then, the device registration Sano 6 creates registration request information including the device public key certificate obtained in this way, device unique information (device ID), etc., and sends it to the verification server 5 for verification. Request the certificate server 5 to register the device 7 (public key certificate transmission means).

The verification server 5 receives the registration request information from the device registration server 6 and updates the device registration database using this information.

[0063] Further, after receiving the designation of the customer server 4 to which the device 7 is connected from the customer to whom the device 7 is sold, the seller of the device 7 receives the customer server connection information of the customer server 4 from the customer 7 The data is input to the verification server 5 in correspondence with.

That is, the verification server stores the device public key included in the registration request information in the device registration database in association with the device 7 (public key storage means), and further associates the device 7 with the customer server 4 in the device registration database. (Information processing server device compatible storage means

) o

[0064] (5) (Shipping)

The device 7 is shipped to the customer after being registered in the verification server 5. Equipment 7 is under customer control after it is shipped.

[0065] (6) (Verification request)

After the equipment 7 is shipped, it is connected to the network 10 by the installer, and the verification request program is executed.

When the verification request program is executed, the device 7 generates verification request information. Then, the device 7 connects to the verification server 5 using the verification server connection information stored in the EEPROM 25 (verification server connection means), and transmits the verification request information.

[0066] The verification request information is obtained by digitally signing the device connection information for connecting the device from the customer server 4 to the device 7 and the environment information (information on the network connection environment) with the device secret key. It is encrypted with the public key.

In this way, when the device 7 is connected to the network 10, it acquires its device connection information (connection information acquisition means) and transmits it to the verification server 5 (connection information transmission means). On the other hand, the verification server 5 is provided with connection information receiving means for receiving it.

The verification request information includes a digital signature obtained by encrypting a digest (predetermined information) with a device private key, and functions as signature information. In this way, the device 7 has a signature information transmission means. [0067] (7) (Refer to revocation list)

When the verification server 5 receives the verification information from the device 7 (signature information receiving means), it decrypts it with the verification server private key. Then, the verification server 5 acquires the device public key of the device 7 from the device registration database (public key acquisition means), and uses this to confirm the authenticity of the digital signature, so that the device 7 is an authentic product. (Verification means) Further, although not shown in the figure, the verification server 5 confirms with CA3 whether or not the device 7 is invalid (validity verification means).

(8) (Notification of verification result)

If the device 7 is valid, the verification sano 5 sends the verification result to the customer server 4 using the customer server connection information associated with the device 7 in the device registration database (send verification result). means).

The verification result is, for example, the device public key certificate of the device 7, the device connection information to the device 7, the verification result, etc. encrypted with the verification server private key. As described above, the verification server 5 includes connection information transmitting means for transmitting connection information to the device 7 to the customer server 4.

[0068] The customer server 4 can confirm the legitimacy of the verification result by decrypting the verification result with the verification server public key stored in advance. Alternatively, legitimacy may be guaranteed by digitally signing the verification result with the verification server private key of verification server 5.

If the device 7 has expired, an error message is sent to the device 7, and the verification result is not notified to the customer server 4. Alternatively, it may be configured to notify the customer server 4 that there has been a verification request from the device 7 for which the verification server 5 has expired.

[0069] (9) (Notification of customer server information)

The customer server 4 receives the verification result from the verification server 5 (verification result receiving means), confirms that the device 7 is verified as a legitimate product, and then connects to the device 7 (connection means). ) Send customer server information to customer server 4.

The customer server information includes customer server public key certificate, customer server connection information for the device 7 to connect to the customer server 4 via the network 10, and the like. It should be noted that the connection between the customer sano and the device 7 may be connected from the customer sano to the device 7, or alternatively, the device 7 may be connected to the customer server 4.

In the former case, the customer server 4 connects to the device 7 using the connection information of the device 7, and in the latter case, the device 7 receives the customer server connection information from the verification server 5 at the time of the verification request. Use this to connect to the customer server 4.

[0071] (10) (Communication between device 7 and customer server 4)

The device 7 verifies the customer server 4's legitimacy by verifying the customer server public key certificate (digitally signed with the CA private key) transmitted from the customer server 4 with the pre-stored CA public key. be able to.

Thereafter, the device 7 and the customer server 4 become communicable, and the device 7 encrypts the measurement data with the customer server public key and transmits it to the customer server 4.

Since the measurement data cannot be decrypted by the customer server having the customer server private key, it is possible to prevent leakage of the measurement data during transmission.

[0072] (11) (Revocation request)

For example, when the device 7 is no longer used due to replacement of the device 7 with a new device, the customer invalidates the device 7 in the device master and requests the CA 3 to revoke the device 7.

By revoking device 7 from the CA3 revocation list, it is possible to prevent device 7 from being newly installed or used illegally.

[0073] The above is a description of the overall procedure up to the installation of the device 7. Next, these procedures will be described in detail using a flow chart.

FIG. 6 is a flowchart for explaining the procedure until the device 7 is shipped to the customer. The device 7 is assembled on the assembly line and then sent to the device registration department. In the device registration department, the customer who purchases the device 7, the customer server 4 to which the device 7 is connected, the CA 3 to which the device 7 is assigned, and the like are known in advance.

[0074] The worker in charge connects the device 7 to CA3 and operates the input unit 32 to cause the CPU 21 to execute the asymmetric encryption key generation program. Then, the CPU 21 generates a device secret key and a device public key, which is an asymmetric encryption key pair unique to the device 7, using, for example, a random number (step 5).

The connection to CA3 may be made after the device private key and device public key are generated.

The CPU 21 stores the generated device secret key in a predetermined area in the EEPROM 25. Then, the CPU 21 reads the device ID stored in the EEPROM 25 in advance and the device unique information unique to the device 7 such as the MAC address of the tamper resistant unit 20 and sends them to the device registration server 6 together with the device public key. Send (step 10).

Verification sano 5 receives the device public key, device unique information, etc. from device 7 and sends it to CA3 (step 13).

[0076] CA3 receives the device public key and device specific information of device 7 from device registration server 6 (step 15).

CA3 then extracts the device ID from the device-specific information. For example, “Device public key 00 is the device public key with device ID 00. The certifier is CA3.” Generate a device ID, certifier, and other messages that also have proof date power, for example. Furthermore, CA3 generates a digest from the message card and digitally signs it by encrypting it with the CA private key.

[0077] CA3 creates a device public key certificate from the message and digital signature (step 20), and then generates a device certificate using the device public key certificate and the verification server public key certificate ( Step 25).

CA3 transmits the generated device certificate to the device registration server 6 (step 30).

) o

The device registration server 6 receives the device certificate from CA3, and sends it to the device 7 with the verification server connection information attached thereto (step 33). The verification server connection information may be transmitted separately from the device certificate.

The device 7 receives the device certificate and stores it in the EEPROM 25 in the tamper resistant unit 20 (step 35).

The EEPROM 25 stores the CA public key certificate of CA3 and the root certificate of the parent CA2 in advance, and the device 7 can check the legitimacy of the device certificate using these. wear.

[0079] On the other hand, after transmitting the device certificate to the device 7, the device registration server 6 transmits the registration request information such as the device ID and the device public key certificate to the verification server 5, and transmits the device certificate. A registration request to the device registration database in step 7 is made (step 40).

At this time, the device registration server 6 digitally signs the registration request information with the device registration server private key and transmits it to the verification server 5, and the verification server 5 can confirm the legitimacy of the verification request information with the device registration server public key. Like that.

In the verification server 5, the device registration server 6 digitally signs the registration request information, and the verification server 5 confirms this to confirm the legitimacy of the registration request information.

