WO2010106860A1 - Communication system, certificate verifying apparatus, and service providing method - Google Patents

Communication system, certificate verifying apparatus, and service providing method Download PDF

Info

Publication number
WO2010106860A1
WO2010106860A1 PCT/JP2010/052213 JP2010052213W WO2010106860A1 WO 2010106860 A1 WO2010106860 A1 WO 2010106860A1 JP 2010052213 W JP2010052213 W JP 2010052213W WO 2010106860 A1 WO2010106860 A1 WO 2010106860A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
certificate
verification
unit
service providing
Prior art date
Application number
PCT/JP2010/052213
Other languages
French (fr)
Japanese (ja)
Other versions
WO2010106860A9 (en
Inventor
光浩 笈川
厚 大塚
信治 三浦
信夫 五十嵐
克之 梅澤
順史 木下
Original Assignee
日立公共システムエンジニアリング株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立公共システムエンジニアリング株式会社 filed Critical 日立公共システムエンジニアリング株式会社
Publication of WO2010106860A1 publication Critical patent/WO2010106860A1/en
Publication of WO2010106860A9 publication Critical patent/WO2010106860A9/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to a signature data verification technique.
  • a mobile phone that cannot read the IC card can provide the service from the service provider. I can't receive it.
  • the present invention provides a technology that allows a service provider to easily receive verification with a highly reliable electronic certificate.
  • a communication system including a user device and a service providing device that provides a service to the user device
  • the control unit of the service providing apparatus includes, from the user apparatus, signature data signed with a first private key (Private key) and a public key of a first public key paired with the first private key
  • the signature data and the first user certificate are successfully verified to provide a service to the user device.
  • the signature data signed with a second secret key different from the first secret key and the public key certificate of the second public key paired with the second secret key from the user device When the second user certificate is sent, the first user certificate associated with the second user certificate is successfully verified, so that the use Providing a service to a user device.
  • FIG. 1 is a diagram illustrating an outline of a communication system 100.
  • the figure which illustrates the outline of the mobile telephone terminal 290. 2 is a diagram illustrating an outline of a certificate authority device 3.
  • the sequence diagram which illustrates the registration process of a user certificate The sequence diagram which illustrates the registration process of a user certificate.
  • the sequence diagram which illustrates the authentication process at the time of service utilization The sequence diagram which illustrates the update process of association of a user certificate.
  • the sequence diagram which illustrates the change process of certificate correlation The sequence diagram which illustrates the change process of certificate correlation.
  • the sequence diagram which illustrates the cancellation process of the association of a user certificate The sequence diagram which illustrates the cancellation process of the association of a user certificate.
  • the flowchart which illustrates a user certificate verification process.
  • the sequence diagram which illustrates the verification process of a user certificate The sequence diagram which illustrates the verification process of a user certificate.
  • FIG. 1 is a schematic diagram of a communication system 100 according to an embodiment of the present invention.
  • the communication system 100 includes a first user device 1, a second user device 2, a first certificate authority device 3A, a second certificate authority device 3B, a service providing device 4, and user information.
  • a management device 5, a providing side certificate verification device 6, a first certificate verification device 7 A, and a second certificate verification device 7 B are provided, and these transmit and receive information to and from each other via the network 8. Have been able to.
  • FIG. 2 is a schematic diagram of the first user device 1.
  • the first user device 1 includes a storage unit 101, a control unit 102, an input unit 108, an output unit 109, a communication unit 110, and a user authentication device input / output unit 111. Prepare.
  • the storage unit 101 stores information necessary for processing in the first user device 1.
  • the control unit 102 includes an overall control unit 103, a service use unit 104, a user authentication device control unit 105, and a first user device authentication unit 106.
  • the overall control unit 103 controls the entire processing in the first user device 1. For example, in this embodiment, processing such as file management, process management, and device management is performed.
  • the service using unit 104 controls processing for receiving service provision from the service providing apparatus 4 via the network 8.
  • the service is described as being provided on the Web, but the present invention is not limited to the Web form.
  • the service using unit 104 performs processing using a Web browser, downloads an HTML file, an image file, a music file, etc. released to a Web server on the network, analyzes the layout, displays or reproduces the file, etc. And using a form to send data to a Web server, and run a program written in a predetermined programming language (for example, including an object-oriented language such as Java (registered trademark)) It is also possible to make it.
  • a function for performing cryptographic processing necessary for performing SSL or TLS communication, and processing for managing a key and a user certificate are also performed.
  • the user authentication device control unit 105 communicates with the user authentication device 120 as shown in FIG. 4 (schematic diagram of the user authentication device 120) via a user authentication device input / output unit 111 described later. Controls the process of inputting and outputting information between them.
  • the first user device authentication unit 106 controls authentication processing in the first user device 1. For example, the first user device authentication unit 106 transmits / receives information to / from the user authentication device 120, acquires electronic signature data and a user certificate necessary for authentication when using the service, and The data is output to the utilization unit 104.
  • the input unit 108 receives input of information.
  • the output unit 109 outputs information.
  • the communication unit 110 transmits and receives information via the network 8.
  • the user authentication device input / output unit 111 inputs / outputs information to / from the user authentication device 120 as shown in FIG.
  • the first user device 1 described above includes, for example, a CPU (Central Processing Unit) 181, a memory 182, an HDD (Hard Disk Drive), etc. as shown in FIG. 3 (schematic diagram of the computer 180).
  • a storage device 183 a reading device 185 for reading / writing information from / to a portable storage medium 184 such as a CD (Compact Disk) or a DVD (Digital Versatile Disk), an input device 186 such as a keyboard or a mouse, a display, etc.
  • Reader / writer for reading / writing information from / to a storage medium such as an IC card in a general computer 180 having an output device 187 and a communication device 188 such as a NIC (Network Interface Card) for connecting to a communication network This can be realized by connecting the writer 184.
  • a storage medium such as an IC card in a general computer 180 having an output device 187 and a communication device 188 such as a NIC (Network Interface Card) for connecting to a communication network
  • NIC Network Interface Card
  • the storage unit 101 can be realized by the CPU 181 using the memory 182 or the external storage device 183, and the control unit 102 loads a predetermined program stored in the external storage device 183 to the memory 182.
  • the input unit 108 can be realized by using the input device 186 by the CPU 181, and the output unit 109 can be realized by using the output device 187 by the CPU 181.
  • the communication unit 110 can be realized by the CPU 181 using the communication device 188, and the user authentication device 111 can be realized by the CPU 181 using the reader / writer 189.
  • the predetermined program is downloaded from the storage medium 184 via the reading device 185 or from the network via the communication device 188 to the external storage device 183, and then loaded onto the memory 182 and executed by the CPU 181. You may do it. Alternatively, the program may be directly loaded on the memory 182 from the storage medium 184 via the reading device 185 or from the network via the communication device 188 and executed by the CPU 181.
  • FIG. 4 is a schematic diagram of the user authentication device 120. As illustrated, the user authentication device 120 includes a storage unit 121, a control unit 125, and an I / F unit 129.
  • the storage unit 121 includes a first user private key storage area 122 and a first user certificate storage area 123.
  • the first user private key storage area 122 stores information for specifying a private key paired with the public key included in the user certificate stored in the first user certificate storage area 123 described later.
  • the first user certificate storage area 123 information specifying a user certificate including a public key paired with the private key stored in the first user private key storage area 122 is stored.
  • the first user certificate storage area 123 stores a user certificate issued by the first certificate authority device 3A described later.
  • the user certificate describes the public key of the user and information for identifying the user, and the electronic signature is given using the private key of the certificate authority with these information as the scope of signature. Data.
  • the control unit 125 includes an overall control unit 126 and a device authentication unit 127.
  • the overall control unit 126 controls the entire processing in the user authentication device 120.
  • the device authentication unit 127 When the device authentication unit 127 receives a request to generate electronic signature data from the first user device 1 via the I / F unit 129, the device authentication unit 127 obtains the secret key stored in the first user secret key storage area 122. When the electronic signature is generated and the user certificate output request is received from the first user device 1 via the I / F unit 129, the usage stored in the first user certificate storage area 123 is used. Process to output the user certificate.
  • the I / F unit 129 inputs / outputs information to / from the user authentication device input / output unit 111 of the first user device 1.
  • the user authentication device 120 described above is an interface for transmitting / receiving data to / from an IC unit 191 having a CPU 192 and an external storage device 193 as shown in FIG. 5 (schematic diagram of an IC card 190). / F195 and an IC card 190.
  • control unit 125 can be realized by the CPU 192 of the IC unit 191
  • storage unit 121 can be realized by using the external storage device 193 by the CPU 192 of the IC unit 191
  • I / F unit 129 can be This can be realized by the CPU 192 of the IC unit 191 using the I / F 195.
  • FIG. 6 is a schematic diagram of the second user device 2.
  • the second user device 2 includes a storage unit 201, a control unit 205, an input unit 210, an output unit 211, and a wireless communication unit 212.
  • the storage unit 201 includes a second user private key storage area 202 and a second user certificate storage area 203.
  • the second user private key storage area 202 stores information for specifying a private key paired with the public key included in the user certificate stored in the second user certificate storage area 203 described later.
  • the second user secret key storage area 202 stores a secret key generated in the second certificate authority device 3B described later.
  • the second user certificate storage area 203 In the second user certificate storage area 203, information for specifying a user certificate including a public key paired with the private key stored in the second user private key storage area 202 is stored.
  • the second user certificate storage area 203 stores a user certificate issued by the second certificate authority device 3B described later.
  • the control unit 205 includes an overall control unit 206, a service use unit 207, and a second user device authentication unit 208.
  • the overall control unit 206 controls the entire processing in the second user device 2. For example, in this embodiment, processing such as file management, process management, and device management is performed.
  • the service using unit 207 controls processing for receiving service provision from the service providing apparatus 4 via the network 8.
  • the service is described as being provided on the Web, but the present invention is not limited to the Web form.
  • the service using unit 207 performs processing using a Web browser, downloads an HTML file, an image file, a music file, and the like released to a Web server on the network, analyzes the layout, displays or reproduces the file, and the like. And using a form to send data to a Web server, and run a program written in a predetermined programming language (for example, including an object-oriented language such as Java (registered trademark)) It is also possible to make it.
  • a function for performing cryptographic processing necessary for performing SSL or TLS communication, and processing for managing a key and a user certificate are also performed.
  • the second user device authentication unit 108 controls authentication processing in the second user device 2. For example, in the present embodiment, an electronic signature is generated using a private key stored in the second user private key storage area 202, and a use stored in the second user certificate storage area 203 is used. The process of outputting the user certificate to the service using unit 207 is performed.
  • the input unit 210 receives input of information.
  • the output unit 211 outputs information.
  • the wireless communication unit 212 connects to the network 8 via wireless and transmits / receives information.
  • the second user device 2 described above includes, for example, a CPU 291, a memory 292, an external storage device 293, and an input device 294 such as a key device as shown in FIG. 7 (schematic diagram of the mobile phone terminal 290).
  • a general portable device including an output device 295 such as a display, a radio communication device 296 including an RF (Radio Frequency) unit, a BB (Base Band) unit, and a MAC (Media Access Controller) unit, and an antenna 297. This can be realized by the telephone terminal 290.
  • the storage unit 201 can be realized by the CPU 291 using the memory 292 or the external storage device 293, and the control unit 205 loads a predetermined program stored in the external storage device 293 into the memory 292.
  • the input unit 218 can be realized by using the input device 294 by the CPU 291, and the output unit 211 can be realized by using the output device 295 by the CPU 291.
  • the wireless communication unit 212 can be realized by the CPU 291 using the wireless communication device 296 and the antenna 297.
  • the predetermined program may be downloaded from the network to the external storage device 293 via the wireless communication device 296, and then loaded onto the memory 292 and executed by the CPU 291. Alternatively, it may be directly loaded onto the memory 292 from the network via the wireless communication device 296 and executed by the CPU 291.
  • the first certificate authority device 3A and the second certificate authority device 3B issue the user's electronic certificate.
  • the domain of the electronic certificate issued by the first certificate authority device 3A will be described as domain A
  • the domain of the electronic certificate issued by the second certificate authority device 3B will be described as domain B.
  • domain A and domain B do not perform mutual authentication, and the certification paths configured when verifying the electronic certificate are independent of each other.
  • an electronic certificate having high reliability for a service provider who provides a service via the service providing apparatus 4 is a domain A
  • an electronic certificate having no high reliability is a domain B.
  • the electronic certificate of domain A will be described as being stored in a secure device such as an IC card and used using a computer such as a PC.
  • the domain B electronic certificate is stored in an IC chip connected to the mobile phone terminal, and is used using the mobile phone terminal.
  • first certificate authority device 3A and the second certificate authority device 3B have the same functional configuration, these functional configurations will be described with reference to FIG. 8 (schematic diagram of the certificate authority device 3).
  • FIG. 8 is a schematic diagram of the certificate authority device 3. As illustrated, the certificate authority device 3 includes a storage unit 301, a control unit 307, an input unit 312, an output unit 313, and a communication unit 314.
  • the storage unit 301 includes a certificate authority private key storage area 302, a certificate authority certificate storage area 303, a user certificate storage area 304, and a certificate revocation information storage area 305.
  • the certification authority private key storage area 302 information for identifying a certification authority private key that is a private key owned by the certification authority 3 is stored.
  • the CA private key is an encryption key used to give an electronic signature of the CA 3 when issuing a user certificate (public key certificate).
  • the certificate authority private key is secret key information owned by the certificate authority of each domain, and is securely managed in the certificate authority of each domain. In the present embodiment, management is performed inside the storage unit 301 of the certificate authority device 3, but management may be performed using a dedicated device having tamper resistance such as a hardware security module.
  • the certificate authority certificate storage area 303 stores information for specifying a certificate authority certificate that is a public key certificate of the certificate authority 3 corresponding to the certificate authority private key stored in the certificate authority private key storage area 302. .
  • the certificate authority certificate is a self-signed public key certificate issued by the certificate authority 3 to itself.
  • the public key described in the public key certificate and the CA private key form a pair of keys.
  • the user certificate storage area 304 stores information for specifying a user certificate that is an electronic certificate issued to the user.
  • the certificate revocation information storage area 305 information specifying revocation information related to the user certificate issued by the certificate authority 3 is stored.
  • the certificate revocation information is information used to confirm whether the user certificate (public key certificate) has been revoked.
  • the certificate revocation information corresponds to a certificate revocation list (CRL).
  • the CA private key, CA certificate, and certificate revocation information are handled by different CA devices 3 for each domain.
  • the control unit 307 includes an overall control unit 308, an authentication processing unit 309, and a revocation information providing unit 310.
  • the overall control unit 308 controls the entire processing in the certificate authority device 3. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
  • the authentication processing unit 309 controls authentication processing in the certificate authority device 3. For example, in the present embodiment, for a certain user, the user's identification name and the public key owned by the user are linked, and a digital signature is applied to the linked information using a certification authority private key. Process to issue a user certificate (public key certificate).
  • the authentication processing unit 309 manages user certificates issued by the certificate authority device 3, and further, regarding the user certificate (public key certificate) issued by the certificate authority device 3, a revoked user certificate Certificate revocation information is generated by digitally signing the certificate (public key certificate) information list using the certificate authority private key of the certificate authority device 3.
  • the authentication processing unit 309 issues a certificate authority certificate that is a root certificate and a user certificate.
  • the description will be made in two layers, that is, the certificate authority certificate and the user certificate.
  • the hierarchy structure of the certificate authority may be three or more layers. It is not limited.
  • the revocation information providing unit 310 controls processing for providing the certificate revocation information generated by the authentication processing unit 309 via the communication unit 314. For example, the revocation information providing unit 310 transmits the certificate revocation information via the communication unit 314 in response to a request from one that verifies the public key certificate.
  • the revocation information providing unit 310 has a function such as an LDAP server.
  • the certificate revocation information is described as a certificate revocation list (CRL).
  • the present embodiment is not limited to such a mode, and the revocation information providing unit 310 uses the online certificate status protocol.
  • OCSP a process for accepting a request for certificate validity confirmation and returning a response in response to the request may be performed.
  • the input unit 312 accepts input of information.
  • the output unit 313 outputs information.
  • the communication unit 314 transmits and receives information via the network 8.
  • the certificate authority device 3 described above has, for example, a CPU 391, a memory 392, an external storage device 393 such as an HDD, and a portable device such as a CD and a DVD as shown in FIG. 9 (schematic diagram of the computer 390).
  • a reading device 395 that reads and writes information from and on the storage medium 394, an input device 396 such as a keyboard and a mouse, an output device 397 such as a display, and a communication device 398 such as a NIC for connecting to a communication network.
  • This can be realized by a general computer 390 provided.
  • the storage unit 301 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 307 loads a predetermined program stored in the external storage device 393 into the memory 392.
  • the input unit 312 can be realized by the CPU 391 using the input device 396, and the output unit 313 can be realized by the CPU 391 using the output device 397.
  • the communication unit 314 can be realized by the CPU 391 using the communication device 398.
  • This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
  • FIG. 10 is a schematic diagram of the service providing apparatus 4. As illustrated, the service providing apparatus 4 includes a storage unit 401, a control unit 405, and a communication unit 410.
  • the storage unit 401 includes a certificate authority certificate storage area 402 and an access control policy information storage area 403.
  • the certificate authority certificate storage area 402 stores all certificate authority certificates necessary for signature verification of user certificates.
  • the access control policy information storage area 403 stores information for specifying the access right for each service provided by the service providing apparatus 4. For example, an access control list or the like that determines whether or not access is permitted according to each URI of the service and the user or the attribute of the user is stored.
  • the control unit 405 includes an overall control unit 406, a service providing unit 407, and an authentication cooperation processing unit 408.
  • the overall control unit 406 controls the entire processing in the service providing apparatus 4. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
  • the service providing unit 407 controls processing for providing a service to the user via the network 8.
  • the service providing unit 407 includes a Web server program and a Web application program.
  • the authentication cooperation processing unit 408 When the user accesses the service providing program, the authentication cooperation processing unit 408 requests information necessary for authentication to the user and provides the electronic signature data and the user certificate transmitted from the user side. It controls the process of requesting verification from the side certificate verification apparatus 6 and the like and the process of associating a plurality of electronic certificates.
  • the communication unit 410 transmits and receives information via the network 8.
  • the service providing apparatus 4 described above can be realized by, for example, a general computer 390 as shown in FIG.
  • the storage unit 401 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 405 loads a predetermined program stored in the external storage device 393 into the memory 392.
  • the communication unit 410 can be realized by the CPU 391 using the communication device 398.
  • This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
  • FIG. 11 is a schematic diagram of the user information management device 5. As illustrated, the user information management device 5 includes a storage unit 501, a control unit 504, and a communication unit 508.
  • the storage unit 501 includes a user information storage area 502.
  • the user certificate of the user for each user of the service provided by the service providing apparatus 4, the user certificate of the user, another user certificate that uses the user certificate as a cooperation destination, Is stored.
  • a user information table 502a as shown in FIG. 12 (schematic diagram of the user information table 502a) is stored.
  • the user information table 502a includes a registration ID field 502b, a personal information field 502c, a linked certificate storage area 502d, a linked certificate storage area 502e, a notification destination field 502n, and an authentication code field 502o. And a registration date / time field 502p and a status flag field 502q.
  • the registration ID field 502b information for identifying a user of a service provided by the service providing apparatus 4 is stored.
  • a registration ID assigned so as to be unique to the user is stored as information for identifying the user of the service.
  • user attribute information specified in the registration ID field 502b is stored.
  • name, address, date of birth, sex, and the like are stored as user attribute information.
  • the linked certificate storage area 502d stores information that identifies a user certificate to which another user certificate is linked.
  • a domain A user certificate (a user certificate provided by the first certificate authority device 3A) on which the service provider that provides the service using the service providing device 4 places high trust. Information for identifying is stored.
  • the linked certificate storage area 502d has a user certificate field 502f, an issuer name field 502g, a serial number field 502h, and an owner name field 502i.
  • the user certificate field 502f stores information for identifying a domain A user certificate (a user certificate provided by the first certificate authority device 3A).
  • the issuer name field 502g stores information for specifying the issuer name of the user certificate extracted from the user certificate stored in the user certificate field 502f.
  • the serial number field 502h stores information for identifying the serial number of the user certificate extracted from the user certificate stored in the user certificate field 502f.
  • the owner name field 502i stores information for identifying the owner of the user certificate extracted from the user certificate stored in the user certificate field 502f.
  • the cooperation certificate storage area 502e information for specifying a user certificate that uses the user certificate specified in the linked certificate storage area 502d as a cooperation destination is stored.
  • the cooperation certificate storage area 502e information for specifying at least one user certificate having the user certificate specified in the cooperation certificate storage area 502d as a cooperation destination is stored.
  • the domain B user certificate (the user certificate provided by the second certificate authority device 3B) that the service provider that provides the service using the service providing device 4 does not have very high trust. ) Is stored.
  • the user certificate field 502j the issuer name field 502k, the serial number field 502l, and the owner name field 502m are specified in the linked certificate storage area 502d. It is provided according to the number of user certificates that use the user certificate to be linked.
  • the user certificate field 502j information for specifying a user certificate (here, a domain B user certificate) that uses the user certificate specified in the linked certificate storage area 502d as a link destination. Stored.
  • a user certificate here, a domain B user certificate
  • the issuer name field 502k stores information for specifying the issuer name of the user certificate extracted from the user certificate stored in the user certificate field 502j.
  • the serial number field 502l stores information for specifying the serial number of the user certificate extracted from the user certificate stored in the user certificate field 502j.
  • the owner name field 502m stores information for identifying the owner of the user certificate extracted from the user certificate stored in the user certificate field 502j.
  • the notification destination field 502n stores information for specifying a communication address when notifying the user specified in the registration ID field 502b of a URL for requesting the main registration.
  • the mail address of the second user device 2 used by the user specified by the registration ID field 502b is stored.
  • the authentication code field 502o stores information for specifying an authentication code used when the user specified in the registration ID field 502b changes the association of the domain A user certificate.
  • the authentication code is information for uniquely identifying which user certificate is associated with the authentication code, and uses a value that does not substantially collide with the value of the authentication code in another row. For example, a random number or a hash value is used as the authentication code.
  • the status flag field 502q stores information indicating the registration status of the user specified in the registration ID field 502b.
  • information indicating the registration status a user certificate is registered in the linked certificate storage area 502d, and the user certificate is still registered in the linked certificate storage area 502e.
  • the user specified in the registration ID field 502b is notified of the registration request, and the registration of the user certificate is still in the cooperation certificate storage area 502e.
  • the communication unit 508 transmits and receives information via the network 8.
  • the user information management apparatus 5 described above can be realized by a general computer 390 as shown in FIG. 9, for example.
  • the storage unit 501 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 504 loads a predetermined program stored in the external storage device 393 into the memory 392.
  • the communication unit 508 can be realized by the CPU 391 using the communication device 398.
  • This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
  • FIG. 13 is a schematic diagram of the providing-side certificate verification device 6.
  • the providing-side certificate verification device 6 includes a storage unit 601, a control unit 605, and a communication unit 610.
  • the storage unit 601 includes a verification access destination information storage area 602 and a certificate authority certificate information storage area 603.
  • a certificate verification apparatus (in this embodiment, the first certificate verification apparatus 7A or the second certificate verification apparatus 7B) for requesting verification of the validity of the user certificate. Or information for specifying the URI of the inquiry destination for confirming the validity of the user certificate is stored for each issuer of the user certificate.
  • the certificate authority certificate information storage area 603 stores information for specifying the certificate authority certificate of the certificate authority necessary for verifying the user certificate.
  • the control unit 605 includes an overall control unit 606, a certificate verification unit 607, and an additional verification unit 608.
  • the overall control unit 606 controls the entire processing in the providing side certificate verification apparatus 6. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
  • the certificate verification unit 607 controls the process of verifying the validity of the user certificate and responding to the result in response to a request from another device and the additional verification unit 608.
  • the verification of the validity of the user certificate is to construct and verify the certification path of the certificate requested to be verified, and to confirm the validity of the user certificate.
  • the certificate verification unit 607 has a certificate verification device for a specific domain (in this embodiment, the first certificate verification device 7A and the second certificate verification device 7B). If the setting is to request, the verification of the validity of the user certificate of the specific domain is requested to the certificate verification apparatus, and the process of receiving the verification result as a response is controlled.
  • the additional verification unit 608 controls processing for verifying the validity of another user certificate associated with the user certificate whose request for verification has been received by the certificate verification unit 607.
  • the communication unit 610 transmits and receives information via the network 8.
  • the providing side certificate verification device 6 described above can be realized by, for example, a general computer 390 as shown in FIG.
  • the storage unit 601 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 605 loads a predetermined program stored in the external storage device 393 into the memory 392.
  • the communication unit 610 can be realized by using the communication device 398 by the CPU 391.
  • This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
  • the first certificate verification device 7A verifies the user certificate (domain A user certificate) issued by the first certificate authority device 3A in response to a request from another device, and the second certificate.
  • the verification device 7B verifies the user certificate (domain B user certificate) issued by the second certificate authority device 3B in response to a request from another device.
  • the first certificate verification device 7A and the second certificate verification device 7B can be realized by a publicly known verification server that verifies public key certificates, and thus detailed description thereof is omitted.
  • the user has been issued a user certificate 392 from the first certificate authority device 3A in domain A and the second certificate authority device 3B in domain B.
  • the first user device 1 and the second user device 2 are described as being owned by the user, but the first user device 1 and the second user device 2 themselves. May be a window terminal on the service provider side or a form in which the user owns the user authentication device 120.
  • the service use unit 104 of the first user device 1 accepts an input of a URL for performing use registration of the service provided by the service providing device 4 via the input unit 108, and via the communication unit 110, A user registration request is transmitted to the service providing apparatus 4 (S10).
  • the service providing unit 407 receives the user registration request transmitted by the first user device 1 via the communication unit 410 (S11).
  • the service providing unit 407 of the service providing apparatus 4 transmits user registration screen data necessary for user registration to the first user apparatus 1 (S12).
  • the service use unit 104 receives the user registration screen data transmitted in step S12 via the communication unit 110 and displays it on the output unit 109 (S13).
  • the first user device 1 receives input of information necessary for registration from the user via the input unit 108 (S14).
  • the information for accepting the input includes user attribute information stored in the personal information field 502c of the user information table 502a shown in FIG. 12 and the notification destination of the main registration request (in this embodiment, the mail address of the second user device 2). Etc.
  • the service using unit 104 generates electronic signature data using the domain A private key with the input information as a signature target.
  • the service using unit 104 then receives the user information received in step S14 via the communication unit 110, the generated electronic signature data, and the domain A corresponding to the private key used to generate the electronic signature data.
  • the user certificate is transmitted to the service providing apparatus 4 (S15).
  • the service use unit 104 performs the device authentication unit of the user authentication device 120 via the first user device authentication unit 106 and the user authentication device control unit 105.
  • the device authentication unit 127 By requesting the generation of electronic signature data to 127, the device authentication unit 127 generates electronic signature data, and then the domain corresponding to the generated electronic signature data and the private key used to generate the electronic signature data A user certificate is returned to the service use unit 104 of the first user device 1.
  • the service providing unit 407 receives the user information, the electronic signature data, and the domain A user certificate transmitted from the first user device 1 via the communication unit 410 ( S16).
  • the service providing apparatus 4 uses the authentication cooperation processing unit 408 to verify the signature of the electronic signature data received from the first user apparatus 1 using the domain A user certificate (S17). If the verification of the signature is successful, the process proceeds to step S19. If the verification of the signature fails, error screen data indicating that the signature verification has failed is generated, and the error screen data is transferred to the first user. The data is transmitted to the device 1, and the process proceeds to step S18.
  • step S18 the service utilization unit 104 of the first user device 1 displays the error screen data received via the communication unit 110 on the output unit 109.
  • the process ends in step S18, but the process may be repeated by returning to step S10 as necessary.
  • step S19 the authentication cooperation processing unit 408 of the service providing apparatus 4 sends a verification request message requesting the providing side certificate verification apparatus 6 to verify the user certificate used for verifying the signature in S17.
  • the verification request message includes request type data indicating a verification request in the user registration request and a user certificate to be verified.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S20).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S20 (S21). Details of the verification process in step S21 will be described with reference to FIG.
  • the certificate verification unit 607 of the providing-side certificate verification device 6 generates a user certificate verification response message according to the verification result in step S 21, and sends it to the service providing device 4 via the communication unit 610. Transmit (S22).
  • the verification response message for the user certificate includes success / failure verification of the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S22, and confirms the verification result of the validity of the user certificate (S23). If it is confirmed as a result of the validity verification of the user certificate that there is no problem with the user certificate, the process proceeds to step S25, where the result of the validity verification of the user certificate indicates failure. If there is, error screen data that indicates that the verification of the certificate has failed is generated, and the error screen data is transmitted to the first user device 1.
  • step S24 the service utilization unit 104 of the first user device 1 displays the error screen data received via the communication unit 110 on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S10 as necessary.
  • step S25 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information temporary registration message for requesting temporary registration of user information to the user information management apparatus 5.
  • the user information temporary registration request message includes identification information indicating that it is a user information temporary registration request message, user information received in step S16 (personal information, notification destination, etc.), a domain A user certificate, and The issuer name, serial number, owner name, etc. extracted from the user certificate are included.
  • the user information management unit 506 of the user information management device 5 receives the user information temporary registration request message transmitted by the service providing device 4 via the communication unit 508 (S26).
  • the user information management unit 506 of the user information management device 5 stores the information included in the user information temporary registration request message received in step S26 in the user information table 502a (S27).
  • step S27 a new record is added to the user information table 502a as shown in FIG. 12, and the registration ID, personal information, user certificate, issuer name, serial number, ownership are added to the added record.
  • the user name, notification destination, registration date and time, and registration status flag are respectively registered ID field 502b, personal information field 502c, user certificate field 502f, issuer name field 502g, serial number field 502h, owner name field 502i,
  • the information is stored in the notification destination field 502n, the authentication code field 502o, the registration date / time field 502p, and the status flag field 502q.
  • the registration ID field 502b is stored with a number that is not registered in the user information table 502a, and the registration date / time field 502p receives the user information temporary registration request message in step S26. From the current date to the current time, and the status flag field 502q stores the status of “provisional registration”.
  • the user information management unit 506 of the user information management device 5 generates a temporary registration result message including the temporary registration result of the user information via the communication unit 508, and transmits it to the service providing device 4 (S28).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the temporary registration result message transmitted in step S28 via the communication unit 410, and confirms the success or failure of temporary registration (S29). As a result, if the temporary registration has succeeded, the process proceeds to step S31. If the temporary registration has failed, error screen data notifying that the temporary registration has failed is generated, and the error screen data is It transmits to one user apparatus 1, and progresses to step S30.
  • step S30 the service using unit 104 of the first user device 1 receives the error screen data via the communication unit 410 and displays the error screen data on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S10 as necessary.
  • step S31 the service providing unit 407 of the service providing apparatus 4 generates temporary registration result screen data indicating that the temporary registration has been successful, and transmits the temporary registration result screen data to the first user apparatus 1. .
  • the service using unit 104 of the first user device 1 receives the temporary registration result screen data via the communication unit 110 and displays it on the output unit 109 (S32). Then, the process proceeds to the sequence of FIG.
  • the service providing unit 407 of the service providing apparatus 4 transmits an access destination for the user to perform the registration procedure to the second user apparatus 2 (S33).
  • the notification destination included in the user information received in step S16 in FIG. 14 is used.
  • the service providing unit 407 since the notification destination is the mail address associated with the second user device 2, the service providing unit 407 is for performing the procedure of the main registration on the text of the mail to the second user device 2.
  • the URL that is the access destination is described and transmitted.
  • the URL includes information that can specify the user of the second user device 2, such as a registration ID or a notification destination.
  • the service providing unit 407 of the service providing apparatus 4 transmits an access destination notified registration request message to the user information managing apparatus 5. It is assumed that the notified registration request message of the access destination includes a registration ID and the like in addition to data indicating the notified registration request message.
  • the user information management unit 506 specifies and specifies a record of the user information table 502a corresponding to the registration ID included in the notified registration request message.
  • the status flag field 502q of the record is updated to the “notified” status.
  • the user information management unit 506 of the user information management device 5 generates a notified registration result message including the notified registration result of the access destination, and transmits it to the service providing device 4.
  • the second user device 2 receives the access destination of the main registration transmitted in step S33 by the service utilization unit 207 (S34).
  • the service using unit 207 of the second user device 2 displays the access destination on the output unit 211, and receives an execution instruction for selecting the displayed access destination via the input unit 210.
  • a main registration request message for performing the main registration of the user is transmitted to the service providing apparatus 4 (S35). Note that the processing in step S35 is performed at a timing convenient for the user, and is not necessarily performed immediately.
  • the service providing unit 407 of the service providing apparatus 4 receives the main registration request message transmitted by the second user apparatus 2 via the communication unit 410 (S36).
  • the service providing unit 407 of the service providing apparatus 4 transmits to the second user apparatus 2 authentication request data for requesting a domain B user certificate or the like necessary for authentication for performing the main registration of the user.
  • S37 For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to step S37.
  • the service utilization unit 207 of the second user device 2 receives the authentication request data transmitted in step S37 via the wireless communication unit 212 (S38).
  • the second user device 2 generates an electronic signature using the private key of the domain B based on the authentication request (S39).
  • the second user device authentication unit 208 uses the second user secret key stored in the second user secret key storage area 202 in response to an instruction from the service use unit 207. To generate electronic signature data.
  • the service utilization unit 207 of the second user device 2 extracts the domain B user certificate corresponding to the second user private key used in step S39 from the second user certificate storage area 203,
  • the digital signature data generated in step S39, the extracted user certificate, and the service providing apparatus 4 are transmitted (S40). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
  • the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the domain B user certificate, and the like transmitted by the second user apparatus 2 via the communication unit 410 (S41).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the received electronic signature data using the domain B user certificate (S42). If the signature verification is successful, the process proceeds to step S44. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S43.
  • step S43 the service utilization unit 207 of the second user device 2 displays the transmitted error screen data on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
  • step S44 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a verification request message for the user certificate used for verifying the signature in step S42 to the providing side certificate verification apparatus 6. It is assumed that the verification request message includes request type data indicating that this is a main registration request and a user certificate to be verified.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S45).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S45 (S46). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S47).
  • the verification response message for the user certificate includes success / failure verification of the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S47 and confirms the verification result of the validity of the user certificate (S48). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S50, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S49.
  • step S49 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S48 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
  • step S50 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information main registration request message to the user information management apparatus 5.
  • the main registration request message of the user information in addition to data indicating the main registration request message, the domain B user certificate received in step S41 and the issuer name extracted from the user certificate, The serial number, owner name, etc. shall be included.
  • the user information management unit 506 of the user information management apparatus 5 receives the user information main registration request message transmitted by the service providing apparatus 4 via the communication unit 508 (S51).
  • the user information management unit 506 of the user information management device 5 updates the user information table 502 based on the information included in the registration request message received in step S51 (S52). For example, the user information management unit 506 performs a search on the registration ID field 502b of the user information table 502 using the transmitted registration ID as a search key, specifies a record in which the registration ID is stored, and specifies The information received in step S51 is stored in the user certificate field 502j, the issuer name field 502k, the serial number field 502l, and the owner name field 502m of the recorded record, and the status flag field 502q is “main registration”. Update to status.
  • the user information management unit 506 of the user information management apparatus 5 After executing step S52, the user information management unit 506 of the user information management apparatus 5 generates a main registration result message including the main registration result of the user information and transmits it to the service providing apparatus 4 (S53).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the main registration result message transmitted in step S53 via the communication unit 410, and confirms the success or failure of the main registration (S54). As a result, if the main registration is successful, the process proceeds to step S56. If the main registration is unsuccessful, error screen data indicating that the main registration has failed is generated, and the error screen data is stored in the second user device 2. The process proceeds to step S55.
  • step S55 the service use unit 207 of the second user device 2 displays the error screen data transmitted in step S54 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
  • step S56 the service providing unit 407 of the service providing apparatus 4 generates main registration result screen data indicating that the main registration is successful, and transmits the main registration result screen data to the second user apparatus 2. (S56).
  • the service utilization unit 207 of the second user device 2 receives the main registration result screen data transmitted in step S56 via the wireless communication unit 212 and displays it on the output unit 211 (S57).
  • association may be expressed as cooperation.
  • FIG. 16 is a sequence diagram showing an authentication process when using the service.
  • the service using unit 207 of the second user apparatus 2 receives an input of a URL for using the service provided by the service providing apparatus 4 via the input unit 210 and sends a service request message to the service providing apparatus 4. Transmit (S60).
  • the service providing unit 407 of the service providing apparatus 4 receives the service request message transmitted by the second user apparatus 2 via the communication unit 410 (S61).
  • the service providing unit 407 of the service providing apparatus 4 transmits authentication request data for requesting a user certificate or the like necessary for authentication at the time of service use to the second user apparatus 2 (S62).