The verification server 5 checks the legitimacy of the device public key certificate using the device registration server public key, and stores the correspondence relationship between the customer server connection information, the device, and the device public key included in the registration request information in the device registration database. Register (step 45).

As described above, the pre-shipment processing of the device 7 is completed, and the device 7 in which the device secret key and the verification server connection information are embedded in the tamper resistant unit 20 is shipped to the customer.

On the other hand, the verification server 5 stores information related to the device 7 in preparation for the verification of the device 7.

Note that the customer server connection information of customer sano to be connected to the device 7 to which the device 7 is not connected is input separately into the device registration database of the verification server 5.

Next, a procedure from installing the device 7 at the installation site to connecting to the customer server 4 via the network 10 will be described using the flowchart of FIG.

When equipment 7 is shipped to the customer, it is transported to the installation site based on the customer's business plan.

The person in charge of the installation goes to the site, connects the device 7 to the network 10 and starts the verification request program.

Then, the device 7 collects device connection information such as its own IP address on the network 10 and environmental information such as being connected via a router (step 50).

[0083] Next, the device 7 reads its own device ID from the EEPROM 25, and digitally signs it with the device private key together with the device connection information and environment information collected earlier, and creates verification request information. To do.

Then, the device 7 creates the verification request information encrypted by encrypting the verification request information with the verification server public key.

Next, the device 7 connects to the verification server 5 using the verification server connection information, transmits the encrypted verification request information to the verification server 5, and requests its verification from the verification server 5 (step 55). .

The verification server 5 receives the verification information encrypted from the device 7 and decrypts it with the verification server private key stored in advance.

Since the verification server private key has only the verification server 5, the encrypted verification information cannot be decrypted even if it is transmitted to another party during transmission.

Next, the verification server 5 searches the device registration database for the device ID included in the verification request information, and obtains the device public key associated with the device ID.

Next, the verification server 5 confirms the digital signature using the device public key and confirms the authenticity of the verification information (step 60).

More specifically, the verification server 5 generates a verification request information power digest, decrypts the digital signature with the device public key, restores the digest, and the verification request information is legitimate because both match. Confirm that there is.

If they do not match, the verification server 5, device 7 transmits an error message one di to the device ⁷ as unorthodox.

[0086] After confirming the legitimacy of the device 7, the verification server 5 sends the device ID of the device 7 to the CA3, not shown, and asks whether the device 7 has expired or not.

Then, the verification server 5 receives from the CA 3 whether or not the device 7 has expired, and confirms the validity of the device 7 based on this (step 65).

If the device ⁷ is valid, the verification Sano 5 digitally signs the device ID, connection information, verification result of authenticity of the device 7, the connection environment, etc. with the verification server private key, and creates a verification result. (Step 70).

Next, the verification server 5 searches the device registration database for the device ID of the device 7, and acquires the customer server connection information of the customer server 4 associated with the device 7. Then, the verification server 5 uses this to connect to the customer server 4 and transmits the verification result (step 75).

On the other hand, if the device 7 has expired in the device registration database, the verification server 5 transmits an error message to the device 7 and does not transmit the verification result to the customer server 4. It can be configured to send a notification to the customer server 4 that the verification has been made.

[0088] The customer server 4 receives the verification result from the verification server 5, and verifies the legitimacy of the verification server 5 by decrypting it with the verification server public key stored in advance (step 85). .

That is, since only the verification server 5 can digitally sign the verification result with the verification server private key, the authenticity of the verification server 5 can be verified by decrypting the verification result with the verification server public key.

The verification result should be configured to be digitally signed with the server private key and verified on the customer server 4.

[0089] After confirming the authenticity of the verification server 5, the customer server 4 stores the device ID, device public key, device connection information, etc. included in the verification result in the device master, and stores the device 7 in the authenticity of the customer server 4. To register as a measuring instrument.

On the other hand, the customer server 4 transmits an error message to the verification server 5 when the legitimacy cannot be confirmed.

[0090] Next, the customer server 4 connects to the device 7 using the device connection information registered in the device master, and transmits the customer server information (step 90).

The customer server information includes public key certificates (customer server public key certificates digitally signed with a CA public key) and connection information to the powerful customer server 4 such as URL and IP address.

[0091] Upon receiving the customer server information from the customer server 4, the device 7 verifies the digital signature of the customer server public key certificate using the CA public key and confirms the legitimacy of the customer server 4.

The device 7 stores the customer server connection information in the EEPROM 25 and stores it in the customer server 4. Used when connecting.

Thereafter, the customer Sano and the device 7 can communicate with each other (step 95), and the device 7 can transmit the measurement value to the customer server 4. At this time, the device 7 prevents leakage of the measured value by encrypting the measured value with the customer server public key and transmitting it to the customer server 4.

In the above example, the customer server 4 is connected to the device 7, but the device 7 can be configured to connect to the customer server 4.

In this case, the verification server 5 transmits a verification result to the customer server 4 (step 75), and then receives a notification that the device 7 has been registered from the customer server 4.

After verifying that the device 7 has been registered in this way, the verification server 5 transmits the customer server connection information to the device 7 (step 80).

The device 7 receives the customer server connection information from the verification server 5 and uses this information to connect to the customer server 4.

Thereafter, the customer server 4 and the device 7 can communicate (step 95).

In the information processing system 1 described above, the validity of the device 7 is managed by the revocation list of the CA3, but a copy of the revocation list can be managed by the verification server 5. In this case, for example, the device registration database of the verification server 5 is synchronized with the revocation list of CA3 by notch processing once a day.

If the device 7 is invalidated in the device registration database of the verification server 5 when the device 7 is verified, the verification server 5 will change to CA3 (since the invalidated item will not be valid). Even without making an inquiry, it can be confirmed that the device 7 has expired.

For this reason, the verification server 5 may inquire CA3 about whether or not it has expired when the device 7 is valid in its device registration database. In this case, after the previous batch processing, the device 7 that has become invalid is notified from the CA 3 to the verification server 5 as invalid.

In this way, by using a copy of the revocation list, the number of questions to CA3 and the number of matches can be reduced, and the load on CA3 can be reduced.

[0094] In the present embodiment, CA3, device registration server 6 and verification server 5 are configured as separate servos <<, but a single server can be configured to exhibit both functions. The

For example, a server and CA3 that have the functions of the verification server 5 and the device registration Sano 6, a Sano and verification server 5 that has the functions of the device registration server 6 and CA3, and a server that has the functions of the verification server 5 and CA3. A device registration server 6 or a server having the functions of CA3, verification server 5, and device registration server 6 can be configured. In these cases, server maintenance work can be reduced.

The following effects can be obtained by the present embodiment described above.

(1) By generating a pair of asymmetric keys (device secret key, device public key) in the tamper resistant unit 20, the device secret key can be stored in the device 7 while keeping it secret.

(2) It is possible to verify that the device 7 is a legitimate device by confirming that the device 7 stores the device secret key using the device public key.

(3) When connecting the device 7 and the customer server 4, the verification of the authenticity of the device 7 by the verification server 5 ensures that the device 7 is a legitimate device to the customer server 4. Is possible.

(4) By storing the connection information of the verification server in the device 7 in advance, the device 7 can be connected to the verification server 5 regardless of the connection environment of the device 7.

(5) By managing the revoked device 7 using the revocation list, it is possible to prevent the revoked device 7 from being connected to the customer server 4.

(6) In order to automatically verify the device 7 via the network 10, it is necessary to dispatch a highly skilled engineer to the installation site of the device 7.

[0096] [Device operation]

Next, an operation after the device 7 is installed in the information processing system 1 will be described.

FIG. 8 is a block diagram showing information processing system 1 related to the operation of device 7. The verification server 5, CA3, and parent CA2 shown in Fig. 1 are shown in Fig. 8 because they finish their functions when installation of the device 7 is completed.