  • the service utilization unit 207 of the second user device 2 receives the authentication request data transmitted in step S62 via the wireless communication unit 212 (S63).
  • the service use unit 207 of the second user device 2 issues an instruction to the second user device authentication unit 208, and the second user device authentication unit 208 performs the second use based on the authentication request.
  • the electronic signature data is generated using the private key of the domain B stored in the person private key storage area 202 (S64). For example, processing on the client side required for client authentication by SSL or TLS corresponds to this step.
  • the service use unit 207 of the second user device 2 generates the electronic signature data generated in step S64, the user certificate corresponding to the private key used to generate the electronic signature data, and the service providing device 4 (S65). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
  • the service providing unit 407 of the service providing device 4 receives the electronic signature data, the user certificate, and the like transmitted by the second user device 2 via the communication unit 410 (S66).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the second user apparatus 2 using the user certificate received together (S67). If the signature verification is successful, the process proceeds to step S69. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S68.
  • step S68 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S67 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
  • step S69 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S67.
  • the verification request message includes request type data indicating a service request and a user certificate.
  • the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S70).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S70 (S71). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a certificate verification response message and transmits it to the service providing apparatus 4 (S72).
  • the certificate verification response message includes the success or failure of the validity verification of the second user certificate 2, and if the user certificate with low reliability is verified in step S71, According to FIG. 22, it is assumed that the verification response also includes the validity verification result of the user certificate with high reliability associated with the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the certificate verification response message transmitted in step S72, and confirms the verification result of the validity of the user certificate (S73). If it is confirmed that there is no problem with the certificate as a result of the validity verification of the user certificate, the process proceeds to step S75, and the result of the validity verification of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S74.
  • step S74 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S73 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
  • step S75 the service providing unit 407 of the service providing apparatus 4 refers to the access control policy stored in the access control policy information storage area 403, and accesses the service for the user of the user certificate. Judgment is made. As a result of the access determination, if it is confirmed that the user has the access authority, the process proceeds to step S77. If the access determination fails, error screen data that indicates that there is no access authority to the service is generated. The error screen data is transmitted to the second user device 2 and the process proceeds to step S76.
  • step S76 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S75 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
  • step S77 the service providing unit 407 of the service providing apparatus 4 generates service providing screen data for providing the service, and transmits the service providing screen data to the second user apparatus 2 (S77). .
  • the service utilization unit 207 of the second user device 2 displays the service provision screen data transmitted in step S77 on the output unit 211 (S78).
  • FIG. 17 is a sequence diagram showing a user certificate association update process.
  • the user has already registered the user certificate shown in FIGS. 14 and 15 as a premise of this sequence.
  • the first user device 1 is used for explanation, but the second user device 2 can perform the same processing.
  • a new user certificate will be issued from the same certificate authority that issued the user certificate when the user certificate expires. Applicable when issued.
  • the user certificate for which the association of the user certificate is to be updated may be the domain A or the domain B, but the user certificate in the old user certificate and the new user certificate The issuer name and owner name of the certificate shall be the same.
  • issuer name or owner name does not match between the old and new user certificates, it is determined from other matching parts according to the naming rules for the issuer name or owner name of the certificate. If it can be determined that they are the same issuer or owner, they can be updated.
  • the service using unit 104 of the first user device 1 receives an input of a URL for updating the association of the user certificate in the service provided by the service providing device 4 via the input unit 108 and provides the service.
  • a certificate update request message for updating the association of the user certificate is transmitted to the device 4 (S80).
  • the service providing unit 407 of the service providing device 4 receives the certificate update request message transmitted by the first user device 1 via the communication unit 410 (S81).
  • the service providing unit 407 of the service providing apparatus 4 transmits authentication request data requesting a user certificate or the like necessary for authentication at the time of certificate update to the first user apparatus 1 (S82).
  • the service utilization unit 104 of the first user device 1 receives the authentication request data transmitted in step S82 via the communication unit 110 (S83).
  • the first user device 1 generates an electronic signature using the user's private key based on the received authentication request data (S84).
  • the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do.
  • the device authentication unit 127 generates electronic signature data using the user's private key stored in the first user private key storage area 122
  • the generated electronic signature data and the electronic signature data are generated.
  • the user certificate corresponding to the secret key used for generating the message is returned to the service using unit 104 of the first user device 1.
  • client-side processing necessary for client authentication by SSL or TLS corresponds to this step.
  • the user certificate and private key used here are a newly issued user certificate and a private key corresponding to the user certificate. That is, a user certificate or a private key that is assumed to be used after the association is updated.
  • the service using unit 104 of the first user apparatus 1 receives the electronic signature data generated in step S84 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S85). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
  • the service providing unit 407 of the service providing device 4 receives the electronic signature data, the user certificate, etc. transmitted by the first user device 1 via the communication unit 410 (S86).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate received together (S87). If the signature verification is successful, the process proceeds to step S89. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S88.
  • step S88 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S87 on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S80 as necessary (S88).
  • step S89 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 the verification request message for the user certificate used for verifying the signature in step S87 ( S89).
  • This verification request message includes request type data indicating a certificate update request and a user certificate to be verified.
  • the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S90).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S90 (S91). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing-side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S92).
  • the user certificate verification response message includes information for specifying whether or not the validity verification of the user certificate is successful.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S92 via the communication unit 410, and the verification result of the validity of the user certificate. Is confirmed (S93). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S95, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S95.
  • step S94 the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S93 on the output unit 109 via the communication unit 110.
  • the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
  • step S95 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for user information to the user information management apparatus 5.
  • the user information search request message in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S86 or a part thereof (part that can identify the issuer) ) And the owner name or a part thereof (part that can identify the owner).
  • the user information management unit 506 of the user information management device 5 receives the user information search request message transmitted by the service providing device 4 via the communication unit 508 (S96).
  • the user information management unit 506 of the user information management device 5 searches the user information table 502a based on the information received in step S96 (S97). For example, the user information management unit 506 determines to which domain the issuer name or part of the user certificate received in step S96 belongs, and the user information table 502a has the corresponding domain. A record that matches the received owner name with the search key is searched from the columns of the person name fields 502i and 502m (S97). In addition, as described in the preconditions of this flow, for a part of the owner name that can uniquely identify the user according to the certificate naming rules, a part of the owner name is used as the search key. .
  • the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the user information and transmits it to the service providing device 4 (S98).
  • the service providing device 4 S98.
  • the registration ID stored in the registration ID field 502b of the record is included. If there is no corresponding record, it indicates that the record does not exist. Information indicating the effect shall be included.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S98 via the communication unit 410, and whether or not user information is included in the received search result message. Is confirmed (S99). If the search result message includes a registration ID that is user information, the process proceeds to step S101. If the user information (registration ID) cannot be acquired from the search result, the user certificate to be updated is registered. Error screen data that indicates that no error has occurred is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S100.
  • step S100 the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S99 on the output unit 109.
  • the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
  • step S 101 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5.
  • the user information change request message includes data indicating the change request message, the registration ID acquired in step S99, the user certificate received in step S86, and the issue extracted from the user certificate.
  • the name, serial number, owner name, etc. shall be included.
  • the corresponding domain is identified from the issuer name, and the column to be changed is designated.
  • the user information management unit 506 of the user information management device 5 receives the user information change request message transmitted by the service providing device 4 via the communication unit 508 (S102).
  • the user information management unit 506 of the user information management device 5 updates the information stored in the user information table 502 with the information received in step S102 (S103).
  • the record of the user information table 502 is specified using the registration ID included in the received information as a search key, and information on the user certificate, issuer name, serial number, owner name is included in the specified record. Update. For the user certificate, issuer name, serial number, and owner name fields to be updated, the corresponding domain is identified from the issuer name, and the field corresponding to the identified domain is identified.
  • the user information management unit 506 of the user information management device 5 generates a message including the change result of the user information and transmits it to the service providing device 4 (S104).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S104, and confirms the success or failure of the change (S105). If the change is successful, the process proceeds to step S107. If the change is unsuccessful, error screen data notifying that the change has failed is generated, and the error screen data is transmitted to the first user device 1, and step S106 is performed. Proceed to
  • step S106 the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S105 on the output unit 109.
  • the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
  • step S107 the service providing unit 407 of the service providing apparatus 4 generates change result screen data indicating that the change is successful, and transmits the screen data to the first user apparatus 1 (S107).
  • the service using unit 104 of the first user device 1 displays the change result screen data transmitted in step S107 on the output unit 109 (S108).
  • the update of user certificate association is completed.
  • the user information is searched (steps S95 to S100) and then the user information change request message is transmitted (step S101).
  • the user information searching step (steps S95 to S100) is performed. Step S100) can be skipped.
  • FIG. 18 and FIG. 19 are sequence diagrams showing the user certificate association changing process.
  • the certificate authority that issued the already registered user certificate Corresponds to the case of associating a user certificate issued from another certificate authority, or when the user certificate information has been changed, the user certificate is reissued, and the user certificate is associated To do.
  • the service using unit 104 of the second user apparatus 2 receives an input of a URL for changing the association of the user certificate in the service provided by the service providing apparatus 4 via the input unit 210, and provides the service.
  • a certificate linkage change request message for changing the user certificate is transmitted to the device 4 (S110).
  • the service providing unit 407 of the service providing apparatus 4 receives the certificate cooperation change request message transmitted by the second user apparatus 2 via the communication unit 410 (S111).
  • the service providing unit 407 of the service providing apparatus 4 transmits to the second user apparatus 2 authentication request data for requesting a user certificate or the like necessary for authentication at the time of certificate linkage change (S112).
  • the service use unit 104 of the second user device 2 receives the authentication request data transmitted in step S112 via the wireless communication unit 212 (S113).
  • the second user device 2 In response to the authentication request data, the second user device 2 generates electronic signature data using the domain B private key stored in the second user private key storage area 202 (S14).
  • the service using unit 104 instructs the second user device authentication unit 208 to generate the electronic signature data and then the generated electronic signature data.
  • the signature data, the user certificate corresponding to the secret key used to generate the electronic signature data, and the service utilization unit 207 are returned. For example, processing on the client side required for client authentication by SSL or TLS corresponds to this step.
  • the service using unit 207 of the second user apparatus 2 receives the electronic signature data generated in step S114 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S115). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
  • the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the user certificate, and the like transmitted by the second user apparatus 2 via the communication unit 410 (S116).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the second user apparatus 2 using the user certificate received together (S117). If the verification of the signature is successful, the process proceeds to step S119. If the verification of the signature fails, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S118.
  • step S118 the service use unit 207 of the second user device 2 displays the error screen data transmitted in step S117 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
  • step S119 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S117.
  • This verification request message includes request type data indicating a cooperation change request and a user certificate.
  • the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S120).
  • the certificate verification unit 607 of the providing-side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S120 (S121). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S122).
  • the verification response message for the user certificate includes success / failure verification of the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S122, and confirms the verification result of the validity of the user certificate (S123). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S125, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S124.
  • step S124 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S123 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
  • step S125 the authentication cooperation processing unit 408 of the service providing apparatus 4 generates an authentication code that is unique to the user of the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits an authentication code registration request message to the user information management apparatus 5 via the communication unit 410 (S126).
  • the authentication code registration request message includes, in addition to data indicating the authentication code registration request message, the issuer name and serial number extracted from the user certificate received in step S116, and the authentication code. It shall be assumed.
  • the user information management unit 506 of the user information management device 5 receives the registration request message of the authentication code transmitted by the service providing device 4 via the communication unit 508 (S127).
  • the user information management unit 506 of the user information management device 5 updates the user information table 502a stored in the user information storage area 502 based on the information received in step S127 (S128).
  • the user information table 502a is searched using the issuer name and serial number as search keys, and the authentication code included in the received information is registered in the record in which the issuer name and serial number are registered.
  • the user information management unit 506 of the user information management device 5 generates a message including the authentication code registration result and transmits it to the service providing device 4 (S129).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the registration result message transmitted in step S129 via the communication unit 410, and confirms the success or failure of registration (S130). If registration has succeeded, the process proceeds to step S132. If registration has failed, error screen data notifying that registration has failed is generated, the error screen data is transmitted to the second user device 2, and step S131. Proceed to
  • step S131 the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S130 on the output unit 211.
  • the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
  • step S132 the service providing unit 407 of the service providing device 4 generates authentication code notification screen data describing the authentication code, and transmits the authentication code notification screen data to the second user device 2 (S132). .
  • the service usage unit 207 of the second user device 2 displays the authentication code notification screen data transmitted in step S132 on the output unit 211 (S133).
  • the timing which transfers to following step S134 of FIG. 19 shall be implemented at a timing convenient for a user, and does not necessarily need to be implemented immediately. Further, after this step, the user uses the first user device 1.
  • the service using unit 104 of the first user apparatus 1 accepts an input of a URL for making a certificate change request for a service provided by the service providing apparatus 4 via the input unit 108, as shown in FIG. Then, a certificate change request message is transmitted to the service providing apparatus 4 (S134).
  • the service providing unit 407 of the service providing device 4 receives the certificate change request transmitted by the first user device 1 via the communication unit 410 (S135).
  • the service providing unit 407 of the service providing apparatus 4 transmits the authentication code input screen data necessary for changing the user certificate to the first user apparatus 1 (S136).
  • the service using unit 104 of the first user device 1 receives the authentication code input screen data transmitted in step S136 and displays it on the output unit 109 (S137).
  • the service utilization unit 104 of the first user device 1 accepts input of information necessary for the change via the input unit 108, and uses the new secret key of the domain A with the input information as a signature target.
  • Electronic signature data is generated (S138).
  • the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do.
  • the device authentication unit 127 generates electronic signature data using the new private key stored in the first user private key storage area 122, and then generates the generated electronic signature data and the electronic signature data.
  • a new user certificate corresponding to the secret key used for the service is returned to the service using unit 104 of the first user device 1.
  • the service utilization unit 104 of the first user apparatus 1 creates a new user corresponding to the information input by the user in step S138, the generated electronic signature data, and the private key used to generate the electronic signature data.
  • the certificate is transmitted to the service providing apparatus 4 (S139).
  • the service providing unit 407 of the service providing apparatus 4 receives the user information, electronic signature data, new user certificate, and the like transmitted by the first user apparatus 1 via the communication unit 410 (S140). .
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate of the new domain A (S141).
  • the process proceeds to step S143. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S142.
  • step S142 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S141 on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
  • step S143 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a verification request message for the user certificate used for verifying the signature in step S141 to the providing side certificate verification apparatus 6.
  • the verification request message includes request type data indicating a certificate change request and a new domain A user certificate to be verified.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S144).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S144 (S145). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing-side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S146).
  • the verification response message for the user certificate includes success / failure verification of the validity of the user certificate for the new domain A.
  • the authentication collaboration processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S146 and confirms the verification result of the validity of the new domain A user certificate ( S147). As a result of the validity verification of the user certificate 382, if it can be confirmed that there is no problem with the certificate, the process proceeds to step S149, and the validity verification result of the user certificate indicates failure. Generates error screen data indicating that the certificate verification has failed, transmits the error screen data to the first user device 1, and proceeds to step S148.
  • step S148 the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S147 on the output unit 109 (S148).
  • the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
  • step S149 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for an authentication code to the user information management apparatus 5.
  • the authentication code search request message in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S140 or a part thereof (part that can identify the issuer), and , The owner name or a part of it (part that can identify the owner) shall be included.
  • the user information management unit 506 of the user information management apparatus 5 receives the authentication code search request message transmitted by the service providing apparatus 4 (S150).
  • the user information management unit 506 of the user information management device 5 searches the user information table 502a stored in the user information storage area 502 based on the information received in step S150 (S151).
  • the user information table 502a it is determined to which domain the issuer name of the user certificate or a part thereof belongs, and the received owner is obtained from the column of the owner name of the corresponding domain. Search for records whose names match the search key.
  • the preconditions of this flow for a part of the owner name that can uniquely identify the user by the certificate naming rules, use a part of the owner name as the search key. .
  • the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the authentication code and transmits it to the service providing device 4 (S152).
  • the service providing device 4 S152.
  • the authentication code registered in the record is included in the search result message, and if there is no corresponding record, or there is an authentication code in the corresponding record. If not, information indicating that the authentication code does not exist is included in the search result message.
  • step S151 since it is assumed that there are not a plurality of corresponding records based on the update target condition of the user certificate association which is the premise of this sequence, when a plurality of corresponding records are searched in step S151, A message indicating an error is generated as a search result generated in the step.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S152, and verifies whether the received authentication code matches the authentication code received in step S140. (S153). If the verification succeeds, the process proceeds to step S155. If the verification fails (including the case where the verification result message transmitted in step S146 does not include an authentication code), the fact that the certificate change has failed is indicated. The error screen data to be transmitted is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S154.
  • step S154 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S153 on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
  • step S155 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5.
  • the user information change request message in addition to the data indicating the change request message, the authentication code acquired in step S140, the user certificate, and the issuer name and serial number extracted from the user certificate. , Owner name, etc. shall be included.
  • the user certificate, issuer name, serial number, and owner name columns requesting the change the corresponding domain is identified from the issuer name, and the column to be changed is designated.
  • the user information management unit 506 of the user information management device 5 receives the user information change request transmitted by the service providing device 4 via the communication unit 508 (S156).
  • the user information management unit 506 of the user information management device 5 stores the information received in step S156 in the user information table 502a stored in the user information storage area 502 (S157).
  • the user information table 502a is searched using the authentication code as a search key, and the user certificate, issuer name, serial number, and owner name information are stored in the record in which the authentication code is registered. Update. Also, the authentication code of the record is deleted.
  • the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the user information and transmits it to the service providing device 4 (S158).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S158 and confirms the success or failure of the change (S159). If the change is successful, the process proceeds to step S161. If the change is unsuccessful, error screen data notifying that the change has failed is generated, and the error screen data is transmitted to the first user device 1, and step S160. Proceed to
  • step S160 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S159 on the output unit 109.
  • the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
  • step S161 the service providing unit 407 of the service providing apparatus 4 generates change result screen data indicating that the change is successful, and transmits the screen data to the first user apparatus 1.
  • the service utilization part 104 of the 1st user apparatus 1 displays the change result screen data transmitted in step S161 on the output part 109 (S162).
  • step S149 to S154 the change of the association of the user certificate having high reliability for the service provider is completed.
  • user information is searched (steps S149 to S154), and a user information change request message is transmitted (step S155).
  • a user information search step (steps S149 to S154) is performed. Step S154) can be skipped.
  • FIG. 20 and FIG. 21 are sequence diagrams showing a user certificate association release process. As a premise for using the service, it is assumed that the user has already performed the registration process of the user certificate shown in FIGS. Here, the sequence when the user uses the first user device 1 will be described, but the second user device 2 may be used.