Further, since the audit server and the standard radio wave transmitter are related when the operation of the device 7 is started, the audit server 12 and the standard radio wave transmitter 11 are shown in FIG.

[0097] Device 7 issues a time stamp to the measured value according to the time measured by internal clock 22 I have a time stamp machine to do.

In addition, the device 7 includes a device for receiving the standard radio wave transmitted by the standard radio wave transmitter 11. As will be described later, the external clock 28 (FIG. 2) is corrected with the standard radio wave, and the external clock 28 is further corrected. Use to correct internal clock 22.

In this embodiment, the internal clock 22 is corrected by the standard radio wave, but the present invention is not limited to this. For example, it is possible to use a time distributed by GPS or a time included in a wireless communication protocol. Alternatively, it is possible to supply the device 7 with the distribution time of the time distribution server by wire or wireless.

The audit server 12 is a server operated by the audit bureau and audits the internal clock 22 of the device 7.

In general, the audit bureau is operated by an entity that is a third party with the customer who operates the equipment7. This makes it virtually impossible for customers to collaborate with the operator of the audit server 12 and perform time stamp backdates, thus achieving an extremely high level of security.

[0099] The audit server 12 includes an atomic clock and an audit private key, and creates a time certificate by digitally signing the reference time of the atomic clock with the audit private key, and transmits the time certificate to the device 7. The

The device 7 uses this time certificate to check whether or not the internal clock 22 is outputting the correct time. If the correct time is not output, the device 7 stops issuing the time stamp. Yes. In this way, the audit server 12 can perform time auditing by transmitting the reference time to the device 7.

[0100] The standard radio wave transmitter 11 is a transmitter that is operated by a standard radio station and transmits standard radio waves including time information to an unspecified number of receivers.

The device 7 receives the standard radio wave transmitted by the standard radio wave transmitter 11, and uses this to correct the internal clock 22 (via the external clock 28).

The customer server 4 receives the measurement data with the time stamp from the device 7 and stores it in the measurement value database.

[0101] FIG. 9 is a diagram for explaining the relationship among the device 7, the audit server 12, and the customer server 4. The

The audit server ₁₂ includes an atomic clock for measuring the time described in the time certificate, and further stores an audit secret key.

The time certificate transmitted from the audit server ₁₂ to the device ₇ includes a reference time, a time limit, a serial number, unique information, a digital signature, and the like.

The reference time is the time constructed using the time measured by the atomic clock, and the current time of the atomic clock may be used as it is, or if communication delay is a problem, the time of alive is the delay time. Use a value that has been corrected in some way, such as using a corrected value.

[0102] The time limit is the expiration date of the reference time recorded in the time certificate. That is, the accuracy of the output time of the internal clock 22 audited at the reference time indicated on the time certificate is guaranteed by the auditing bureau during this time limit.

The device 7 can issue a time stamp within this time limit, and the time during which this time stamp can be issued is called the active time.

[0103] The serial number is the number of the time certificate assigned by the audit server 12 in the order of issue. However, if the serial number is issued, it may be easy to guess from the outside. The serial number was composed of random numbers.

The unique information is information unique to the hardware of the device 7, such as HD information of the tamper resistant unit 20, for example. If the unique information does not match, the tamper resistant part 20 issues an error.

[0104] In addition to these items, the expiration date of the time certificate and the common key for communication between the device 7 and the audit server 12 after the validity of the time certificate is confirmed are also included in the time certificate. Can be included.

[0105] The digital signature is a message digest encrypted with a private key for audit. Here, the message is information that prevents tampering, such as the current time, time limit, serial number, and unique information. A digest is a hash value obtained by computing a message using a hash function.

The recipient of the time certificate creates a digest from the message catalog, and then the digital signature The digest is restored with the audit public key. Then, it is possible to confirm that the contents of the time certificate have been tampered with by agreement between the two.

[0106] In addition to the device secret key and the internal clock 22 described above, the device 7 stores the audit public key paired with the audit secret key in the EEPROM 25 and the mode switching unit. 51.

The mode switching unit 51 is configured by causing the CPU 21 to execute a time stamp program stored in advance in the EEPROM 25 at the time of shipment.

Further, the EEPROM 25 stores the previous certificate that is the time certificate received from the audit server 12 in the last past.

In FIG. 2, the force shown by including the communication unit 26 in the measurement unit 35. Here, the communication unit 26 is illustrated outside the measurement unit 35 for easy understanding.

The audit public key is public key information for decrypting the digital signature attached to the time certificate transmitted from the audit server 12.

The tamper resistant part 20 can confirm the legitimacy of the time certificate using the audit public key and confirm the validity of the reference time.

[0108] The device private key is used to digitally sign measurement data to be transmitted to the customer server 4.

Here, information used as a message is a measurement value, device, measurement time, and the like, and a time stamp is formed by digitally signing these digests with a device private key.

The message may be digitally signed as it is without generating a digest.

The internal clock 22 gives a measurement time to the measurement value. That is, the time when the tamper resistant unit 20 acquires the measurement value from the measuring unit 35 is measured by the internal clock 22, and the internal clock 22 having this time as the measurement time is configured inside the tamper resistant unit 20. Therefore, it is difficult to configure with a highly accurate clock device. On the other hand, the external clock 28 is constantly corrected by a standard radio wave with high accuracy. Therefore, the tamper resistant unit 20 corrects the internal clock 22 with reference to the external clock 28 (FIG. 2) as appropriate. Here, the correction of the internal clock 22 will be described in more detail with reference to FIG.

Fig. 10 shows an example of the time measured by the internal clock 22.

March 30th, 15:30, 20 seconds, 2 hundred milliseconds ". Thus, the internal clock 22 measures the time in units of 100 milliseconds.

The tamper resistant part 20 is a part of the time of the internal clock 22 or more (hereinafter referred to as a time label).

) And seconds, and the time audit is performed on the time label, and the time is adjusted on the second unit.

[0111] For this reason, of the time of the internal clock 22, the portion (time label) requiring security cannot be tampered with, and security can be improved. The part that provides quality (in seconds) is corrected with high accuracy by standard radio waves.

In general, the accuracy of the internal clock 22 can be maintained within 1 minute for several months without correction, so the customer should install the device 7 in the meantime and perform the correction of the internal clock 22 in seconds. The internal clock 22 can be corrected by this.

[0112] In this embodiment, as an example, the time is divided into a part related to security and a part related to quality assurance with a second unit as a boundary. However, the time is not limited to this. It is also possible to classify by larger units or smaller units.

In other words, for example, if an accurate time is required up to 1 second with a time stamp, the audit server 12 audits the part longer than 1 second and corrects the time less than 999 milliseconds with the standard radio wave.

[0113] Returning to FIG. 9, the last certificate is the one in which the time certificate sent from the audit server 12 and used in the previous time audit is stored in the EEPROM 25.

When the tamper resistant part 20 checks the reference time of the time certificate transmitted from the audit server 12, it confirms that this reference time is later than the reference time received from the audit server 12 last time. .

[0114] In the time stamp, the most important thing to prevent is to issue a time stamp at the time of back date (to output the past time) due to tampering, etc. The reference time sent from the audit server 12 Confirm that it is later than the time when the audit was performed (the time indicated in the previous certificate)

[0115] If the reference time transmitted from the audit server 12 is earlier than the time described in the previous certificate, it stops in the audit mode (described later) by issuing an error message, etc. Do not issue time stamps.

[0116] By storing the previous reference time in this way and confirming that the reference time used for the audit is later, a time stamp is issued at the knocked time. Can be prevented.