  • the service using unit 104 of the first user device 1 receives an input of a URL for releasing the association of the user certificate in the service provided by the service providing device 4 via the input unit 108 and provides the service.
  • a cooperation cancellation request message for canceling the association of the user certificate is transmitted to the apparatus 4 (S170).
  • the service providing unit 407 of the service providing device 4 receives the association cancellation request message transmitted by the first user device 1 via the communication unit 410 (S171).
  • the service providing unit 407 of the service providing apparatus 4 transmits to the first user apparatus 1 authentication request data requesting a user certificate or the like necessary for authentication at the time of cancellation of linkage (S172).
  • the service utilization unit 104 of the first user device 1 receives the authentication request data transmitted in step S172 via the communication unit 110 (S173).
  • the first user device 1 generates an electronic signature using the secret key based on the received authentication request data (S174).
  • the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do.
  • the device authentication unit 127 generates electronic signature data using the private key stored in the first user private key storage area 122, and then generates the generated electronic signature data and the electronic signature data.
  • the user certificate corresponding to the used private key is returned to the service using unit 104 of the first user device 1.
  • processing on the client side required for client authentication by SSL or TLS corresponds to this step.
  • the user certificate and private key used here are a valid user certificate and a private key corresponding to the certificate.
  • the service using unit 104 of the first user apparatus 1 receives the electronic signature data generated in step S174 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S175).
  • processing for transmitting a client certificate by SSL or TLS corresponds to this step.
  • the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the user certificate, and the like transmitted by the first user apparatus 1 via the communication unit 410 (S176).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate received together (S177).
  • the signature verification is successful, the process proceeds to step S179. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S178.
  • step S178 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S177 on the output unit 109.
  • the process ends at this step, but the process may return to step S170 and be repeated as necessary.
  • step S179 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S177. It is assumed that the verification request message includes request type data indicating a cooperation cancellation request message and a user certificate to be verified.
  • the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S180).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S180 (S181). Details of this step will be described with reference to FIG.
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S182).
  • the verification response message for the user certificate includes success / failure verification of the user certificate.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the verification response of the user certificate transmitted in step S182 and confirms the verification result of the validity of the user certificate (S183). As a result of verifying the validity of the user certificate, if it is confirmed that there is no problem with the user certificate, the process proceeds to step S185 (FIG. 21), and the result of verifying the validity of the user certificate has failed. If it is, error screen data indicating that the certificate verification has failed is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S184.
  • step S184 the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S183 on the output unit 109.
  • the process ends at this step, but the process may return to step S170 and be repeated as necessary.
  • step S185 the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for user information to the user information management apparatus 5.
  • the user information search request message in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S176 or a part thereof (part that can identify the issuer) ), And the owner name or a part thereof (part that can identify the owner).
  • the user information management unit 506 of the user information management device 5 receives the user information search request message transmitted by the service providing device 4 (S186).
  • the user information management unit 506 of the user information management device 5 searches the user information table 502a stored in the user information storage area 502 based on the information received in step S186 (S187). In this step, it is determined to which domain the issuer name or part of the user certificate belongs, and the received owner name is matched with the search key from the column of the owner name of the corresponding domain. Search for the record you want. For a part of the owner name that can uniquely identify the user by the certificate naming rule, a part of the owner name is used as a search key.
  • the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the user information and transmits it to the service providing device 4 (S188).
  • the service providing device 4 S188.
  • the corresponding record exists in the search result message, the registration ID, personal information, issuer name, serial number, and owner name of each domain's user certificate stored in that record When there is no corresponding record, information indicating that it does not exist is included.
  • step S187 since it is assumed that there are not a plurality of corresponding records based on the condition of the update target of the certificate association that is the premise of this flow, when a plurality of corresponding records are searched in step S187, in this step A message indicating an error is generated as a search result to be generated.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S188, and includes user information (registration ID, personal information, user certificate of each domain) in the received search result message. (Issuer name, serial number, owner name) is included (S189).
  • user information registration ID, personal information, user certificate of each domain
  • Issuer name, serial number, owner name is included (S189).
  • the search result message includes user information
  • the process proceeds to step S191.
  • the search result message does not include user information, the user is informed that the certificate to be canceled is not registered. Error screen data is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S190.
  • step S190 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S189 on the output unit 109.
  • the process ends at this step, but the process may return to step S170 and be repeated as necessary.
  • step S191 the authentication cooperation processing unit 408 of the service providing apparatus 4 generates cooperation cancellation selection screen data for performing the cooperation cancellation, and transmits the cooperation cancellation selection screen data to the first user apparatus 1.
  • the cooperation cancellation selection screen data includes a list of information related to the associated user certificate based on the user information received in step S189, and a result of checking what is to be canceled and a registration ID. Can be transmitted.
  • the service utilization part 104 of the 1st user apparatus 1 displays the cooperation cancellation
  • the service using unit 104 of the first user device 1 accepts a selection via the input unit 108 by, for example, checking a part that specifies a user certificate that the user wants to cancel the cooperation of (1). S193).
  • the cooperation cancellation certificate information message includes a registration ID, an issuer name of a user certificate selected as a cancellation target, a serial number, an owner name, and the like.
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the cooperation cancellation certificate information message transmitted by the first user apparatus 1 via the communication unit 410 (S195).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5 (S196).
  • the user information change request message in addition to the data indicating that it is a change request message, the registration ID acquired in step S195, the issuer name, serial number, owner name, etc. of the user certificate to be canceled Is included.
  • the user information management unit 506 of the user information management device 5 receives the user information change request message transmitted by the service providing device 4 via the communication unit 508 (S197).
  • the user information management unit 506 of the user information management device 5 updates the user information table 502a based on the information included in the change request message received in step S197 (S198).
  • the registration ID is used as a search key, and the user certificate, issuer name, serial number, and owner name information to be canceled of the record in which the registration ID is registered are stored. delete.
  • the domain to be deleted is specified from the issuer name, and the column to be deleted is specified.
  • the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the user information and transmits it to the service providing device 4 (S199).
  • the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S199, and confirms the success or failure of the change (S200). If the change is successful, the process proceeds to step S202. If the change is unsuccessful, error screen data notifying that the cooperation cancellation has failed is generated, the error screen data is transmitted to the first user device 1, and step The process proceeds to S201.
  • step S201 the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S200 on the output unit 109.
  • the process ends at this step, but the process may return to step S170 and be repeated as necessary.
  • step S ⁇ b> 202 the service providing unit 407 of the service providing apparatus 4 generates cooperation cancellation result screen data indicating that the cooperation cancellation is successful, and transmits the cooperation cancellation result screen data to the first user apparatus 1. (S202).
  • the service utilization part 104 of the 1st user apparatus 1 displays the cooperation cancellation result screen data transmitted in step S202 on the output part 109 (S203).
  • FIG. 22 is a flowchart showing user certificate verification processing.
  • the additional verification unit 608 of the providing-side certificate verification apparatus 6 extracts the issuer name from the user certificate to be verified, and the support that the user certificate to be verified permits use in providing the service. It is confirmed whether it is a user certificate (S210). If it is a user certificate within the support, the process proceeds to step S211. If it is not a user certificate within the support, the process proceeds to step S223.
  • the additional verification unit 608 identifies the domain from the issuer name extracted from the user certificate to be verified, and the user certificate to be verified is positioned as a highly reliable certificate. It is confirmed whether or not it is a user certificate (here, whether or not it is a domain A user certificate) (S211). If it is a highly reliable user certificate, the process proceeds to step S219. If it is not a highly reliable user certificate, the process proceeds to step S212.
  • step S212 the additional verification unit 608 determines whether the request type data received from the first user device 1 or the second user device 2 by the service providing device 4 indicates a cooperation change request message. To do. If the request type data indicates a cooperation change request message, the process proceeds to step S219. If the request type data does not indicate a cooperation change request message, the process proceeds to step S213.
  • step S213 the additional verification unit 608 analyzes the user certificate to be verified.
  • the domain B user certificate is analyzed.
  • the elements to be analyzed here are the issuer name and serial number of the user certificate, and these pieces of information are acquired.
  • the additional verification unit 608 transmits a search request message for searching for user information to the user information management apparatus 5 (S214).
  • the issuer name and serial number of the user certificate acquired in step S213 are included in addition to the data indicating the search request message.
  • the user information management unit 506 uses the information contained in the received search request message to check the user certificate to be verified from the user information table 502a.
  • the user certificate associated with the certificate is acquired from the linked certificate storage area 502d.
  • this step it is determined to which domain the issuer name of the user certificate belongs, and a record that matches the analyzed serial number with the search key is searched from the serial number column of the corresponding domain. To do.
  • the corresponding record exists, the user certificate, issuer name, serial number, owner name, etc. stored in the linked certificate storage area 502d of the record are extracted, and further, the record of the record is extracted. Extract status flags.
  • the user information management unit 506 when the corresponding record exists, the user information management unit 506 generates a search result message for user information including the extracted user certificate, issuer name, serial number, owner name, status flag, etc. Then, the message is returned to the providing side certificate verification device 6.
  • the additional verification unit 608 of the providing side certificate verification device 6 receives the search result message from the user information management device 5 (Yes in S215), the status flag included in the received search result message is “main registration”. Is confirmed (S216). If it indicates “main registration”, the process proceeds to step S217. If it does not indicate “main registration”, the process proceeds to step S223.
  • step S217 the additional verification unit 608 of the providing side certificate verification apparatus 6 requests the certificate verification unit 607 to verify the validity of the user certificate associated with the verification target certificate, and the certificate verification unit 607 607 performs verification.
  • the domain A user certificate associated with the domain B user certificate is to be verified. Details of the verification process of the validity of the user certificate in the certificate verification unit 607 will be described with reference to FIGS.
  • the additional verification unit 608 of the providing side certificate verification apparatus 6 determines the verification result of the verification performed in step S217 (S218). If the verification result is successful, the process proceeds to step S219. If the verification result is unsuccessful, the process proceeds to step S221.
  • step S219 the additional verification unit 608 of the providing-side certificate verification device 6 requests the certificate verification unit 607 to verify the validity of the user certificate that is the verification target, so that the certificate verification unit 607 607 performs verification. Details of the certificate validity verification processing in the certificate verification unit 607 will be described with reference to FIGS.
  • step S219 the additional verification unit 608 of the providing side certificate verification apparatus 6 determines the verification result of the user certificate verified in step S219 (S220). If the verification result of the user certificate is successful, the process proceeds to step S223, and if the verification result of the user certificate is unsuccessful, the process proceeds to step S221.
  • the additional verification unit 608 transmits a registration status flag change request message to the user information management device 5.
  • the registration status flag change request message includes the data indicating that it is a registration flag change request message, as well as the user certificate that failed verification, the issuer name of the user certificate, the serial number, etc.
  • the user information management unit 506 stores the information included in the received change request message in the user information table 502a.
  • the user information management unit 506 of the user information management device 5 is stored in the status flag field 502q of the record searched using the issuer name and serial number of the user certificate in the user information table 502a as a search key.
  • the information is changed to the status specified by the received change request message. For example, if the verification of the domain A user certificate fails, the verification of the domain B user certificate fails with the status of “A invalid” that specifies that the domain A certificate is invalid If it is, the status is changed to a “B invalid” status that specifies that the domain B certificate is invalid.
  • the user information management unit 506 of the user information management device 5 specifies a domain to be updated by identifying a corresponding domain from the issuer name for the user certificate, issuer name, and serial number columns that request the change. Shall be identified.
  • the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the registration status flag, and transmits it to the providing side certificate verification device 6.
  • step S222 when the additional verification unit 608 of the providing side certificate verification apparatus 6 receives the change result message from the user information management apparatus 5 (Yes in step S222), the process proceeds to step S223.
  • step S223 the additional verification unit 608 of the provider side certificate verification apparatus 6 generates a certificate verification result. For example, if the verification target certificate is an unsupported domain in step S210, if the registration status flag indicates a state other than the main registration in step S216, or a change result message is received in step S222. In this case, a certificate verification result message indicating that the verification has failed is generated. On the other hand, if the verification target certificate is successfully verified in step S222, a certificate verification result message indicating that the verification is successful is generated.
  • 23 and 24 are sequence diagrams showing user certificate verification processing.
  • the processing for verifying the domain A user certificate is described, but when verifying the domain B user certificate, the second certificate is used instead of the first certificate verification device 3A.
  • the certificate verification device 3B may be replaced with the second certificate authority device 7B instead of the first certificate authority device 3A.
  • the certificate verification unit 607 of the provider side certificate verification apparatus 6 determines whether or not to use another certificate verification apparatus corresponding to the domain of the user certificate in the verification of the user certificate.
  • the setting information of the document verification device 6 is confirmed (S230). If it is set to use another certificate verification apparatus, the process proceeds to step S231. If it is set not to use another certificate verification apparatus, the process proceeds to step S244 (FIG. 24).
  • the certificate verification unit 607 of the providing side certificate verification device 6 transmits a certificate verification request message to another certificate verification device (here, the first certificate verification device 3A).
  • the certificate verification request message is a message including a user certificate to be verified and a trusted certificate authority certificate.
  • the certificate verification request message is defined in the government authentication infrastructure (GPKI) government authentication infrastructure interoperability specification. This includes a certificate verification server access protocol and a request message of SCVP (Server-Based Certificate-Validation Protocol) defined as RFC5055.
  • GPKI government authentication infrastructure
  • SCVP Server-Based Certificate-Validation Protocol
  • the certificate verification unit of the first certificate verification device 3A receives the certificate verification request message transmitted by the provider certificate verification device 6 (S232).
  • the certificate verification unit of the first certificate verification apparatus 3A constructs an authentication path for the user certificate included in the certificate verification request message received in step S232 (S233).
  • Constructing a certification path means configuring the path so that the owner name of the higher-level certificate matches the issuer name of the lower-level certificate from the certificate authority certificate of the trusted certificate authority to the user certificate. And collecting all certificates on the path. If the path from the CA certificate of the trusted CA to the user certificate is not connected, or if the certificate on the certification path cannot be acquired, the certification path construction has failed.
  • step S23 If the authentication path construction is successful, the process proceeds to step S234. If the authentication path construction fails, the process proceeds to step S240.
  • step S234 the certificate verification unit of the first certificate verification apparatus 3A verifies the constructed certification path.
  • Verification of certification path means that for each certificate from a trusted CA certificate to a user certificate, the digital signature attached to the lower certificate is verified with the public key of the upper certificate. is there.
  • step S235 If the verification of the authentication path is successful, the process proceeds to step S235. If the verification of the authentication path fails, the process proceeds to step S240.
  • step S235 the certificate verification unit of the first certificate verification device 3A checks the validity of the user certificate, so that the certificate authority device that issued the user certificate that is the target of the validity check (here Then, a validity check request message is transmitted to the first certificate authority device 3A).
  • the revocation information providing unit 310 of the first certificate authority device 3A receives the validity check request message transmitted by the first certificate verification device 3A via the communication unit 314 (S236).
  • the revocation information providing unit 310 of the first certificate authority device 3A generates a validity check information message including validity check information for specifying the revoked user certificate, and sends it to the first certificate verification device 3A. Transmit (S237).
  • the certificate revocation list is transmitted, but this is not the case when the revocation information is provided by a method such as an online certificate status protocol.
  • the certificate verification unit of the first certificate verification device 3A receives the validity check information message transmitted in step S237 via the communication unit (S238).
  • the certificate verification unit of the first certificate verification apparatus 3A confirms that the user certificate whose validity is to be verified has not been revoked based on the validity confirmation information message received in step S238, and It is confirmed that the certificate is within the valid period (S239).
  • the certificate verification unit of the first certificate verification apparatus 3A generates a user certificate verification response message according to the verification results of steps S233, S234, and S239 (S240).
  • step S239 if it is determined in step S239 that the certificate is valid, a message indicating that the certificate has been successfully verified is generated as a certificate verification response.
  • step S233 certification path validation fails in step S234, and if it is determined in step S239 that the certificate is invalid, a certificate validation response is provided. Generate a message that the certificate verification failed.
  • the certificate verification unit of the first certificate verification device 3A transmits the certificate verification response message generated in step S240 to the providing side certificate verification device 6 (S241).
  • the certificate verification unit 607 of the providing side certificate verification device 6 receives the certificate verification response message transmitted in step S241 via the communication unit 610 (S242).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 determines the verification result by checking the content of the certificate verification response message received in step S242 (S243).
  • step S230 determines whether other certificate verification apparatuses are not used. If it is determined in step S230 that other certificate verification apparatuses are not used, the process proceeds to step S244 in FIG. 24, and the certificate verification unit 607 of the providing side certificate verification apparatus 6 determines the user certificate. An authentication path is constructed (S244). If the authentication path construction is successful, the process proceeds to step S245, and if the authentication path construction fails, the process proceeds to step S251.
  • step S245 the certificate verification unit 607 of the providing-side certificate verification device 6 verifies the constructed certification path. If the verification of the authentication path is successful, the process proceeds to step S246. If the verification of the authentication path fails, the process proceeds to step S251.
  • step S246 the certificate verification unit 607 of the providing-side certificate verification apparatus 6 performs the verification of the validity of the user certificate, so that the first certificate authority apparatus that has issued the user certificate that is the target of the validity check A validity check request message is transmitted to 3A (S246).
  • the revocation information providing unit 310 of the first certificate authority device 3A receives the validity confirmation request transmitted by the providing side certificate verification device 6 via the communication unit 314 (Step 7540).
  • the revocation information providing unit 310 of the first certificate authority device 3A generates a validity check information message including validity check information for specifying the revoked user certificate, and transmits it to the providing side certificate verification device 6. (S248).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the validity check information message transmitted in step S248 (S249).
  • the certificate verification unit 607 of the providing side certificate verification apparatus 6 confirms that the certificate whose validity is to be verified has not been revoked based on the validity confirmation information message received in step S249, and the certificate It is confirmed that the certificate is within the valid period (S250).
  • the certificate verification unit 607 of the providing-side certificate verification device 6 determines that the verification of the certificate has been successful when it is determined in step S250 that the certificate is valid. On the other hand, if certification path construction fails in step S244, certification path validation fails in step S245, or if it is determined in step S250 that the certificate is invalid, user certificate validation is performed. It is determined that the process has failed (S251).
  • the service provider Service can be provided by successfully verifying both the user certificate issued by the certificate authority with high trust and the user certificate presented when trying to receive the service. However, if any one of these user certificates is successfully verified, it is possible to provide a service according to the reliability of the user certificate that has been successfully verified.
  • step S72 of FIG. 16 the user certificate that has been successfully verified, the reliability of the user certificate that has been successfully verified, the domain of the user certificate that has been successfully verified, or the like is specified.
  • the service providing apparatus 4 can determine the provision of the service according to the reliability of the user certificate that has been successfully verified.
  • information in which the reliability or domain of the user certificate is associated with the service that can be provided is stored in the storage unit 401.
  • the service providing apparatus 4 when providing a service, the service providing apparatus 4, the user information management apparatus 5, and the providing side certificate verification apparatus 6 perform user verification.
  • the present invention is not limited to such an embodiment, and the processing performed in these apparatuses can be integrated into one or a plurality of apparatuses or distributed.
  • the processing performed by the user information management device 5 and the provider certificate verification device 6 can be performed by one device.
  • the present invention is not limited to such an example. It is also possible to perform the processing of this embodiment using a single device (for example, the first user device 1). In such a case, the communication address of the one device (for example, the first user device 1) may be registered as the notification destination of the main registration.

Abstract

Provided is a technique that can easily receive a verification using an electronic certificate having a high reliability for a service provider. When an electronic certificate having a low reliability for a service provider is received from a first user apparatus (1) or a second user apparatus (2) via a service providing apparatus (4), a provider-side certificate verifying apparatus (6) acquires, from a user information managing apparatus (5), an electronic certificate of a high reliability associated with the received electronic certificate. When the provider-side certificate verifying apparatus (6) has successfully verified the electronic certificate of the high reliability, the service providing apparatus (4) provides the service for the first user apparatus (1) or the second user apparatus (2).

Description

[規則26に基づく補充 08.09.2010] 通信システム、証明書検証装置及びサービス提供方法 [Supplement based on Rule 26 08.09.2010] Communication system, certificate verification device and service provision method
 本発明は、署名データの検証技術に関する。 The present invention relates to a signature data verification technique.
 近年のITの普及により、様々な情報が電子化され、ネットワークを介してやり取りされるようになってきている。このようなネットワークを介した情報のやり取りは、遠く離れた人とでも簡単かつ高速に行うことができる反面、通信相手が他人になりすますといった脅威も存在する。通信相手のなりすましを防ぐ方法の1つとして、電子証明書を用いた認証方法が存在する。 With the spread of IT in recent years, various information has been digitized and exchanged via a network. Such exchange of information via a network can be performed easily and at high speed even with a distant person, but there is also a threat that a communication partner impersonates another person. As one method for preventing spoofing of a communication partner, there is an authentication method using an electronic certificate.
 ここで、例えば、特許文献1では、通信回線の加入者線識別情報と電子証明書を関連付けて記憶しておき、加入者線識別情報の照合と電子証明書の検証の双方に成功した場合に、正当な利用者であると判定する技術が記載されている。 Here, for example, in Patent Document 1, subscriber line identification information of a communication line and an electronic certificate are stored in association with each other, and both verification of the subscriber line identification information and verification of the electronic certificate are successful. A technique for determining that the user is a legitimate user is described.
特開2003-122720号公報(図4、段落0025~0034)JP 2003-122720 A (FIG. 4, paragraphs 0025 to 0034)
 特許文献1に記載の技術では、加入者線識別情報の照合と電子証明書の検証の双方を行っているが、電子証明書を発行する認証局の中には、公的個人認証サービスや電子署名法に基づく認定認証業務のように本人性確認を厳密に行なう認証局もあれば、申請すれば電子証明書を誰でも入手できるような認証局もあり、電子証明書の信頼度は様々である。 In the technology described in Patent Document 1, both verification of subscriber line identification information and verification of an electronic certificate are performed. However, some certificate authorities that issue electronic certificates include public personal authentication services and electronic certificates. Some certificate authorities perform strict identity verification, as in the case of accredited certification services based on the signature law. Other certificate authorities allow anyone to obtain an electronic certificate upon application, and the reliability of electronic certificates varies. is there.
 従って、サービスの提供者の中には、特定の認証局から発行された電子証明書しか受け入れない者もある。 Therefore, some service providers accept only electronic certificates issued by specific certificate authorities.
 この点、例えば、サービス提供者が信頼する電子証明書がICカードに格納されたものであるような場合には、ICカードを読み込むことができない携帯電話では、当該サービス提供者からサービスの提供を受けることができない。 In this regard, for example, in the case where an electronic certificate trusted by a service provider is stored in an IC card, a mobile phone that cannot read the IC card can provide the service from the service provider. I can't receive it.
 本発明は、サービス提供者にとって信頼度が高い電子証明書による検証を容易に受けることのできる技術を提供する。 The present invention provides a technology that allows a service provider to easily receive verification with a highly reliable electronic certificate.
 例えば、サービス提供者にとって、信頼度の低い電子証明書が提示された場合には、提示された信頼度の低い電子証明書に関連付けられている信頼度の高い電子証明書の検証を行う技術が開示される。 For example, when a low-trust electronic certificate is presented to a service provider, there is a technology for verifying a high-trust electronic certificate associated with the presented low-trust electronic certificate. Disclosed.
 例えば、一つの観点に従って開示されるのは、利用者装置と、当該利用者装置にサービスを提供するサービス提供装置と、を備える通信システムであって、
前記サービス提供装置の制御部は、前記利用者装置から、第一の秘密鍵(Private key)で署名された署名データと、当該第一の秘密鍵とペアをなす第一の公開鍵の公開鍵証明書である第一の利用者証明書と、が送られてきた場合には、当該署名データ及び当該第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供し、前記利用者装置から、前記第一の秘密鍵とは異なる第二の秘密鍵で署名された署名データと、当該第二の秘密鍵とペアをなす第二の公開鍵の公開鍵証明書である第二の利用者証明書と、が送られてきた場合には、当該第二の利用者証明書に関連付けられている第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供すること、を特徴とする。 For example, disclosed in accordance with one aspect is a communication system including a user device and a service providing device that provides a service to the user device,
The control unit of the service providing apparatus includes, from the user apparatus, signature data signed with a first private key (Private key) and a public key of a first public key paired with the first private key When the first user certificate, which is a certificate, is sent, the signature data and the first user certificate are successfully verified to provide a service to the user device. The signature data signed with a second secret key different from the first secret key and the public key certificate of the second public key paired with the second secret key from the user device When the second user certificate is sent, the first user certificate associated with the second user certificate is successfully verified, so that the use Providing a service to a user device.
 以上のように、本発明によれば、サービス提供者にとって信頼度が高い電子証明書による検証を容易に受けることができるようになる。 As described above, according to the present invention, verification by an electronic certificate having a high reliability can be easily received for a service provider.
通信システム100の概略を例示する図。1 is a diagram illustrating an outline of a communication system 100. FIG. 第一利用者装置1の概略を例示する図。The figure which illustrates the outline of the 1st user apparatus. コンピュータ180の概略を例示する図。The figure which illustrates the outline of the computer 180. 利用者認証用デバイス120の概略を例示する図。The figure which illustrates the outline of the device 120 for user authentication. ICカード190の概略を例示する図。The figure which illustrates the outline of the IC card. 第二利用者装置2の概略を例示する図。The figure which illustrates the outline of the 2nd user apparatus. 携帯電話端末290の概略を例示する図。The figure which illustrates the outline of the mobile telephone terminal 290. 認証局装置3の概略を例示する図。2 is a diagram illustrating an outline of a certificate authority device 3. FIG. コンピュータ390の概略を例示する図。The figure which illustrates the outline of the computer 390. サービス提供装置4の概略を例示する図。The figure which illustrates the outline of the service provision apparatus 4. ユーザ情報管理装置5の概略を例示する図。The figure which illustrates the outline of the user information management apparatus 5. ユーザ情報テーブル502aの概略を例示する図。The figure which illustrates the outline of the user information table 502a. 提供側証明書検証装置6の概略を例示する図。The figure which illustrates the outline of the provider certificate verification apparatus 6. 利用者証明書の登録処理を例示するシーケンス図。The sequence diagram which illustrates the registration process of a user certificate. 利用者証明書の登録処理を例示するシーケンス図。The sequence diagram which illustrates the registration process of a user certificate. サービス利用時の認証処理を例示するシーケンス図。The sequence diagram which illustrates the authentication process at the time of service utilization. 利用者証明書の関連付けの更新処理を例示するシーケンス図。The sequence diagram which illustrates the update process of association of a user certificate. 証明書の関連付けの変更処理を例示するシーケンス図。The sequence diagram which illustrates the change process of certificate correlation. 証明書の関連付けの変更処理を例示するシーケンス図。The sequence diagram which illustrates the change process of certificate correlation. 利用者証明書の関連付けの解除処理を例示するシーケンス図。The sequence diagram which illustrates the cancellation process of the association of a user certificate. 利用者証明書の関連付けの解除処理を例示するシーケンス図。The sequence diagram which illustrates the cancellation process of the association of a user certificate. 利用者証明書の検証処理を例示するフローチャート。The flowchart which illustrates a user certificate verification process. 利用者証明書の検証処理を例示するシーケンス図。The sequence diagram which illustrates the verification process of a user certificate. 利用者証明書の検証処理を例示するシーケンス図。The sequence diagram which illustrates the verification process of a user certificate.
 図1は、本発明の一実施形態である通信システム100の概略図である。図示するように、通信システム100は、第一利用者装置1と、第二利用者装置2と、第一認証局装置3Aと、第二認証局装置3Bと、サービス提供装置4と、ユーザ情報管理装置5と、提供側証明書検証装置6と、第一証明書検証装置7Aと、第二証明書検証装置7Bと、を備え、これらは、ネットワーク8を介して、相互に情報を送受信することができるようにされている。 FIG. 1 is a schematic diagram of a communication system 100 according to an embodiment of the present invention. As illustrated, the communication system 100 includes a first user device 1, a second user device 2, a first certificate authority device 3A, a second certificate authority device 3B, a service providing device 4, and user information. A management device 5, a providing side certificate verification device 6, a first certificate verification device 7 A, and a second certificate verification device 7 B are provided, and these transmit and receive information to and from each other via the network 8. Have been able to.
 図2は、第一利用者装置1の概略図である。図示するように、第一利用者装置1は、記憶部101と、制御部102と、入力部108と、出力部109と、通信部110と、利用者認証用デバイス入出力部111と、を備える。 FIG. 2 is a schematic diagram of the first user device 1. As illustrated, the first user device 1 includes a storage unit 101, a control unit 102, an input unit 108, an output unit 109, a communication unit 110, and a user authentication device input / output unit 111. Prepare.
 記憶部101には、第一利用者装置1での処理に必要な情報が記憶される。 The storage unit 101 stores information necessary for processing in the first user device 1.
 制御部102は、全体制御部103と、サービス利用部104と、利用者認証用デバイス制御部105と、第一利用者装置用認証部106と、を備える。 The control unit 102 includes an overall control unit 103, a service use unit 104, a user authentication device control unit 105, and a first user device authentication unit 106.
 全体制御部103は、第一利用者装置1での処理の全体を制御する。例えば、本実施形態においては、ファイル管理、プロセス管理、デバイス管理といった処理を行う。 The overall control unit 103 controls the entire processing in the first user device 1. For example, in this embodiment, processing such as file management, process management, and device management is performed.
 サービス利用部104は、ネットワーク8を介して、サービス提供装置4より、サービスの提供を受ける処理を制御する。例えば、本実施形態においては、サービスはWebで提供されるものとして説明を行うが、本発明はWebの形態に限定されるものではない。この場合、サービス利用部104は、Webブラウザを用いて処理を行い、ネットワーク上のWebサーバに公開されたHTMLファイル、画像ファイル、音楽ファイル等をダウンロードし、レイアウトを解析して表示あるいは再生等を行い、また、フォームを使用してユーザがデータをWebサーバに送信することや、所定のプログラミング言語(例えば、Java(登録商標)等のオブジェクト指向言語が含まれる)等で記述されたプログラムを動作させることも可能である。また、SSLもしくはTLS通信を行うために必要な暗号処理を行う機能と鍵及び利用者証明書を管理する処理も行う。 The service using unit 104 controls processing for receiving service provision from the service providing apparatus 4 via the network 8. For example, in this embodiment, the service is described as being provided on the Web, but the present invention is not limited to the Web form. In this case, the service using unit 104 performs processing using a Web browser, downloads an HTML file, an image file, a music file, etc. released to a Web server on the network, analyzes the layout, displays or reproduces the file, etc. And using a form to send data to a Web server, and run a program written in a predetermined programming language (for example, including an object-oriented language such as Java (registered trademark)) It is also possible to make it. In addition, a function for performing cryptographic processing necessary for performing SSL or TLS communication, and processing for managing a key and a user certificate are also performed.
 利用者認証用デバイス制御部105は、後述する利用者認証用デバイス入出力部111を介して、図4(利用者認証用デバイス120の概略図)に示すような利用者認証用デバイス120との間で情報を入出力する処理を制御する。 The user authentication device control unit 105 communicates with the user authentication device 120 as shown in FIG. 4 (schematic diagram of the user authentication device 120) via a user authentication device input / output unit 111 described later. Controls the process of inputting and outputting information between them.
 第一利用者装置用認証部106は、第一利用者装置1における認証処理を制御する。例えば、第一利用者装置用認証部106は、利用者用認証デバイス120との間で情報の送受信を行い、サービス利用時の認証に必要な電子署名データや利用者証明書を取得し、サービス利用部104に出力する。 The first user device authentication unit 106 controls authentication processing in the first user device 1. For example, the first user device authentication unit 106 transmits / receives information to / from the user authentication device 120, acquires electronic signature data and a user certificate necessary for authentication when using the service, and The data is output to the utilization unit 104.
 入力部108は、情報の入力を受け付ける。 The input unit 108 receives input of information.
 出力部109は、情報を出力する。 The output unit 109 outputs information.
 通信部110は、ネットワーク8を介した情報の送受信を行う。 The communication unit 110 transmits and receives information via the network 8.
 利用者認証用デバイス入出力部111は、図4に示すような利用者認証用デバイス120との間で情報を入出力する。 The user authentication device input / output unit 111 inputs / outputs information to / from the user authentication device 120 as shown in FIG.
 以上に記載した第一利用者装置1は、例えば、図3(コンピュータ180の概略図)に示すような、CPU(Central Processing Unit)181と、メモリ182と、HDD(Hard Disk Drive)等の外部記憶装置183と、CD(Compact Disk)やDVD(Digital Versatile Disk)等の可搬性を有する記憶媒体184に対して情報を読み書きする読書装置185と、キーボードやマウスなどの入力装置186と、ディスプレイなどの出力装置187と、通信ネットワークに接続するためのNIC(Network Interface Card)等の通信装置188と、を備えた一般的なコンピュータ180に、ICカード等の記憶媒体に対して情報を読み書きするリーダライタ184を接続することにより実現できる。 The first user device 1 described above includes, for example, a CPU (Central Processing Unit) 181, a memory 182, an HDD (Hard Disk Drive), etc. as shown in FIG. 3 (schematic diagram of the computer 180). A storage device 183, a reading device 185 for reading / writing information from / to a portable storage medium 184 such as a CD (Compact Disk) or a DVD (Digital Versatile Disk), an input device 186 such as a keyboard or a mouse, a display, etc. Reader / writer for reading / writing information from / to a storage medium such as an IC card in a general computer 180 having an output device 187 and a communication device 188 such as a NIC (Network Interface Card) for connecting to a communication network This can be realized by connecting the writer 184.
 例えば、記憶部101は、CPU181がメモリ182又は外部記憶装置183を利用することにより実現可能であり、制御部102は、外部記憶装置183に記憶されている所定のプログラムをメモリ182にロードしてCPU181で実行することで実現可能であり、入力部108は、CPU181が入力装置186を利用することで実現可能であり、出力部109は、CPU181が出力装置187を利用することで実現可能であり、通信部110は、CPU181が通信装置188を利用することで実現可能であり、利用者認証用デバイス111は、CPU181がリーダライタ189を利用することにより実現可能である。 For example, the storage unit 101 can be realized by the CPU 181 using the memory 182 or the external storage device 183, and the control unit 102 loads a predetermined program stored in the external storage device 183 to the memory 182. The input unit 108 can be realized by using the input device 186 by the CPU 181, and the output unit 109 can be realized by using the output device 187 by the CPU 181. The communication unit 110 can be realized by the CPU 181 using the communication device 188, and the user authentication device 111 can be realized by the CPU 181 using the reader / writer 189.
 この所定のプログラムは、読書装置185を介して記憶媒体184から、あるいは、通信装置188を介してネットワークから、外部記憶装置183にダウンロードされ、それから、メモリ182上にロードされてCPU181により実行されるようにしてもよい。また、読書装置185を介して記憶媒体184から、あるいは、通信装置188を介してネットワークから、メモリ182上に直接ロードされ、CPU181により実行されるようにしてもよい。 The predetermined program is downloaded from the storage medium 184 via the reading device 185 or from the network via the communication device 188 to the external storage device 183, and then loaded onto the memory 182 and executed by the CPU 181. You may do it. Alternatively, the program may be directly loaded on the memory 182 from the storage medium 184 via the reading device 185 or from the network via the communication device 188 and executed by the CPU 181.
 図4は、利用者認証用デバイス120の概略図である。図示するように利用者認証用デバイス120は、記憶部121と、制御部125と、I/F部129と、を備える。 FIG. 4 is a schematic diagram of the user authentication device 120. As illustrated, the user authentication device 120 includes a storage unit 121, a control unit 125, and an I / F unit 129.
 記憶部121は、第一利用者秘密鍵記憶領域122と、第一利用者証明書記憶領域123と、を備える。 The storage unit 121 includes a first user private key storage area 122 and a first user certificate storage area 123.
 第一利用者秘密鍵記憶領域122には、後述する第一利用者証明書記憶領域123に記憶されている利用者証明書に含まれる公開鍵とペアとなる秘密鍵を特定する情報が記憶される。ここで、本実施形態においては、第一利用者秘密鍵記憶領域122には、後述する第一認証局装置3Aにおいて生成された秘密鍵が記憶される。 The first user private key storage area 122 stores information for specifying a private key paired with the public key included in the user certificate stored in the first user certificate storage area 123 described later. The Here, in the present embodiment, the first user secret key storage area 122 stores a secret key generated in the first certificate authority device 3A described later.