Note that the default previous certificate is stored in the EEPROM 25 at the time of factory shipment.

The mode switching unit 51 is a functional unit that sequentially switches operation modes related to the time stamp function of the tamper resistant unit 20.

The operation mode performed by the tamper resistant unit 20 includes an audit mode, a synchronization mode, and a stamp mode.

Each of these modes of operation is performed by independent modules so that no interference occurs between the modules.

The audit mode is an operation mode for auditing that the time label of the internal clock 22 is correct using the reference time transmitted from the audit server 12.

The synchronization mode is an operation mode that synchronizes (that is, corrects) the second clock portion of the internal clock 22 with an accurate time using the time distributed from the standard radio wave transmitter 11 by the standard radio wave.

The stamp mode is an operation mode in which a time stamp is issued for the measurement value measured by the measurement unit 35.

[0119] As shown in Fig. 11, the mode switching unit 51 sets the operation mode of the tamper resistant unit 20 to a predetermined value such as audit mode-> synchronous mode-> stamp mode-> audit mode -... Switch sequentially in order.

Among these modes, audit mode and stamp mode are operation modes that require high security because they handle time labels (security mode). On the other hand, synchronization mode handles seconds, so high security is always necessary. The operation mode (general mode). [0120] The mode switching unit 51 does not switch the tamper resistant unit 20 to the next operation mode until the currently operating mode is completed.

Therefore, in order to operate in the stamp mode, the audit mode and the synchronization mode must be completed, and the tamper resistant unit 20 can issue a time stamp at the audited and synchronized time.

Further, the tamper resistant unit 20 can stop issuing the time stamp when an error occurs in at least one of the audit mode and the synchronous mode.

[0121] In this way, the tamper resistant unit 20 operates by switching between the security mode and the general mode, thereby preventing high-security processing and high-security processing from being performed simultaneously. And then.

However, since each operation mode operates with an independent module, the tamper resistant part 20 can prevent the processing in the security mode and the general mode from interfering with each other in the tamper resistant part 20. High resistance to unauthorized access such as

[0122] The tamper resistance unit 20 has the ability to switch the security mode into an audit mode and a stamp mode, both of which are security modes, so that the audit and stamp issuance is performed in the same mode. Anyway!

Furthermore, in this embodiment, audit mode → synchronous mode → stamp mode → audit mode

• · · Force that switches modes in order · The order of mode switching is not limited to this. For example, synchronization mode → audit mode → stamp mode → synchronization mode → · · · operation mode in other order You can switch.

[0123] In this way, during the stamp mode, the device 7 (Fig. 9) acquires the measurement value from the measurement unit 35 and issues a time stamp according to the time of the internal clock 22, and the customer server 4 as measurement data. Send to.

Thus, since the device 7 has a built-in time stamp function and issues a time stamp together with the measurement, it can be ensured that the measurement value is surely measured at the measurement time.

In this embodiment, the time measured by the internal clock 22 is used as the measurement time. However, the measurement unit 35 outputs the measurement time together with the measurement value to the tamper resistant unit 20, and includes this measurement time. The tamper resistant part 20 can be configured to issue a time stamp.

The customer server 4 (FIG. 9) includes a device master that has registered the device 7 and a measurement value database that stores the measurement data transmitted from the device 7.

FIG. 12 (a) is a diagram showing an example of the logical configuration of the device master.

The device master is composed of items such as “device”, “connection information”, “device public key”, “model number”, “installation location”, “installation date”, and so on.

The device ID is used to identify the device 7, and the connection information is used to connect to the device 7. The device public key is used to confirm the time stamp (digital signature) of the measurement data.

FIG. 12B is a diagram showing an example of the logical configuration of the measurement value database.

The measurement value database consists of items such as “device ID”, “reception time”, “measurement value”, “measurement time”, and so on.

The device ID is the device ID of the device 7 that is the transmission source of the measurement data, and the reception time is the time when the customer Sano received the measurement data. The measurement value is the measurement value included in the measurement data.

The customer server 4 verifies the time stamp of the measurement data with the device public key of the device 7, confirms that the measurement data, the measurement time, etc. have been tampered with, and registers them in the measurement value database. .

[0126] Next, a procedure for collecting measurement data from the device 7 by the customer Sano will be described with reference to FIG.

This section also explains the point in time when the device 7 switches to the audit mode. The following operation of the device 7 is performed by the tamper resistant unit 20.

First, when the mode switching unit 51 switches the tamper resistant unit 20 to the audit mode, the device 7 connects to the audit server 12 and requests transmission of a time certificate (step 25).

When the audit server 12 receives a time certificate transmission request from the device 7, it creates a time certificate using the time output by the atomic clock and transmits it to the device 7 (step 30).

When the device 7 receives the time certificate from the audit server 12, it checks the digital signature of the time certificate using the audit public key, and then measures the reference time of the time certificate and the internal clock 22. Check that the time label of the time (Fig. 10) matches (step 35). [0128] If the time label does not match the reference time label, in the tamper resistant unit 20, the mode switching unit 51 stops the mode switching, and the device 7 transmits an error message to the customer server 4. As a result, the customer server 4 can detect an abnormality of the device 7.

When the time label matches the reference time, the mode switching unit 51 switches the operation mode of the tamper resistant unit 20 to the synchronous mode.

[0129] When the tamper resistant unit 20 is set to the synchronous mode, the device 7 receives the standard radio wave (step 40) broadcasted by the base station 8 and uses the time sent by the standard radio wave. Correct the clock 22 seconds (step 45).

When the correction of the internal clock 22 in units of seconds is completed, the mode switching unit 51 switches the operation mode of the tamper resistant unit 20 to the stamp mode.

When the tamper resistant unit 20 is switched to the stamp mode, the CPU 29 of the measuring unit 35 transmits the measurement value measured by the measuring device unit 34 to the tamper resistant unit 20. Then, the tamper resistant part 20 generates measurement data using this and transmits it to the customer server 4 (step 50).

The customer server 4 receives the measurement data from the device 7 and stores the measurement value and the like in the measurement value data base (step 60).

[0131] The tamper resistance unit 20 monitors whether the time of the time auditing ability has exceeded the activation time, and if the activation time has not elapsed (step 55; N ), Device 7 returns to Step 50 and continues measurement.

On the other hand, when the activation time has elapsed (step 55; N), the device 7 determines whether or not to continue the infinite loop (step 65).

[0132] When the infinite loop is continued (step 65; Y), the mode switching unit 51 switches the operation mode of the tamper resistant unit 20 to the audit mode, and the device 7 returns to step 25. If the infinite loop is not continued (step 65; Ν), device 7 ends its operation.

Device 7 normally operates continuously in an infinite loop, but automatically stops if the infinite loop is not continued, for example when the usage period is limited and the expiration date has expired.

[0133] Next, the time audit of the device 7 will be described in more detail using the flowchart of FIG. Step 110 to step 140 in FIG. 14 correspond to step 35 in FIG. The device 7 requests a time certificate (step 25), and the audit server 12 transmits the time certificate in response (step 30).

The device 7 receives the time certificate transmitted from the audit server 12 and inputs it to the tamper resistant unit 20.

Then, the device 7 compares the reference time described in the time certificate with the time measured by the internal clock 22 (step 110).

[0134] This comparison is a time label, ie, line by minute, not by second. For example, the time stated in the time certificate is “March 20, 2005, 12:30, 3 seconds, 2 hundred milliseconds”, and the internal clock 22 time is “March 20, 2005, 12:30. If it is “0 seconds, 5 hundred milliseconds”, both units are equal in minutes or more, so device 7 determines that they match.

[0135] If the time described in the time certificate does not match the time of the internal clock 22 (step 115; N), the device 7 returns to step 25 and again returns the time certificate to the audit server 12. Request transmission of.

If both times coincide (step 115; Y), the device 7 checks the validity of the time certificate (step 120).

[0136] This validity is obtained by decrypting the digital signature attached to the time certificate with the public key for audit, restoring the digest, and further using the same function as the audit server 12 from the time certificate (for example, a hash function). The digest is obtained using and the agreement between the two is confirmed.

Also, if the time certificate has an expiration date attached to it, check that it is within the expiration date.

[0137] The reason for comparing the time certificate and the time of the internal clock 22 before confirming the validity of the time certificate is that the time comparison should be performed as quickly as possible.

In other words, if the time is compared after the validity is confirmed, the time of the internal clock 22 is advanced by the time required for the validity confirmation, and the difference from the time described in the time certificate becomes large. Because.

[0138] If the time certificate is valid (step 125; Ν), device 7 returns to step 25. If the time certificate is valid (step 125; Υ), device 7 is the previous certificate. (Figure 9) The reference time described in the above and the reference time described in the time certificate are compared (step 130).

[0139] When the reference time described in the time certificate is earlier than the reference time described in the previous certificate (step 135; N), the device 7 returns to step 25.

On the other hand, when the reference time described in the time certificate is later than the reference time described in the previous certificate (step 135; Y), the time when the previous certificate was received this time Replace by overwriting with a certificate.

[0140] Depending on the status of the communication line, etc., an audit error may occur.

Each time, the process returns to step 25 to request the audit server 12 to issue a time certificate.

Then, when the audit re-execution reaches a predetermined number of times, the audit server 12 transmits a command for stopping the device 7 to the device 7.

As described above, when it is considered that some abnormality has occurred in the device 7, the audit server 12 can stop the device 7.

Next, the measurement process of the device 7 will be described in more detail using the flowchart of FIG. Steps 200 to 220 in FIG. 15 correspond to step 50 in FIG. 13, and steps 225 and 230 in FIG. 15 correspond to step 60 in FIG.

The measurement unit 35 (Fig. 2) of the device 7 monitors the external clock 28, and when the preset measurement time is reached, the measurement unit 34 is instructed to perform measurement and thereby performs measurement ( Step 200).

Note that the timing at which the measurement unit 35 acquires the measurement value from the measurement device unit 34 can be variously set depending on the type and application of the device 7.

[0142] Then, the device 7 provides the measurement value acquired by the measurement unit 35 to the tamper resistant unit 20 via the bus line (step 205).

The tamper resistant unit 20 acquires the time when the measurement value is provided from the internal clock 22, and uses this time as the measurement time of the measurement value (step 210).

[0143] Next, device 7 creates a digest of the device ID, measurement value, measurement time, and other messages in tamper resistant unit 20, and encrypts this with the device private key to generate a time stamp. Issue (Step 215).

Then, the device 7 creates measurement data such as the device, measurement value, measurement time and time stamp, and transmits it to the customer server 4 (step 220).

[0144] When the customer server 4 receives the measurement data from the device 7, the customer server 4 searches the device master for the device ID described in the measurement data, and acquires the device public key of the device 7.

The customer server 4 confirms the time stamp using the device public key (step 225).

When the confirmation of the time stamp is completed, the customer server 4 stores the measurement value and measurement time described in the measurement data in the measurement value database and updates it (step 230).

[0145] As described above, the measurement unit 35 of the device 7 functions as a measurement unit that measures a measurement target, and the internal clock 22 functions as a clock device that measures time.

Then, in the stamp mode, the tamper resistant unit 20 acquires the time when the measurement unit 35 performs measurement from the internal clock 22, and provides the time certification information (time stamp) based on the acquired time for the measurement value. It functions as a means for generating time certification information.

In addition, the EEPROM 25 functions as a secret key storage unit that stores a device secret key out of a device public key and a device secret key paired as an asymmetric encryption key, and the tamper resistant unit 20 stores the device secret key. The time certification information is generated by encrypting the correspondence information (message is digest) that associates the measured value with the time using a predetermined encryption method.

Further, the communication unit 26 functions as a transmission means for transmitting the generated time certification information to a predetermined transmission destination.

[0147] In addition, the device 7 uses the reference time information receiving means for receiving the reference time (standard radio wave etc.) transmitted by the reference time transmitting device (standard radio wave transmitter 11 etc.) and the internal time using the reference time. Time correction means for correcting a time in units of seconds (time in seconds) smaller than a predetermined unit among the times measured by the clock 22 is provided.

Further, the device 7 includes reference time receiving means for receiving a reference time from a predetermined audit server, and the mode switching unit 51 includes the time measured by the internal clock 22 at the time (time label) equal to or more than the predetermined unit. If the received reference time matches, the time certificate If the information generating means is operated and does not match, it functions as an audit result executing means for stopping the time certification information generating means.

[0148] The following effects can be obtained by the present embodiment described above.

(1) Since the device 7 has a built-in time stamp function, it can be assured that the measured value is measured at the time proven by the time stamp.

(2) Since the measurement time at the device 7 cannot be falsified, a reliable time series of measured values can be obtained.

(3) Since the standard radio wave is used to correct the internal clock 22, there is no need to provide a facility for distributing the time for correction.

(4) Since the time cannot be corrected for the unit of seconds or less, tampering of the time label can be prevented.

(5) Since the operation of the tamper resistant part 20 is switched between the security mode (time audit, time stamp issuance) and the general mode (synchronous), security can be improved.

[0149] In this embodiment, the time measured by the internal clock 22 is divided into a time label and a second unit, the time audit is performed on the time label, and the time correction is performed in seconds using the standard radio wave. However, the time distribution server is provided as in the prior art, the time distribution is performed by this, and the time of the internal clock 22 corrected by this is audited. Good.

In addition to water and gas meters, equipment 7 can be used for thermometers for house cultivation, radioactive leak measurement devices at nuclear power plants, and seismometers.

[0150] The device 7 has the following function as a time certification server! /

That is, a clock device that outputs time, first time acquisition means that acquires a time (time label) of a predetermined unit or more among the times output by the clock device, and a reference time distribution that distributes a reference time The reference time receiving means for receiving the reference time from the server (audit server 12) and the time acquired by the first time acquisition means at the time equal to or greater than the predetermined unit and the received reference time match. By confirming that the timepiece device operates with accuracy within a predetermined range! /, And a client device (measurement Unit 35), the proof object information receiving means for receiving the proof object information as the time proof object, and the time proof information of the received proof object information using the time output by the timepiece device that has verified the accuracy ( There is provided a time proof server comprising: time proof information generating means for generating (time stamp); and time proof information transmitting means for transmitting the generated time proof information to a predetermined transmission destination. First configuration).

In the first configuration, when the reference time used for the verification is confirmed to be a time later than the reference time used in the previous verification, the verification unit has a predetermined range. It can also be configured to verify that it operates with accuracy (second configuration).

In the first configuration or the second configuration, the clock device measures using the correction time acquisition means for acquiring the correction time from the correction time generator (standard radio wave transmitter 11) and the acquired correction time. Time correction means for correcting a time in units of seconds (seconds) smaller than the predetermined unit of the time, and the time certification information generation means uses the configured time to It can also be configured to generate proof information (third configuration).

In the first configuration, the second configuration, or the third configuration, it may be configured to include predetermined unit changing means for changing the predetermined unit (fourth configuration).

In the third configuration, there is provided an operation mode switching unit that switches between a first operation mode in which the verification unit and the time certification information generation unit operate and a second operation mode in which the time correction unit operates. The operation mode switching means may be configured to switch the operation mode after the operation is completed in each operation mode (fifth configuration).