 第一利用者証明書記憶領域123には、第一利用者秘密鍵記憶領域122に記憶されている秘密鍵とペアとなる公開鍵を含む利用者証明書を特定する情報が記憶される。ここで、本実施形態においては、第一利用者証明書記憶領域123には、後述する第一認証局装置3Aにおいて発行された利用者証明書が記憶される。例えば、利用者証明書は、利用者の公開鍵と利用者を識別するための情報が記載されており、これらの情報を署名対象範囲として、認証局の秘密鍵を用いて電子署名が付与されたデータである。 In the first user certificate storage area 123, information specifying a user certificate including a public key paired with the private key stored in the first user private key storage area 122 is stored. Here, in the present embodiment, the first user certificate storage area 123 stores a user certificate issued by the first certificate authority device 3A described later. For example, the user certificate describes the public key of the user and information for identifying the user, and the electronic signature is given using the private key of the certificate authority with these information as the scope of signature. Data.
 制御部125は、全体制御部126と、デバイス用認証部127と、備える。 The control unit 125 includes an overall control unit 126 and a device authentication unit 127.
 全体制御部126は、利用者認証用デバイス120での処理の全体を制御する。 The overall control unit 126 controls the entire processing in the user authentication device 120.
 デバイス用認証部127は、I/F部129を介して、第一利用者装置1より電子署名データの生成要求を受けると、第一利用者秘密鍵記憶領域122に記憶されている秘密鍵を用いて電子署名を生成し、I/F部129を介して、第一利用者装置1より利用者証明書の出力要求を受けると、第一利用者証明書記憶領域123に記憶されている利用者証明書を出力する処理を行う。 When the device authentication unit 127 receives a request to generate electronic signature data from the first user device 1 via the I / F unit 129, the device authentication unit 127 obtains the secret key stored in the first user secret key storage area 122. When the electronic signature is generated and the user certificate output request is received from the first user device 1 via the I / F unit 129, the usage stored in the first user certificate storage area 123 is used. Process to output the user certificate.
 I/F部129は、第一利用者装置1の利用者認証用デバイス入出力部111との間で情報を入出力する。 The I / F unit 129 inputs / outputs information to / from the user authentication device input / output unit 111 of the first user device 1.
 以上に記載した利用者認証用デバイス120は、図5(ICカード190の概略図)に示すような、CPU192及び外部記憶装置193を有するICユニット191と、データを送受信するためのインタフェースであるI/F195と、を備えるICカード190で実現可能である。 The user authentication device 120 described above is an interface for transmitting / receiving data to / from an IC unit 191 having a CPU 192 and an external storage device 193 as shown in FIG. 5 (schematic diagram of an IC card 190). / F195 and an IC card 190.
 例えば、制御部125は、ICユニット191のCPU192により実現可能であり、記憶部121は、ICユニット191のCPU192が外部記憶装置193を利用することにより実現可能であり、I/F部129は、ICユニット191のCPU192がI/F195を利用することにより実現可能である。 For example, the control unit 125 can be realized by the CPU 192 of the IC unit 191, the storage unit 121 can be realized by using the external storage device 193 by the CPU 192 of the IC unit 191, and the I / F unit 129 can be This can be realized by the CPU 192 of the IC unit 191 using the I / F 195.
 図6は、第二利用者装置2の概略図である。図示するように、第二利用者装置2は、記憶部201と、制御部205と、入力部210と、出力部211と、無線通信部212と、を備える。 FIG. 6 is a schematic diagram of the second user device 2. As illustrated, the second user device 2 includes a storage unit 201, a control unit 205, an input unit 210, an output unit 211, and a wireless communication unit 212.
 記憶部201は、第二利用者秘密鍵記憶領域202と、第二利用者証明書記憶領域203と、を備える。 The storage unit 201 includes a second user private key storage area 202 and a second user certificate storage area 203.
 第二利用者秘密鍵記憶領域202には、後述する第二利用者証明書記憶領域203に記憶されている利用者証明書に含まれる公開鍵とペアとなる秘密鍵を特定する情報が記憶される。ここで、本実施形態においては、第二利用者秘密鍵記憶領域202には、後述する第二認証局装置3Bにおいて生成された秘密鍵が記憶される。 The second user private key storage area 202 stores information for specifying a private key paired with the public key included in the user certificate stored in the second user certificate storage area 203 described later. The Here, in the present embodiment, the second user secret key storage area 202 stores a secret key generated in the second certificate authority device 3B described later.
 第二利用者証明書記憶領域203には、第二利用者秘密鍵記憶領域202に記憶されている秘密鍵とペアとなる公開鍵を含む利用者証明書を特定する情報が記憶される。ここで、本実施形態においては、第二利用者証明書記憶領域203には、後述する第二認証局装置3Bにおいて発行された利用者証明書が記憶される。 In the second user certificate storage area 203, information for specifying a user certificate including a public key paired with the private key stored in the second user private key storage area 202 is stored. Here, in the present embodiment, the second user certificate storage area 203 stores a user certificate issued by the second certificate authority device 3B described later.
 制御部205は、全体制御部206と、サービス利用部207と、第二利用者装置用認証部208と、を備える。 The control unit 205 includes an overall control unit 206, a service use unit 207, and a second user device authentication unit 208.
 全体制御部206は、第二利用者装置2での処理の全体を制御する。例えば、本実施形態においては、ファイル管理、プロセス管理、デバイス管理といった処理を行う。 The overall control unit 206 controls the entire processing in the second user device 2. For example, in this embodiment, processing such as file management, process management, and device management is performed.
 サービス利用部207は、ネットワーク8を介して、サービス提供装置4より、サービスの提供を受ける処理を制御する。例えば、本実施形態においては、サービスはWebで提供されるものとして説明を行うが、本発明はWebの形態に限定されるものではない。この場合、サービス利用部207は、Webブラウザを用いて処理を行い、ネットワーク上のWebサーバに公開されたHTMLファイル、画像ファイル、音楽ファイル等をダウンロードし、レイアウトを解析して表示あるいは再生等を行い、また、フォームを使用してユーザがデータをWebサーバに送信することや、所定のプログラミング言語(例えば、Java(登録商標)等のオブジェクト指向言語が含まれる)等で記述されたプログラムを動作させることも可能である。また、SSLもしくはTLS通信を行うために必要な暗号処理を行う機能と鍵及び利用者証明書を管理する処理も行う。 The service using unit 207 controls processing for receiving service provision from the service providing apparatus 4 via the network 8. For example, in this embodiment, the service is described as being provided on the Web, but the present invention is not limited to the Web form. In this case, the service using unit 207 performs processing using a Web browser, downloads an HTML file, an image file, a music file, and the like released to a Web server on the network, analyzes the layout, displays or reproduces the file, and the like. And using a form to send data to a Web server, and run a program written in a predetermined programming language (for example, including an object-oriented language such as Java (registered trademark)) It is also possible to make it. In addition, a function for performing cryptographic processing necessary for performing SSL or TLS communication, and processing for managing a key and a user certificate are also performed.
 第二利用者装置用認証部108は、第二利用者装置2における認証処理を制御する。例えば、本実施形態においては、第二利用者秘密鍵記憶領域202に記憶されている秘密鍵を用いて電子署名を生成し、また、第二利用者証明書記憶領域203に記憶されている利用者証明書をサービス利用部207に出力する処理を行う。 The second user device authentication unit 108 controls authentication processing in the second user device 2. For example, in the present embodiment, an electronic signature is generated using a private key stored in the second user private key storage area 202, and a use stored in the second user certificate storage area 203 is used. The process of outputting the user certificate to the service using unit 207 is performed.
 入力部210は、情報の入力を受け付ける。 The input unit 210 receives input of information.
 出力部211は、情報を出力する。 The output unit 211 outputs information.
 無線通信部212は、無線を介してネットワーク8に接続し、情報の送受信を行う。 The wireless communication unit 212 connects to the network 8 via wireless and transmits / receives information.
 以上に記載した第二利用者装置2は、例えば、図7(携帯電話端末290の概略図)に示すような、CPU291と、メモリ292と、外部記憶装置293と、キーデバイス等の入力装置294と、ディスプレイ等の出力装置295と、RF(Radio Frequency)部、BB(Base Band)部及びMAC(Media Access Controller)部を備える無線通信装置296と、アンテナ297と、を備えた一般的な携帯電話端末290により実現できる。 The second user device 2 described above includes, for example, a CPU 291, a memory 292, an external storage device 293, and an input device 294 such as a key device as shown in FIG. 7 (schematic diagram of the mobile phone terminal 290). A general portable device including an output device 295 such as a display, a radio communication device 296 including an RF (Radio Frequency) unit, a BB (Base Band) unit, and a MAC (Media Access Controller) unit, and an antenna 297. This can be realized by the telephone terminal 290.
 例えば、記憶部201は、CPU291がメモリ292又は外部記憶装置293を利用することにより実現可能であり、制御部205は、外部記憶装置293に記憶されている所定のプログラムをメモリ292にロードしてCPU291で実行することで実現可能であり、入力部218は、CPU291が入力装置294を利用することで実現可能であり、出力部211は、CPU291が出力装置295を利用することで実現可能であり、無線通信部212は、CPU291が無線通信装置296及びアンテナ297を利用することで実現可能である。 For example, the storage unit 201 can be realized by the CPU 291 using the memory 292 or the external storage device 293, and the control unit 205 loads a predetermined program stored in the external storage device 293 into the memory 292. The input unit 218 can be realized by using the input device 294 by the CPU 291, and the output unit 211 can be realized by using the output device 295 by the CPU 291. The wireless communication unit 212 can be realized by the CPU 291 using the wireless communication device 296 and the antenna 297.
 この所定のプログラムは、無線通信装置296を介してネットワークから、外部記憶装置293にダウンロードされ、それから、メモリ292上にロードされてCPU291により実行されるようにしてもよい。また、無線通信装置296を介してネットワークから、メモリ292上に直接ロードされ、CPU291により実行されるようにしてもよい。 The predetermined program may be downloaded from the network to the external storage device 293 via the wireless communication device 296, and then loaded onto the memory 292 and executed by the CPU 291. Alternatively, it may be directly loaded onto the memory 292 from the network via the wireless communication device 296 and executed by the CPU 291.
 図1に戻り、第一認証局装置3A及び第二認証局装置3Bは、利用者の電子証明書を発行する。ここで、第一認証局装置3Aが発行する電子証明書のドメインをドメインA、第二認証局装置3Bが発行する電子証明書のドメインをドメインBとして説明する。 Referring back to FIG. 1, the first certificate authority device 3A and the second certificate authority device 3B issue the user's electronic certificate. Here, the domain of the electronic certificate issued by the first certificate authority device 3A will be described as domain A, and the domain of the electronic certificate issued by the second certificate authority device 3B will be described as domain B.
 なお、ドメインAとドメインBは相互認証を行っておらず、電子証明書の検証時に構成される認証パスは互いに独立であるものとする。ここで、サービス提供装置4を介してサービスを提供するサービス提供者にとって信頼度の高い電子証明書をドメインAとし、信頼度の高くない電子証明書をドメインBとする。そして、本実施形態では、ドメインAの電子証明書は、ICカード等のセキュアなデバイスに格納され、PC等のコンピュータを用いて利用されるものとして説明する。また、ドメインBの電子証明書は、携帯電話端末に接続されたICチップに格納され、携帯電話端末を用いて利用されるものとする。 Note that it is assumed that domain A and domain B do not perform mutual authentication, and the certification paths configured when verifying the electronic certificate are independent of each other. Here, it is assumed that an electronic certificate having high reliability for a service provider who provides a service via the service providing apparatus 4 is a domain A, and an electronic certificate having no high reliability is a domain B. In the present embodiment, the electronic certificate of domain A will be described as being stored in a secure device such as an IC card and used using a computer such as a PC. The domain B electronic certificate is stored in an IC chip connected to the mobile phone terminal, and is used using the mobile phone terminal.
 ここで、第一認証局装置3A及び第二認証局装置3Bは、同様の機能構成を有するため、これらの機能構成を、図8(認証局装置3の概略図)を用いて説明する。 Here, since the first certificate authority device 3A and the second certificate authority device 3B have the same functional configuration, these functional configurations will be described with reference to FIG. 8 (schematic diagram of the certificate authority device 3).
 図8は、認証局装置3の概略図である。図示するように、認証局装置3は、記憶部301と、制御部307と、入力部312と、出力部313と、通信部314と、を備える。 FIG. 8 is a schematic diagram of the certificate authority device 3. As illustrated, the certificate authority device 3 includes a storage unit 301, a control unit 307, an input unit 312, an output unit 313, and a communication unit 314.
 記憶部301は、認証局秘密鍵記憶領域302と、認証局証明書記憶領域303と、利用者証明書記憶領域304と、証明書失効情報記憶領域305と、を備える。 The storage unit 301 includes a certificate authority private key storage area 302, a certificate authority certificate storage area 303, a user certificate storage area 304, and a certificate revocation information storage area 305.
 認証局秘密鍵記憶領域302には、認証局3の所有する秘密鍵である認証局秘密鍵を特定する情報が記憶される。 In the certification authority private key storage area 302, information for identifying a certification authority private key that is a private key owned by the certification authority 3 is stored.
 なお、認証局秘密鍵は、利用者証明書(公開鍵証明書)を発行する際に認証局装置3の電子署名の付与に用いる暗号鍵である。認証局秘密鍵は、それぞれのドメインの認証局が所有する秘密鍵情報であり、各ドメインの認証局内で安全に管理される。なお、本実施形態においては、認証局装置3の記憶部301の内部で管理するものとしているが、ハードウェアセキュリティモジュール等の耐タンパ性を有する専用の装置を用いて管理してもよい。 Note that the CA private key is an encryption key used to give an electronic signature of the CA 3 when issuing a user certificate (public key certificate). The certificate authority private key is secret key information owned by the certificate authority of each domain, and is securely managed in the certificate authority of each domain. In the present embodiment, management is performed inside the storage unit 301 of the certificate authority device 3, but management may be performed using a dedicated device having tamper resistance such as a hardware security module.
 認証局証明書記憶領域303には、認証局秘密鍵記憶領域302に記憶された認証局秘密鍵に対応した認証局3の公開鍵証明書である認証局証明書を特定する情報が記憶される。 The certificate authority certificate storage area 303 stores information for specifying a certificate authority certificate that is a public key certificate of the certificate authority 3 corresponding to the certificate authority private key stored in the certificate authority private key storage area 302. .
 なお、認証局証明書は、認証局3が自身に対して発行した自己署名の公開鍵証明書である。当該公開鍵証明書に記載された公開鍵と、認証局秘密鍵と、は一対の鍵ペアをなすものである。 The certificate authority certificate is a self-signed public key certificate issued by the certificate authority 3 to itself. The public key described in the public key certificate and the CA private key form a pair of keys.
 利用者証明書記憶領域304には、利用者に発行した電子証明書である利用者証明書を特定する情報が記憶される。 The user certificate storage area 304 stores information for specifying a user certificate that is an electronic certificate issued to the user.
 証明書失効情報記憶領域305には、認証局3が発行した利用者証明書に関する失効情報を特定する情報が記憶される。 In the certificate revocation information storage area 305, information specifying revocation information related to the user certificate issued by the certificate authority 3 is stored.
 なお、証明書失効情報は、利用者証明書(公開鍵証明書)が失効しているかどうかを確認するために用いられる情報である。証明書失効情報は、証明書失効リスト(CRL)等が該当する。 The certificate revocation information is information used to confirm whether the user certificate (public key certificate) has been revoked. The certificate revocation information corresponds to a certificate revocation list (CRL).
 また、本実施形態においては、認証局秘密鍵、認証局証明書、証明書失効情報は、ドメイン毎に別々の認証局装置3で取り扱われるものとする。 In the present embodiment, the CA private key, CA certificate, and certificate revocation information are handled by different CA devices 3 for each domain.
 制御部307は、全体制御部308と、認証処理部309と、失効情報提供部310と、を備える。 The control unit 307 includes an overall control unit 308, an authentication processing unit 309, and a revocation information providing unit 310.
 全体制御部308は、認証局装置3での処理の全体を制御する。例えば、本実施形態においては、ファイル管理、プロセス管理、デバイス管理といった処理を制御する。 The overall control unit 308 controls the entire processing in the certificate authority device 3. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
 認証処理部309は、認証局装置3での認証処理を制御する。例えば、本実施形態においては、ある利用者に関して、当該利用者の識別名と利用者の所有する公開鍵とを結びつけ、この結びつけた情報に対し認証局秘密鍵を用いて電子署名を施した利用者証明書(公開鍵証明書)を発行する処理を行う。 The authentication processing unit 309 controls authentication processing in the certificate authority device 3. For example, in the present embodiment, for a certain user, the user's identification name and the public key owned by the user are linked, and a digital signature is applied to the linked information using a certification authority private key. Process to issue a user certificate (public key certificate).
 また、認証処理部309は、認証局装置3が発行した利用者証明書の管理を行い、さらに、認証局装置3が発行した利用者証明書(公開鍵証明書)に関して、失効した利用者証明書(公開鍵証明書)の情報の一覧に、認証局装置3の認証局秘密鍵を用いて電子署名を施した証明書失効情報の生成等も行う。 In addition, the authentication processing unit 309 manages user certificates issued by the certificate authority device 3, and further, regarding the user certificate (public key certificate) issued by the certificate authority device 3, a revoked user certificate Certificate revocation information is generated by digitally signing the certificate (public key certificate) information list using the certificate authority private key of the certificate authority device 3.
 また、本実施形態においては、認証処理部309は、ルート証明書となる認証局証明書と、利用者証明書と、を発行するものとする。 In this embodiment, the authentication processing unit 309 issues a certificate authority certificate that is a root certificate and a user certificate.
 なお、本実施形態においては、認証局の証明書と利用者の証明書という2階層で説明を行うが、認証局の階層構造は3階層以上であってもよく、本実施形態での説明に限定されるものではない。 In the present embodiment, the description will be made in two layers, that is, the certificate authority certificate and the user certificate. However, the hierarchy structure of the certificate authority may be three or more layers. It is not limited.
 失効情報提供部310は、認証処理部309で生成された証明書失効情報を、通信部314を介して提供する処理を制御する。例えば、失効情報提供部310は、公開鍵証明書を検証するものからの要求に応じて、通信部314を介して、証明書失効情報を送信する。 The revocation information providing unit 310 controls processing for providing the certificate revocation information generated by the authentication processing unit 309 via the communication unit 314. For example, the revocation information providing unit 310 transmits the certificate revocation information via the communication unit 314 in response to a request from one that verifies the public key certificate.
 例えば、失効情報提供部310は、LDAPサーバ等の機能を有する。なお、本実施形態においては、証明書失効情報は、証明書失効リスト(CRL)であるとして説明を行うが、このような態様に限定されず、失効情報提供部310は、オンライン証明書ステータスプロトコル(OCSP)のように、証明書の有効性確認に関する要求を受け付け、要求に応じて応答を返信するような処理を行ってもよい。 For example, the revocation information providing unit 310 has a function such as an LDAP server. In the present embodiment, the certificate revocation information is described as a certificate revocation list (CRL). However, the present embodiment is not limited to such a mode, and the revocation information providing unit 310 uses the online certificate status protocol. As in (OCSP), a process for accepting a request for certificate validity confirmation and returning a response in response to the request may be performed.