In the fifth configuration, the first operation mode includes a verification mode in which the verification unit verifies the timepiece device, a time certification information generation mode in which the time certification information generation unit generates the time certification information, The operation mode switching means may be configured to switch the operation mode to the mode switching destination after the operation of the mode switching source is completed in the switching between the verification mode and the time certification information generation mode. Yes (sixth configuration). [0151] [Installation of handset]

Next, the case where a slave unit is installed in the device 7 installed as described above will be described. FIG. 16 is a block diagram showing the information processing system 1 in which the slave unit 9 is connected using the device 7 as a master unit. FIG.

The device 7 can be directly connected to a plurality of slave units 9 and can be connected to more slave units 9 via the slave units 9.

In the present embodiment, the connection between the device 7 and the slave unit 9 and the connection between the slave unit 9 and the slave unit 9 are wireless, but they may be wired.

[0152] In the information processing system 1, the slave unit 9 transmits the measurement value to the device 7, and the device 7 adds a time stamp thereto and transmits it to the customer server 4.

In this way, the customer server 4 can collect the measurement values to which the time stamp is given from the device 7 or the slave unit 9.

FIG. 17 is a block diagram showing an example of a hardware configuration of slave unit 9.

The configuration of the slave unit 9 is substantially the same as that of the device 7 shown in FIG. For this reason, the corresponding components are denoted by the same reference numerals as those of the device 7, and overlapping descriptions are simplified or omitted.

The EEPROM 25 stores an asymmetric encryption key generation program, a slave device private key, a slave device certificate, a connection request program, a common key, a CA public key certificate, and the like.

The asymmetric encryption key generation program is a program for generating a pair of the slave unit private key and the slave unit public key. When the CPU 21 executes this program, the pair of the slave unit private key and the slave unit public key is protected. It is generated in the tamper section 20.

Then, after the child machine secret key is generated, it is stored in the EEPROM 25. Thus, the EE PROM 25 constitutes a handset secret key storage means.

[0155] The slave unit certificate is an encrypted slave unit public key certificate obtained by encrypting the slave unit public key certificate of the slave unit public key with the verification server public key, or a child unit ID such as the slave unit ID. The machine-specific information is digitally signed by CA3 with the CA private key. Thus, the EEPROM 25 constitutes an encrypted slave public key storage means.

The connection request program is a program used when connecting the slave unit 9 to the device 7. Machine The device 7 also stores a child device connection program that accepts a connection request from the child device 9, and the device 7 and the child device 9 are connected when these programs function in cooperation.

[0156] The common key is a common key transmitted from the device 7 when connecting to the device 7, and the slave unit 9 encrypts the measured value with the common key when transmitting the measured value to the device 7. Sent and transmit, and also decrypt the information sent from device 7 (encrypted with the common key! /) With the common key.

The CA public key certificate is a CA3 public key certificate. Although not shown, a root certificate is also stored in the EEPROM 25.

[0157] Next, the overall configuration of the procedure up to the installation of the pre-shipment processing power of the slave unit 9 will be described with reference to FIG. The order of the procedures is shown in parentheses in the figure, and will be explained in the following order. Note that the device 7 is already installed in the information processing system 1. Steps (1) to (4) are operations performed before installation of the slave unit 9 (preferably before shipment to the customer).

(1) (Generation of asymmetric encryption key pair of handset private key and handset public key)

When the hardware of the slave unit 9 is completed, the worker in charge operates the slave unit 9 to execute the asymmetric encryption key generation program, and in the tamper resistant unit 20, sets a pair of the slave unit private key and the slave unit public key to the CPU 21. Generate.

Then, the handset 9 stores the generated handset private key in a predetermined area of the EEPROM 25.

[0158] (2) (Send device public key transmission)

The slave unit 9 is connected to the CA 3 in charge of the slave unit 9 by the person in charge of work, and transmits the generated slave unit public key and slave unit specific information (slave unit ID, etc.) to the CA 3.

(3) (Write handset certificate)

When CA3 receives the handset public key from handset 9, CA3 digitally signs it with the CA private key and creates a handset public key certificate.

Further, CA3 stores the verification server public key, and encrypts the slave unit public key certificate by using a predetermined encryption method to create a cryptographic slave unit public key certificate.

Then, CA3 creates a slave unit certificate by digitally signing the encryption slave unit public key certificate and other information (slave unit specific information, etc.), and transmits it to slave unit 9. The slave unit 9 receives the slave unit certificate from the CA 3 and stores it in the EEPROM 25.

(4) (Shipping)

The slave unit 9 stores the slave unit certificate, and is shipped to the customer. Thereafter, the slave unit 9 is managed by the customer.

[0159] (5) (Connection request)

After the child machine 9 is shipped, it is installed at the installation site by the person in charge of installation. Since the range in which the device 7 and the child device 9 can perform wireless communication is limited, the child device 9 is installed within the communication range of the parent device 7 (for example, a radius of 100 meters from the device 7). .

In the slave unit 9, after being installed at the installation location, the connection request program is started by the person in charge of installation.

[0160] When the connection request program is activated, the slave unit 9 detects the device 7 within the communication range.

Then, the slave unit 9 sends a connection request to the detected device 7 and transmits a slave unit certificate to the device 7. As described above, the slave unit 9 includes an encryption slave unit public key (included in the slave unit certificate) transmission means.

When a plurality of devices 7 are detected, the slave unit 9 acquires, for example, the device ID of each device 7 and displays it on the display device, and allows the installation person to select the device 7 to be connected.

[0161] (6) (Send client certificate to customer server 4)

The device 7 receives the handset certificate from the handset 9 (encrypted handset public key receiving means) and confirms the digital signature with the CA public key. Then, the device 7 connects to the customer server 4 and transmits the slave unit certificate to the customer server 4.

As described above, the device 7 includes the encryption slave unit public key transmission unit that transmits the encryption slave unit public key to a predetermined transmission destination. In the present embodiment, the predetermined transmission destination is the customer server 4, but various modified examples such as direct transmission to the verification server 5 are conceivable.

Customer server 4 receives the slave certificate from device 7. Thus, the device 7 is provided with the encryption slave device public key receiving means!

The customer server 4 can obtain the device ID from the device 7 and obtain the child device ID from the child device certificate. The customer server 4 confirms the legitimacy by the digital signature when receiving the slave unit certificate. Then, the customer server 4 confirms whether the combination of the device 7 and the slave unit 9 is registered in advance using the slave unit master.

As shown in FIG. 19, the slave device master predefines the slave device 9 connected to the device 7 by a combination of the device ID and the slave device ID, and constitutes a correspondence storage means. In the slave unit master, the validity of the slave unit 9 is also registered, and those that can be used are set to valid, and those that are not used are set to invalid.

[0164] Customer server 4 determines that the combination of the device ID and the child device ID received from device 7 matches the one specified in the child device master, and the validity of the child device is valid. Continue processing. On the other hand, if at least one of these conditions is not satisfied, an error message is transmitted to the device 7.

That is, the device 7 is provided with correspondence confirmation means for confirming whether or not the device 7 and the child device ⁹ are associated with each other by the child device master.

In this way, by setting the slave unit 9 connected to the device 7 in advance by the customer and prescribing the slave unit master as a master unit, installation of the slave unit 9 due to impersonation or erroneous installation of the slave unit 9 can be prevented.

[0165] (7) (Send slave certificate to verification server 5)

Returning to FIG. 18, the customer server 4 transmits the slave unit certificate to the verification server 5 after confirming by the slave unit master. As described above, the device 7 includes an encryption slave unit public key transmission unit.

(8) (Slave unit public key transmission to customer server 4)

When the verification server 5 receives the slave certificate from the customer server 4, it verifies the legitimacy by the digital signature.

Then, the verification server decrypts the encryption slave unit public key certificate included in the slave unit certificate with the verification server private key and transmits it to the customer server 4.

The verification server 5 sends an error message to the customer server 4 when it is impossible to decrypt the encryption device public key certificate or when the authenticity of the device certificate or the like cannot be confirmed.

[0166] (9) (Transmission of handset public key to device 7)

When customer server 4 receives the slave unit public key from verification server 5, it forwards it to device 7. To do.

(10) (Send common key)

The device 7 receives the slave unit public key from the customer server 4 (slave unit public key receiving means) and temporarily stores it in the RAM 24. The device 7 generates a common key by generating a random number, temporarily stores it, encrypts it with the handset public key, and transmits it to the handset 9.

The slave unit 9 receives the encryption key common key from the device 7, decrypts it with the slave key and restores the common key.

Thereafter, the device 7 and the slave unit 9 encrypt information using this common key and communicate. That is, of the device 7 and the slave device 9, the information transmitting side encrypts and transmits information with the common key, and the information receiving side decrypts the information with the common key.

[0167] In the above example, the device 7 transmits the encryption slave unit public key certificate to the verification server 5 via the customer server 4, and further receives the slave unit public key via the customer server 4. However, this is not limited.For example, device 7 connects to verification server 5, and device 7 directly transmits the encryption slave unit public key certificate to verification server 5. The key can also be received directly from the verification servo 5.

[0168] Further, the customer server 4 is configured to sequentially transmit the encrypted slave unit public key to the verification server 5 when it receives the encrypted slave unit public key from the device 7. It can be configured by receiving and storing the keys and sending them to the verification server 5 in a batch by a notch process.

Next, a procedure for connecting the slave unit 9 to the device 7 will be described using the flowchart of FIG. In the following, the information processing performed by the slave unit 9 is mainly performed by the CPU 21 in the tamper resistant part 20 (FIG. 17).

The processing before shipping of the slave unit, such as generating a pair of the slave unit public key and the slave unit private key in the slave unit 9, is the same as that of the device 7, and the description thereof is omitted.

When the slave unit 9 is installed at the installation location, the person in charge of the operation operates the input unit 32 (Fig. 17) to start the connection request program. Then, the slave unit 9 searches for a device 7 existing in the vicinity and makes a connection request to the searched device 7.

[0170] On the other hand, when there is a connection request from the slave unit 9, the device 7 records in advance in the tamper resistant part 20 (Fig. 2). Start up the memorized slave unit connection program and perform the following series of information processing in cooperation with the slave unit 9. First, when the slave unit connection program is started on the device 7, the slave unit 9 uses the EEPROM 25 to verify the slave unit. The document is read and transmitted to the device 7 (step 305).

[0171] Upon receiving the handset certificate from handset 9, device 7 verifies the digital signature using the CA public key and confirms the legitimacy of the handset certificate.

If the legitimacy cannot be confirmed, the device 7 sends an error message to the slave unit 9. When the legitimacy is confirmed, the customer server 4 is connected using the customer server connection information. At this time, the device ID of the device 7 is notified to the customer server 4. If the device 7 and the customer server 4 are always connected, there is no need to newly connect! /.

After connecting to the customer sano, the device 7 transmits the handset certificate received from the handset 9 to the customer sano (step 310).

[0172] When customer server 4 receives the slave certificate from device 7, customer server 4 verifies the digital signature using the CA public key.

Next, the combination of the device ID of device 7 and the slave device ID described in the slave device certificate of slave device 9 is searched in the slave device master (Fig. 19), and is this combination defined in advance in the slave device master? Confirm whether or not (step 315).

If the combination cannot be confirmed, the customer server 4 transmits an error message to the device 7, and this error message is further transmitted from the device 7 to the slave unit 9.

If the combination is confirmed, the customer server 4 connects to the verification server 5 and transmits the slave unit certificate (step 320).

[0173] When the verification server 5 receives the client certificate from the customer server 4, it verifies the digital signature with the CA public key.

Next, the encryption device public key certificate included in the child device certificate is decrypted with the verification server private key stored in advance, and the child device public key certificate is restored (step 325).

Next, the verification server 5 verifies the digital signature of the slave unit public key certificate using the CA public key, and confirms the legitimacy of the slave unit public key certificate.

[0174] If the handset certificate or handset public key certificate is not authentic, the verification server 5 An error message is transmitted to the customer server 4, and this error message is further transmitted to the slave unit 9 via the device 7.

If the slave unit public key certificate is authentic, the verification server 5 transmits the slave unit public key to the customer server 4 (step 330).

[0175] Customer server 4 receives the slave public key from verification server 5 and transmits it to device 7 (step 335).

When the device 7 receives the child device public key from the customer server 4, the device 7 generates a common key and encrypts it with the child device public key to generate an encryption common key (step 340). Then, the device 7 transmits the encryption key common key to the child device 9 (step 345).

[0176] Upon receiving the encryption key common key from device 7, handset 9 decrypts it using the handset private key stored in EEPROM 25 and restores the common key (step 350).

In this way, the device 7 and the child device 9 can share the common key, and thereafter, the device 7 and the child device 9 communicate by encrypting / decrypting information to be transmitted / received with the common key.

In this way, after confirming that the device 7 and the child device 9 share the common key, the device 7 stores the child device specific information and address of the child device 9 in the EEPROM 25 (FIG. 2), and the child device. 9 is officially registered as its own handset. In this way, the device 7 and the slave unit 9 are connected (step 355).

Next, a modified example of the connection method between the slave unit 9 and the device 7 will be described using the flowchart of FIG.

In the embodiment described above, the combination of the device 7 and the child device 9 is defined in advance in the child device master. However, in this modification, an arbitrary child device 9 is connected to the device 7 and the device 7 and the child device 9 are combined. The slave unit master is dynamically updated according to the combination of slave units 9.

Steps common to those in FIG. 20 are denoted by the same step numbers, and description thereof will be simplified or omitted.

[0178] Steps 305 and 310 are the same as in FIG.

Next, when the customer sano receives the handset certificate from the device 7, the customer Sano temporarily associates the handset ID of the handset 9 with the device ID of the device 7 (step 360). In the slave unit master of this modification, the device ID and the slave unit ID are not associated at first. In step 360, the correspondence between the device ID and the slave unit ID is stored.

[0179] Steps 320 to 355 are the same as those in FIG.

When the device 7 establishes a connection with the child device 9, the device 7 transmits a connection notification indicating that the child device 9 is connected to the customer server 4 (step 365).

When the customer server 4 receives the connection notification from the device 7, the customer server 4 determines the combination of the device ID of the device 7 and the child device ID of the child device 9 that are temporarily registered in the slave device master, (Step 370).

[0180] In this modification, the combination of the device 7 and the child device 9 is not defined in advance by the device master.

Although the combination of the device 7 and the child device 9 cannot be confirmed, since any child device 9 can be connected to the device 7, the operation flexibility of the child device 9 is increased.

[0181] The following effects can be obtained by the slave unit setting method described above.

(1) Since the customer installs and manages the handset, the supplier of equipment 7 and handset 9 should manage information related to equipment 7 (device public key, etc.)!

(2) By registering the combination of the device 7 and the slave unit 9 in advance by the slave unit master, it is possible to suppress erroneous installation of the spoofed slave unit 9 of the slave unit 9.

(3) The device 7 can authenticate the slave unit by requesting the verification server 5 to verify the slave unit certificate.

(4) A plurality of slave units 9 can be installed in the device 7, and the flexibility of installation of measuring devices by the device 7 and the slave units 9 can be increased.