 入力部312は、情報の入力を受け付ける。 The input unit 312 accepts input of information.
 出力部313は、情報を出力する。 The output unit 313 outputs information.
 通信部314は、ネットワーク8を介した情報の送受信を行う。 The communication unit 314 transmits and receives information via the network 8.
 以上に記載した認証局装置3は、例えば、図9(コンピュータ390の概略図)に示すような、CPU391と、メモリ392と、HDD等の外部記憶装置393と、CDやDVD等の可搬性を有する記憶媒体394に対して情報を読み書きする読書装置395と、キーボードやマウスなどの入力装置396と、ディスプレイなどの出力装置397と、通信ネットワークに接続するためのNIC等の通信装置398と、を備えた一般的なコンピュータ390で実現できる。 The certificate authority device 3 described above has, for example, a CPU 391, a memory 392, an external storage device 393 such as an HDD, and a portable device such as a CD and a DVD as shown in FIG. 9 (schematic diagram of the computer 390). A reading device 395 that reads and writes information from and on the storage medium 394, an input device 396 such as a keyboard and a mouse, an output device 397 such as a display, and a communication device 398 such as a NIC for connecting to a communication network. This can be realized by a general computer 390 provided.
 例えば、記憶部301は、CPU391がメモリ392又は外部記憶装置393を利用することにより実現可能であり、制御部307は、外部記憶装置393に記憶されている所定のプログラムをメモリ392にロードしてCPU391で実行することで実現可能であり、入力部312は、CPU391が入力装置396を利用することで実現可能であり、出力部313は、CPU391が出力装置397を利用することで実現可能であり、通信部314は、CPU391が通信装置398を利用することで実現可能である。 For example, the storage unit 301 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 307 loads a predetermined program stored in the external storage device 393 into the memory 392. The input unit 312 can be realized by the CPU 391 using the input device 396, and the output unit 313 can be realized by the CPU 391 using the output device 397. The communication unit 314 can be realized by the CPU 391 using the communication device 398.
 この所定のプログラムは、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、外部記憶装置393にダウンロードされ、それから、メモリ392上にロードされてCPU391により実行されるようにしてもよい。また、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、メモリ392上に直接ロードされ、CPU391により実行されるようにしてもよい。 This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
 図10は、サービス提供装置4の概略図である。図示するように、サービス提供装置4は、記憶部401と、制御部405と、通信部410と、を有する。 FIG. 10 is a schematic diagram of the service providing apparatus 4. As illustrated, the service providing apparatus 4 includes a storage unit 401, a control unit 405, and a communication unit 410.
 記憶部401は、認証局証明書記憶領域402と、アクセス制御ポリシー情報記憶領域403と、を備える。 The storage unit 401 includes a certificate authority certificate storage area 402 and an access control policy information storage area 403.
 認証局証明書記憶領域402には、利用者証明書の署名検証に必要な全ての認証局証明書が記憶される。 The certificate authority certificate storage area 402 stores all certificate authority certificates necessary for signature verification of user certificates.
 アクセス制御ポリシー情報記憶領域403には、サービス提供装置4において提供する各々のサービスに対するアクセス権を特定する情報が記憶される。例えば、サービスの各URIと利用者もしくは当該利用者の属性に応じて、アクセス可否を決めたアクセスコントロールリスト等が記憶される。 The access control policy information storage area 403 stores information for specifying the access right for each service provided by the service providing apparatus 4. For example, an access control list or the like that determines whether or not access is permitted according to each URI of the service and the user or the attribute of the user is stored.
 制御部405は、全体制御部406と、サービス提供部407と、認証連携処理部408と、を備える。 The control unit 405 includes an overall control unit 406, a service providing unit 407, and an authentication cooperation processing unit 408.
 全体制御部406は、サービス提供装置4での処理の全体を制御する。例えば、本実施形態においては、ファイル管理、プロセス管理、デバイス管理といった処理を制御する。 The overall control unit 406 controls the entire processing in the service providing apparatus 4. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
 サービス提供部407は、ネットワーク8を介して、利用者にサービスを提供する処理を制御する。例えば、WebサーバプログラムとWebアプリケーションプログラム等で構成される。 The service providing unit 407 controls processing for providing a service to the user via the network 8. For example, it includes a Web server program and a Web application program.
 認証連携処理部408は、利用者がサービス提供プログラムにアクセスしてきた際に、利用者に認証に必要な情報の要求を行い、利用者側から送信された電子署名データや利用者証明書を提供側証明書検証装置6等に検証依頼する処理や、複数の電子証明書を関連付けする処理を制御する。 When the user accesses the service providing program, the authentication cooperation processing unit 408 requests information necessary for authentication to the user and provides the electronic signature data and the user certificate transmitted from the user side. It controls the process of requesting verification from the side certificate verification apparatus 6 and the like and the process of associating a plurality of electronic certificates.
 通信部410は、ネットワーク8を介した情報の送受信を行う。 The communication unit 410 transmits and receives information via the network 8.
 以上に記載したサービス提供装置4は、例えば、図9に示すような一般的なコンピュータ390で実現できる。 The service providing apparatus 4 described above can be realized by, for example, a general computer 390 as shown in FIG.
 例えば、記憶部401は、CPU391がメモリ392又は外部記憶装置393を利用することにより実現可能であり、制御部405は、外部記憶装置393に記憶されている所定のプログラムをメモリ392にロードしてCPU391で実行することで実現可能であり、通信部410は、CPU391が通信装置398を利用することで実現可能である。 For example, the storage unit 401 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 405 loads a predetermined program stored in the external storage device 393 into the memory 392. The communication unit 410 can be realized by the CPU 391 using the communication device 398.
 この所定のプログラムは、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、外部記憶装置393にダウンロードされ、それから、メモリ392上にロードされてCPU391により実行されるようにしてもよい。また、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、メモリ392上に直接ロードされ、CPU391により実行されるようにしてもよい。 This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
 図11は、ユーザ情報管理装置5の概略図である。図示するように、ユーザ情報管理装置5は、記憶部501と、制御部504と、通信部508と、を備える。 FIG. 11 is a schematic diagram of the user information management device 5. As illustrated, the user information management device 5 includes a storage unit 501, a control unit 504, and a communication unit 508.
 記憶部501は、ユーザ情報記憶領域502を備える。 The storage unit 501 includes a user information storage area 502.
 ユーザ情報記憶領域502には、サービス提供装置4が提供するサービスの利用者毎に、当該利用者の利用者証明書と、当該利用者証明書を連携先とする他の利用者証明書と、を特定するユーザ情報が記憶される。例えば、本実施形態においては、図12(ユーザ情報テーブル502aの概略図)に示すようなユーザ情報テーブル502aが記憶される。 In the user information storage area 502, for each user of the service provided by the service providing apparatus 4, the user certificate of the user, another user certificate that uses the user certificate as a cooperation destination, Is stored. For example, in the present embodiment, a user information table 502a as shown in FIG. 12 (schematic diagram of the user information table 502a) is stored.
 図示するように、ユーザ情報テーブル502aは、登録IDフィールド502bと、個人情報フィールド502cと、被連携証明書格納領域502dと、連携証明書格納領域502eと、通知先フィールド502nと、認証コードフィールド502oと、登録日時フィールド502pと、状態フラグフィールド502qと、を有する。 As illustrated, the user information table 502a includes a registration ID field 502b, a personal information field 502c, a linked certificate storage area 502d, a linked certificate storage area 502e, a notification destination field 502n, and an authentication code field 502o. And a registration date / time field 502p and a status flag field 502q.
 登録IDフィールド502bには、サービス提供装置4が提供するサービスの利用者を特定する情報が格納される。ここで、本実施形態においては、サービスの利用者を特定する情報として、利用者に一意となるように割り振られた登録IDが格納される。 In the registration ID field 502b, information for identifying a user of a service provided by the service providing apparatus 4 is stored. Here, in the present embodiment, a registration ID assigned so as to be unique to the user is stored as information for identifying the user of the service.
 個人情報フィールド502cには、登録IDフィールド502bで特定される利用者の属性情報が格納される。ここで、本実施形態においては、利用者の属性情報として、氏名、住所、生年月日、性別等が格納される。 In the personal information field 502c, user attribute information specified in the registration ID field 502b is stored. Here, in the present embodiment, name, address, date of birth, sex, and the like are stored as user attribute information.
 被連携証明書格納領域502dには、他の利用者証明書が連携付けられる利用者証明書を特定する情報が格納される。ここで、本実施形態においては、サービス提供装置4を用いてサービスを提供するサービス提供者が高い信頼を置くドメインAの利用者証明書(第一認証局装置3Aが提供する利用者証明書)を特定する情報が格納される。 The linked certificate storage area 502d stores information that identifies a user certificate to which another user certificate is linked. Here, in the present embodiment, a domain A user certificate (a user certificate provided by the first certificate authority device 3A) on which the service provider that provides the service using the service providing device 4 places high trust. Information for identifying is stored.
 ここで、被連携証明書格納領域502dは、利用者証明書フィールド502fと、発行者名フィールド502gと、シリアル番号フィールド502hと、所有者名フィールド502iと、を有する。 Here, the linked certificate storage area 502d has a user certificate field 502f, an issuer name field 502g, a serial number field 502h, and an owner name field 502i.
 利用者証明書フィールド502fには、ドメインAの利用者証明書(第一認証局装置3Aが提供する利用者証明書)を特定する情報が格納される。 The user certificate field 502f stores information for identifying a domain A user certificate (a user certificate provided by the first certificate authority device 3A).
 発行者名フィールド502gには、利用者証明書フィールド502fに格納された利用者証明書から抽出された利用者証明書の発行者名を特定する情報が格納される。 The issuer name field 502g stores information for specifying the issuer name of the user certificate extracted from the user certificate stored in the user certificate field 502f.
 シリアル番号フィールド502hには、利用者証明書フィールド502fに格納された利用者証明書から抽出された利用者証明書のシリアル番号を特定する情報が格納される。 The serial number field 502h stores information for identifying the serial number of the user certificate extracted from the user certificate stored in the user certificate field 502f.
 所有者名フィールド502iには、利用者証明書フィールド502fに格納された利用者証明書から抽出された利用者証明書の所有者を特定する情報が格納される。 The owner name field 502i stores information for identifying the owner of the user certificate extracted from the user certificate stored in the user certificate field 502f.
 連携証明書格納領域502eには、被連携証明書格納領域502dで特定される利用者証明書を連携先とする利用者証明書を特定する情報が格納される。ここで、連携証明書格納領域502eには、被連携証明書格納領域502dで特定される利用者証明書を連携先とする少なくとも一つ以上の利用者証明書を特定する情報が格納されるが、本実施形態においては、サービス提供装置4を用いてサービスを提供するサービス提供者があまり高い信頼をおいていないドメインBの利用者証明書(第二認証局装置3Bが提供する利用者証明書)を特定する情報が格納される。 In the cooperation certificate storage area 502e, information for specifying a user certificate that uses the user certificate specified in the linked certificate storage area 502d as a cooperation destination is stored. Here, in the cooperation certificate storage area 502e, information for specifying at least one user certificate having the user certificate specified in the cooperation certificate storage area 502d as a cooperation destination is stored. In the present embodiment, the domain B user certificate (the user certificate provided by the second certificate authority device 3B) that the service provider that provides the service using the service providing device 4 does not have very high trust. ) Is stored.
 ここで、連携証明書格納領域502eには、利用者証明書フィールド502jと、発行者名フィールド502kと、シリアル番号フィールド502lと、所有者名フィールド502mと、が被連携証明書格納領域502dで特定される利用者証明書を連携先とする利用者証明書の数に応じて設けられる。 Here, in the linked certificate storage area 502e, the user certificate field 502j, the issuer name field 502k, the serial number field 502l, and the owner name field 502m are specified in the linked certificate storage area 502d. It is provided according to the number of user certificates that use the user certificate to be linked.
 利用者証明書フィールド502jには、被連携証明書格納領域502dで特定される利用者証明書を連携先とする利用者証明書(ここでは、ドメインBの利用者証明書)を特定する情報が格納される。 In the user certificate field 502j, information for specifying a user certificate (here, a domain B user certificate) that uses the user certificate specified in the linked certificate storage area 502d as a link destination. Stored.
 発行者名フィールド502kには、利用者証明書フィールド502jに格納された利用者証明書から抽出された利用者証明書の発行者名を特定する情報が格納される。 The issuer name field 502k stores information for specifying the issuer name of the user certificate extracted from the user certificate stored in the user certificate field 502j.
 シリアル番号フィールド502lには、利用者証明書フィールド502jに格納された利用者証明書から抽出された利用者証明書のシリアル番号を特定する情報が格納される。 The serial number field 502l stores information for specifying the serial number of the user certificate extracted from the user certificate stored in the user certificate field 502j.
 所有者名フィールド502mには、利用者証明書フィールド502jに格納された利用者証明書から抽出された利用者証明書の所有者を特定する情報が格納される。 The owner name field 502m stores information for identifying the owner of the user certificate extracted from the user certificate stored in the user certificate field 502j.
 通知先フィールド502nには、登録IDフィールド502bで特定される利用者に対して、本登録の依頼を行うためのURL等を通知する際の通信アドレスを特定する情報が格納される。ここで、本実施形態においては、登録IDフィールド502bで特定される利用者が利用する第二利用者装置2のメールアドレスが格納される。 The notification destination field 502n stores information for specifying a communication address when notifying the user specified in the registration ID field 502b of a URL for requesting the main registration. Here, in the present embodiment, the mail address of the second user device 2 used by the user specified by the registration ID field 502b is stored.
 認証コードフィールド502oには、登録IDフィールド502bで特定される利用者が、ドメインAの利用者証明書の関連付けの変更を行う際に使用する認証コードを特定する情報が格納される。ここで、認証コードは、どの利用者証明書に関連付いていたかを一意に特定するための情報であり、他の行の認証コードの値とはほぼ衝突することのない値を使用する。例えば、認証コードとしては、乱数やハッシュ値などを用いる。 The authentication code field 502o stores information for specifying an authentication code used when the user specified in the registration ID field 502b changes the association of the domain A user certificate. Here, the authentication code is information for uniquely identifying which user certificate is associated with the authentication code, and uses a value that does not substantially collide with the value of the authentication code in another row. For example, a random number or a hash value is used as the authentication code.
 登録日時フィールド502pには、被連携証明書格納領域502dに情報の登録が行われた年月日時刻特定する情報が格納される。 In the registration date / time field 502p, information for specifying the date / time when information is registered in the linked certificate storage area 502d is stored.
 状態フラグフィールド502qには、登録IDフィールド502bで特定される利用者の登録の状態を示す情報が格納される。ここで、本実施形態においては、登録の状態を示す情報として、被連携証明書格納領域502dに利用者証明書を登録し、未だ、連携証明書格納領域502eに利用者証明書の登録を行っていないことを示す「仮登録」、「仮登録」後に、登録IDフィールド502bで特定される利用者に本登録の依頼通知を行い、未だ、連携証明書格納領域502eに利用者証明書の登録を行っていないことを示す「未検証」、登録IDフィールド502bで特定される利用者が連携証明書格納領域502eに利用者証明書の登録を行ったことを示す「本登録」、「本登録」の状態において被連携証明書格納領域502dに格納された利用者証明書が無効であることを示す「A無効」、「本登録」の状態において連携証明書格納領域502eに格納された利用者証明書が無効であることを示す「B無効」、といった5つのステータスを持つものとするが、ステータスの内容については本実施形態に限定されるものではない。また、「本登録」の状態は、利用者証明書の関連付けが有効な状態であることを示している。 The status flag field 502q stores information indicating the registration status of the user specified in the registration ID field 502b. Here, in this embodiment, as information indicating the registration status, a user certificate is registered in the linked certificate storage area 502d, and the user certificate is still registered in the linked certificate storage area 502e. After the “temporary registration” and “temporary registration” indicating that the user ID is not registered, the user specified in the registration ID field 502b is notified of the registration request, and the registration of the user certificate is still in the cooperation certificate storage area 502e. “Unverified” indicating that the user ID is not registered, “Main Registration” indicating that the user specified in the registration ID field 502b has registered the user certificate in the cooperation certificate storage area 502e, “Main Registration” "A" indicating that the user certificate stored in the linked certificate storage area 502d is invalid in the state of "A", and stored in the linkage certificate storage area 502e in the state of "main registration" It indicates that use's certificate is invalid "B invalid", such as but shall have five status, but is not limited to this embodiment the content of the status. Further, the status of “main registration” indicates that the user certificate association is valid.
 以上のようなデータ構造を持たせることにより、同一の利用者が使用する複数の利用者証明書の関連付けを行う。 By having the above data structure, multiple user certificates used by the same user are associated.
 通信部508は、ネットワーク8を介して情報の送受信を行う。 The communication unit 508 transmits and receives information via the network 8.
 以上に記載したユーザ情報管理装置5は、例えば、図9に示すような一般的なコンピュータ390で実現できる。 The user information management apparatus 5 described above can be realized by a general computer 390 as shown in FIG. 9, for example.
 例えば、記憶部501は、CPU391がメモリ392又は外部記憶装置393を利用することにより実現可能であり、制御部504は、外部記憶装置393に記憶されている所定のプログラムをメモリ392にロードしてCPU391で実行することで実現可能であり、通信部508は、CPU391が通信装置398を利用することで実現可能である。 For example, the storage unit 501 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 504 loads a predetermined program stored in the external storage device 393 into the memory 392. The communication unit 508 can be realized by the CPU 391 using the communication device 398.
 この所定のプログラムは、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、外部記憶装置393にダウンロードされ、それから、メモリ392上にロードされてCPU391により実行されるようにしてもよい。また、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、メモリ392上に直接ロードされ、CPU391により実行されるようにしてもよい。 This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
 図13は、提供側証明書検証装置6の概略図である。図示するように、提供側証明書検証装置6は、記憶部601と、制御部605と、通信部610と、を備える。 FIG. 13 is a schematic diagram of the providing-side certificate verification device 6. As shown in the figure, the providing-side certificate verification device 6 includes a storage unit 601, a control unit 605, and a communication unit 610.
 記憶部601は、検証アクセス先情報記憶領域602と、認証局証明書情報記憶領域603と、を備える。 The storage unit 601 includes a verification access destination information storage area 602 and a certificate authority certificate information storage area 603.
 検証アクセス先情報記憶領域602には、利用者証明書の正当性の検証を要求するための証明書検証装置(本実施形態では、第一証明書検証装置7A又は第二証明書検証装置7B)のURI、または、利用者証明書の有効性を確認するための問い合わせ先のURI等を特定する情報が、利用者証明書の発行者別に記憶されている。 In the verification access destination information storage area 602, a certificate verification apparatus (in this embodiment, the first certificate verification apparatus 7A or the second certificate verification apparatus 7B) for requesting verification of the validity of the user certificate. Or information for specifying the URI of the inquiry destination for confirming the validity of the user certificate is stored for each issuer of the user certificate.
 認証局証明書情報記憶領域603には、利用者証明書の検証を行うために必要な認証局の認証局証明書を特定する情報が記憶される。 The certificate authority certificate information storage area 603 stores information for specifying the certificate authority certificate of the certificate authority necessary for verifying the user certificate.
 制御部605は、全体制御部606と、証明書検証部607と、追加検証部608と、を備える。 The control unit 605 includes an overall control unit 606, a certificate verification unit 607, and an additional verification unit 608.
 全体制御部606は、提供側証明書検証装置6における処理の全体を制御する。例えば、本実施形態においては、ファイル管理、プロセス管理、デバイス管理といった処理を制御する。 The overall control unit 606 controls the entire processing in the providing side certificate verification apparatus 6. For example, in this embodiment, processes such as file management, process management, and device management are controlled.
 証明書検証部607は、他の装置及び追加検証部608からの要求に応じて、利用者証明書の正当性を検証し、その結果を応答する処理を制御する。ここで、利用者証明書の正当性の検証とは、検証を要求された証明書の認証パスを構築、検証し、当該利用者証明書の有効性確認を行うことである。 The certificate verification unit 607 controls the process of verifying the validity of the user certificate and responding to the result in response to a request from another device and the additional verification unit 608. Here, the verification of the validity of the user certificate is to construct and verify the certification path of the certificate requested to be verified, and to confirm the validity of the user certificate.
 さらに、証明書検証部607は、特定のドメインの証明書検証装置(本実施形態では、第一証明書検証装置7A及び第二証明書検証装置7B)が存在し、当該証明書検証装置に検証を依頼する設定になっている場合には、特定のドメインの利用者証明書の正当性の検証を当該証明書検証装置に依頼し、検証結果を応答として受け付ける処理を制御する。 Further, the certificate verification unit 607 has a certificate verification device for a specific domain (in this embodiment, the first certificate verification device 7A and the second certificate verification device 7B). If the setting is to request, the verification of the validity of the user certificate of the specific domain is requested to the certificate verification apparatus, and the process of receiving the verification result as a response is controlled.
 追加検証部608は、証明書検証部607で検証の要求を受け付けた利用者証明書が連携付けられている別の利用者証明書の正当性の検証を行う処理を制御する。 The additional verification unit 608 controls processing for verifying the validity of another user certificate associated with the user certificate whose request for verification has been received by the certificate verification unit 607.
 通信部610は、ネットワーク8を介した情報の送受信を行う。 The communication unit 610 transmits and receives information via the network 8.
 以上に記載した提供側証明書検証装置6は、例えば、図9に示すような一般的なコンピュータ390で実現できる。 The providing side certificate verification device 6 described above can be realized by, for example, a general computer 390 as shown in FIG.
 例えば、記憶部601は、CPU391がメモリ392又は外部記憶装置393を利用することにより実現可能であり、制御部605は、外部記憶装置393に記憶されている所定のプログラムをメモリ392にロードしてCPU391で実行することで実現可能であり、通信部610は、CPU391が通信装置398を利用することで実現可能である。 For example, the storage unit 601 can be realized by the CPU 391 using the memory 392 or the external storage device 393, and the control unit 605 loads a predetermined program stored in the external storage device 393 into the memory 392. The communication unit 610 can be realized by using the communication device 398 by the CPU 391.
 この所定のプログラムは、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、外部記憶装置393にダウンロードされ、それから、メモリ392上にロードされてCPU391により実行されるようにしてもよい。また、読書装置395を介して記憶媒体394から、あるいは、通信装置398を介してネットワークから、メモリ392上に直接ロードされ、CPU391により実行されるようにしてもよい。 This predetermined program is downloaded from the storage medium 394 via the reading device 395 or from the network via the communication device 398 to the external storage device 393, and then loaded onto the memory 392 and executed by the CPU 391. You may do it. Alternatively, the program may be directly loaded on the memory 392 from the storage medium 394 via the reading device 395 or from the network via the communication device 398 and executed by the CPU 391.
 第一証明書検証装置7Aは、他の装置からの要求に応じて、第一認証局装置3Aが発行した利用者証明書(ドメインAの利用者証明書)の検証を行い、第二証明書検証装置7Bは、他の装置からの要求に応じて、第二認証局装置3Bが発行した利用者証明書(ドメインBの利用者証明書)の検証を行う。 The first certificate verification device 7A verifies the user certificate (domain A user certificate) issued by the first certificate authority device 3A in response to a request from another device, and the second certificate. The verification device 7B verifies the user certificate (domain B user certificate) issued by the second certificate authority device 3B in response to a request from another device.
 なお、第一証明書検証装置7A及び第二証明書検証装置7Bは、公開鍵証明書の検証を行う公知の検証サーバで実現可能であるため、詳細な説明は省略する。 The first certificate verification device 7A and the second certificate verification device 7B can be realized by a publicly known verification server that verifies public key certificates, and thus detailed description thereof is omitted.
 図14及び図15は、利用者証明書の登録処理を示すシーケンス図である。 14 and 15 are sequence diagrams showing user certificate registration processing.
 利用者証明書の登録を行う際の前提として、利用者は、ドメインAの第一認証局装置3A、および、ドメインBの第二認証局装置3Bより利用者証明書392の発行を受けているものとする。また、本実施形態では、第一利用者装置1及び第二利用者装置2は、利用者が所有しているものとして説明を行うが、第一利用者装置1及び第二利用者装置2自体は、サービス提供者側の窓口端末でもよく、利用者認証用デバイス120を利用者が所有する形態でもよい。 As a premise for registering the user certificate, the user has been issued a user certificate 392 from the first certificate authority device 3A in domain A and the second certificate authority device 3B in domain B. Shall. In the present embodiment, the first user device 1 and the second user device 2 are described as being owned by the user, but the first user device 1 and the second user device 2 themselves. May be a window terminal on the service provider side or a form in which the user owns the user authentication device 120.
 まず、第一利用者装置1のサービス利用部104は、入力部108を介して、サービス提供装置4が提供するサービスの利用登録を行うためのURLの入力を受け付け、通信部110を介して、サービス提供装置4にユーザ登録要求を送信する(S10)。 First, the service use unit 104 of the first user device 1 accepts an input of a URL for performing use registration of the service provided by the service providing device 4 via the input unit 108, and via the communication unit 110, A user registration request is transmitted to the service providing apparatus 4 (S10).
 次に、サービス提供装置4は、第一利用者装置1が送信したユーザ登録要求を、通信部410を介して、サービス提供部407が受信する(S11)。 Next, in the service providing device 4, the service providing unit 407 receives the user registration request transmitted by the first user device 1 via the communication unit 410 (S11).
 続いて、サービス提供装置4のサービス提供部407は、利用者の登録を行うために必要なユーザ登録画面データを第一利用者装置1に送信する(S12)。 Subsequently, the service providing unit 407 of the service providing apparatus 4 transmits user registration screen data necessary for user registration to the first user apparatus 1 (S12).
 第一利用者装置1では、ステップS12にて送信されたユーザ登録画面データを、通信部110を介して、サービス利用部104が受信し、出力部109に表示する(S13)。 In the first user device 1, the service use unit 104 receives the user registration screen data transmitted in step S12 via the communication unit 110 and displays it on the output unit 109 (S13).
 次に、第一利用者装置1は、入力部108を介して、利用者から登録に必要な情報の入力を受け付ける(S14)。入力を受け付ける情報は、図12に示すユーザ情報テーブル502aの個人情報フィールド502cに格納する利用者の属性情報や本登録要求の通知先(本実施形態では、第二利用者装置2のメールアドレス)等である。 Next, the first user device 1 receives input of information necessary for registration from the user via the input unit 108 (S14). The information for accepting the input includes user attribute information stored in the personal information field 502c of the user information table 502a shown in FIG. 12 and the notification destination of the main registration request (in this embodiment, the mail address of the second user device 2). Etc.
 次に、サービス利用部104は、入力された情報を署名対象として、ドメインAの秘密鍵を用いて電子署名データを生成する。そして、サービス利用部104は、通信部110を介して、ステップS14において入力を受け付けたユーザ情報と、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応するドメインAの利用者証明書と、をサービス提供装置4に送信する(S15)。 Next, the service using unit 104 generates electronic signature data using the domain A private key with the input information as a signature target. The service using unit 104 then receives the user information received in step S14 via the communication unit 110, the generated electronic signature data, and the domain A corresponding to the private key used to generate the electronic signature data. The user certificate is transmitted to the service providing apparatus 4 (S15).
 ここで、電子署名データの生成にあたっては、サービス利用部104が、第一利用者装置用認証部106及び利用者認証用デバイス制御部105を介して、利用者認証用デバイス120のデバイス用認証部127に電子署名データの生成を要求することで、デバイス用認証部127が、電子署名データを生成した後、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応するドメインAの利用者証明書と、を第一利用者装置1のサービス利用部104に返信する。 Here, in the generation of the electronic signature data, the service use unit 104 performs the device authentication unit of the user authentication device 120 via the first user device authentication unit 106 and the user authentication device control unit 105. By requesting the generation of electronic signature data to 127, the device authentication unit 127 generates electronic signature data, and then the domain corresponding to the generated electronic signature data and the private key used to generate the electronic signature data A user certificate is returned to the service use unit 104 of the first user device 1.
 次に、サービス提供装置4では、サービス提供部407が、通信部410を介して、第一利用者装置1より送信されたユーザ情報、電子署名データ及びドメインAの利用者証明書を受信する(S16)。 Next, in the service providing device 4, the service providing unit 407 receives the user information, the electronic signature data, and the domain A user certificate transmitted from the first user device 1 via the communication unit 410 ( S16).
 次に、サービス提供装置4は、認証連携処理部408によって、第一利用者装置1から受信した電子署名データの署名検証を、ドメインAの利用者証明書を用いて行う(S17)。ここで、署名の検証に成功した場合は、ステップS19に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信して、ステップS18に進む。 Next, the service providing apparatus 4 uses the authentication cooperation processing unit 408 to verify the signature of the electronic signature data received from the first user apparatus 1 using the domain A user certificate (S17). If the verification of the signature is successful, the process proceeds to step S19. If the verification of the signature fails, error screen data indicating that the signature verification has failed is generated, and the error screen data is transferred to the first user. The data is transmitted to the device 1, and the process proceeds to step S18.
 ステップS18では、第一利用者装置1のサービス利用部104は、通信部110を介して受信したエラー画面データを出力部109に表示する。なお、本実施形態においては、ステップS18で処理が終了するが、必要に応じてステップS10に戻り処理を繰り返してもよい。 In step S18, the service utilization unit 104 of the first user device 1 displays the error screen data received via the communication unit 110 on the output unit 109. In the present embodiment, the process ends in step S18, but the process may be repeated by returning to step S10 as necessary.
 一方、ステップS19では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、S17で署名の検証に用いた利用者証明書の検証を要求する検証要求メッセージを送信する。ここで、検証要求メッセージには、ユーザ登録要求における検証要求であることを示す要求種別データと、検証の対象である利用者証明書と、が含まれているものとする。 On the other hand, in step S19, the authentication cooperation processing unit 408 of the service providing apparatus 4 sends a verification request message requesting the providing side certificate verification apparatus 6 to verify the user certificate used for verifying the signature in S17. Send. Here, it is assumed that the verification request message includes request type data indicating a verification request in the user registration request and a user certificate to be verified.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S20)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S20).
 次に、提供側証明書検証装置6の証明書検証部607が、ステップS20で受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S21)。なお、ステップS21での検証処理の詳細については、図22を用いて説明する。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S20 (S21). Details of the verification process in step S21 will be described with reference to FIG.
 さらに、提供側証明書検証装置6の証明書検証部607は、ステップS21の検証結果に応じて、利用者証明書の検証応答メッセージを生成し、通信部610を介して、サービス提供装置4に送信する(S22)。利用者証明書の検証応答メッセージには、利用者証明書の正当性検証の成否が含まれるものとする。 Further, the certificate verification unit 607 of the providing-side certificate verification device 6 generates a user certificate verification response message according to the verification result in step S 21, and sends it to the service providing device 4 via the communication unit 610. Transmit (S22). The verification response message for the user certificate includes success / failure verification of the user certificate.
 そして、サービス提供装置4の認証連携処理部408は、ステップS22において送信された利用者証明書の検証応答メッセージを受信し、利用者証明書の正当性の検証結果を確認する(S23)。そして、利用者証明書の正当性検証の結果、利用者証明書に問題がないことを確認できた場合にはステップS25に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信する。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S22, and confirms the verification result of the validity of the user certificate (S23). If it is confirmed as a result of the validity verification of the user certificate that there is no problem with the user certificate, the process proceeds to step S25, where the result of the validity verification of the user certificate indicates failure. If there is, error screen data that indicates that the verification of the certificate has failed is generated, and the error screen data is transmitted to the first user device 1.
 ステップS24では、第一利用者装置1のサービス利用部104は、通信部110を介して受信したエラー画面データを、出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS10に戻り処理を繰り返してもよい。 In step S24, the service utilization unit 104 of the first user device 1 displays the error screen data received via the communication unit 110 on the output unit 109. In the present embodiment, the process ends at this step, but the process may be repeated by returning to step S10 as necessary.
 ステップS25では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報の仮登録を要求するユーザ情報仮登録メッセージを送信する。ユーザ情報仮登録要求メッセージには、ユーザ情報仮登録要求メッセージであることを示す識別情報の他、ステップS16において受信したユーザ情報(個人情報や通知先等)、ドメインAの利用者証明書、および、当該利用者証明書から抽出した発行者名、シリアル番号、所有者名等が含まれるものとする。 In step S25, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information temporary registration message for requesting temporary registration of user information to the user information management apparatus 5. The user information temporary registration request message includes identification information indicating that it is a user information temporary registration request message, user information received in step S16 (personal information, notification destination, etc.), a domain A user certificate, and The issuer name, serial number, owner name, etc. extracted from the user certificate are included.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信したユーザ情報仮登録要求メッセージを受信する(S26)。 Next, the user information management unit 506 of the user information management device 5 receives the user information temporary registration request message transmitted by the service providing device 4 via the communication unit 508 (S26).
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS26において受信したユーザ情報仮登録要求メッセージに含まれる情報を、ユーザ情報テーブル502aに格納する(S27)。 Then, the user information management unit 506 of the user information management device 5 stores the information included in the user information temporary registration request message received in step S26 in the user information table 502a (S27).
 ここで、ステップS27では、図12に示すようなユーザ情報テーブル502aに新たなレコードを追加して、追加したレコードに、登録ID、個人情報、利用者証明書、発行者名、シリアル番号、所有者名、通知先、登録日時、登録状態フラグを、各々、登録IDフィールド502b、個人情報フィールド502c、利用者証明書フィールド502f、発行者名フィールド502g、シリアル番号フィールド502h、所有者名フィールド502i、通知先フィールド502n、認証コードフィールド502o、登録日時フィールド502p、および、状態フラグフィールド502q、に格納する。 Here, in step S27, a new record is added to the user information table 502a as shown in FIG. 12, and the registration ID, personal information, user certificate, issuer name, serial number, ownership are added to the added record. The user name, notification destination, registration date and time, and registration status flag are respectively registered ID field 502b, personal information field 502c, user certificate field 502f, issuer name field 502g, serial number field 502h, owner name field 502i, The information is stored in the notification destination field 502n, the authentication code field 502o, the registration date / time field 502p, and the status flag field 502q.
 なお、登録IDフィールド502bには、ユーザ情報テーブル502a内には登録されていない番号が付与されて格納され、また、登録日時フィールド502pには、ステップS26でユーザ情報仮登録要求メッセージを受信してから現時点までの間の任意の年月日時間が格納され、状態フラグフィールド502qには、「仮登録」のステータスが格納される。 The registration ID field 502b is stored with a number that is not registered in the user information table 502a, and the registration date / time field 502p receives the user information temporary registration request message in step S26. From the current date to the current time, and the status flag field 502q stores the status of “provisional registration”.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、ユーザ情報の仮登録結果を含めた仮登録結果メッセージを生成し、サービス提供装置4に送信する(S28)。 Then, the user information management unit 506 of the user information management device 5 generates a temporary registration result message including the temporary registration result of the user information via the communication unit 508, and transmits it to the service providing device 4 (S28).
 サービス提供装置4の認証連携処理部408は、通信部410を介して、ステップS28において送信された仮登録結果メッセージを受信し、仮登録の成否を確認する(S29)。その結果、仮登録に成功している場合にはステップS31に進み、仮登録に失敗している場合には、仮登録に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信して、ステップS30に進む。 The authentication cooperation processing unit 408 of the service providing apparatus 4 receives the temporary registration result message transmitted in step S28 via the communication unit 410, and confirms the success or failure of temporary registration (S29). As a result, if the temporary registration has succeeded, the process proceeds to step S31. If the temporary registration has failed, error screen data notifying that the temporary registration has failed is generated, and the error screen data is It transmits to one user apparatus 1, and progresses to step S30.
 ステップS30では、第一利用者装置1のサービス利用部104は、通信部410を介して、エラー画面データを受信し、出力部109にエラー画面データを表示する。本実施形態においては本ステップで処理を終了するが、必要に応じてステップS10に戻り処理を繰り返してもよい。 In step S30, the service using unit 104 of the first user device 1 receives the error screen data via the communication unit 410 and displays the error screen data on the output unit 109. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S10 as necessary.
 一方、ステップS31では、サービス提供装置4のサービス提供部407は、仮登録に成功した旨を示す仮登録結果画面データを生成し、当該仮登録結果画面データを第一利用者装置1に送信する。 On the other hand, in step S31, the service providing unit 407 of the service providing apparatus 4 generates temporary registration result screen data indicating that the temporary registration has been successful, and transmits the temporary registration result screen data to the first user apparatus 1. .
 次に、第一利用者装置1のサービス利用部104は、通信部110を介して、仮登録結果画面データを受信し、出力部109に表示する(S32)。そして、図15のシーケンスに進む。 Next, the service using unit 104 of the first user device 1 