Brief Description of Drawings

[0182] FIG. 1 is a block diagram showing an example of a network configuration of an information processing system according to the present embodiment.

FIG. 2 is a block diagram showing an example of the hardware configuration of the device.

FIG. 3 is a block diagram showing an example of a hardware configuration of a verification server.

FIG. 4 is a diagram showing an example of a logical configuration of a device registration database.

FIG. 5 is a diagram for explaining the overall procedure from installing the device to connecting to the customer server.

FIG. 6 is a flowchart for explaining a procedure of processing performed before shipping the device. FIG. 7 is a flowchart for explaining the procedure from installing the device at the installation site to connecting to the customer server.

FIG. 8 is a block diagram showing a part related to the operation of the information processing system.

FIG. 9 is a block diagram showing the relationship among devices, audit servers, and customer servers.

FIG. 10 is a diagram for explaining internal clock correction.

FIG. 11 is a diagram for explaining a mode switching operation of a mode switching unit.

FIG. 12 is a diagram showing a logical configuration of a device master and a measurement value database.

FIG. 13 is a flowchart for explaining the procedure for customer Sano to collect measurement data from device 7.

FIG. 14 is a flowchart for explaining a time audit procedure.

FIG. 15 is a flowchart for explaining a measurement processing procedure.

FIG. 16 is a diagram showing a place where devices and slave units are connected in the information processing system.

FIG. 17 is a block diagram showing an example of a hardware configuration of a slave unit.

FIG. 18 is a diagram for explaining a procedure until a slave unit is installed.

FIG. 19 is a diagram showing an example of a logical configuration of a slave unit master.

FIG. 20 is a flowchart for explaining a procedure for connecting a slave unit to a device.

FIG. 21 is a flowchart for explaining a modification of a procedure for connecting a slave unit to a device. Explanation of symbols

1 Information processing system

2 Parent CA

3 CA

4 Customer server

5 Verification server

6 Device registration server

7 Equipment

8 Base station

9 Handset

10 network Audit server mode switching part

Claims

The scope of the claims

[1] A verification server connected to a network and storing a verification server private key, an encrypted slave public key obtained by encrypting a slave public key with a verification server public key paired with the verification server private key, and An information processing system configured using a slave device terminal that stores a slave device secret key that is paired with a slave device public key, and a terminal device that is connected to the network and communicates with the slave device terminal. Terminal equipment to be used,

An encrypted handset public key receiving means for receiving the encrypted handset public key from the handset terminal;

An encryption slave unit public key transmission means for transmitting the received encryption slave unit public key to a predetermined destination;

A slave unit public key receiving means for receiving a slave unit public key obtained by decrypting the encrypted slave unit public key transmitted by the verification server with the verification server private key;

A terminal device comprising:

[2] The terminal device according to claim 1, wherein a common key is generated, and the generated common key is encrypted using the received handset public key and transmitted to the handset terminal. .

[3] The encrypted slave device public key transmission means transmits the encrypted slave device public key to the verification server via the information processing server,

3. The terminal device according to claim 1, wherein the slave unit public key receiving unit receives the slave unit public key from the verification server via the information processing server.

[4] A verification server that is connected to a network and stores a verification server private key; an encrypted public key that is encrypted with a verification server public key that is paired with the verification server private key; Used in an information processing system configured using a handset terminal that stores a handset secret key that is paired with a handset public key and a terminal device that is connected to the network and communicates with the handset terminal. A handset terminal,

An encrypted slave device public key storage means for storing an encrypted slave device public key obtained by encrypting the slave device public key with the verification server public key;

A handset secret key storage means for storing a handset secret key paired with the handset public key; An encryption slave unit public key transmission means for transmitting the stored encryption slave unit public key to the terminal device;

A slave terminal characterized by comprising:

[5] An encrypted common key encrypted using a slave unit public key obtained by decrypting the transmitted encrypted slave unit public key is received from the terminal device, and the stored slave unit 5. The slave terminal according to claim 4, wherein a secret key is used to decrypt the common key from the received encrypted common key.

[6] A verification server that is connected to a network and stores a verification server private key; an encrypted public key that is encrypted with a verification server public key that is paired with the verification server private key; A handset terminal that stores a handset secret key that is paired with a handset public key, a terminal device that is connected to the network and communicates with the handset terminal, and information processing that communicates with the terminal device via a network And an information processing server used by an information processing system configured using the server,

Correspondence storage means for storing correspondence between the terminal device and the slave terminal;

An encryption device public key receiving means for receiving the encryption device public key stored in the child device terminal from the terminal device;

A correspondence confirmation means for confirming whether or not the terminal device and the slave terminal are associated with each other by the correspondence storage means;

An encryption handset public key transmission means for sending the received encrypted handset public key to the verification server when the correspondence checking means associates the terminal device with the handset terminal;

An information processing server comprising:

[7] A verification server that is connected to the network and stores the verification server private key, an encrypted public key that is encrypted with a verification server public key that is paired with the verification server private key, and Used in an information processing system configured using a handset terminal that stores a handset secret key that is paired with a handset public key and a terminal device that is connected to the network and communicates with the handset terminal. An information processing method performed by a terminal device,

The terminal device includes an encrypted slave device public key receiving means, an encrypted slave device public key transmitting means, A handset public key receiving means,

An encryption slave device public key receiving step of receiving the encrypted slave device public key from the slave device by the encrypted slave device public key receiving means;

An encrypted slave unit public key transmission step of transmitting the received encrypted slave unit public key to a predetermined transmission destination by the encrypted slave unit public key transmission unit;

A slave unit public key receiving step for receiving a slave unit public key obtained by decrypting the encrypted slave unit public key transmitted by the verification server with the verification server private key by the slave unit public key receiving unit;

An information processing method comprising:

[8] A verification server that is connected to the network and stores the verification server private key, and a cryptographic slave unit public key obtained by encrypting the slave unit public key with the verification server public key that is paired with the verification server private key; An information processing system configured using a child device terminal that stores a child device secret key that is paired with the child device public key and a terminal device that is connected to the network and communicates with the child device terminal. An information processing method performed by a slave terminal used,

The handset terminal includes an encrypted handset public key storage means, a handset secret key storage means, and an encrypted handset public key transmission means,

An encryption slave unit public key storage step for storing an encryption slave unit public key obtained by encrypting a slave unit public key with a verification server public key by the encrypted slave unit public key storage unit; A handset secret key storage step for storing a handset secret key paired with the handset public key by means of a secret key storage means;

An encrypted slave device public key transmitting step of transmitting the stored encrypted slave device public key to the terminal device by the encrypted slave device public key transmitting means;

An information processing method comprising:

[9] A verification server that is connected to the network and stores the verification server private key, and a cryptographic slave unit public key obtained by encrypting the slave unit public key with the verification server public key paired with the verification server private key; Communicating with the terminal device via a network, a handset device storing a handset private key paired with the handset public key, a terminal device connected to the network and communicating with the handset terminal And an information processing system configured using an information processing server. An information processing method performed by an information processing server used by the information processing server, wherein the information processing server stores correspondence between the terminal device and the handset terminal, encrypted handset public key receiving means, and correspondence checking means And an encryption handset public key transmission means,

An encryption slave unit public key receiving step of receiving, from the terminal device, the encryption slave unit public key stored in the slave unit terminal by the encrypted slave unit public key receiving unit;

A correspondence confirmation step of confirming whether or not the terminal device and the slave terminal are associated with each other by the correspondence storage means by the correspondence confirmation means;

When the terminal device and the slave terminal are associated with each other in the correspondence checking step, the encrypted slave unit public key transmission means sends the received encrypted slave unit public key to the verification server. A cipher machine public key sending step for sending;

An information processing method comprising: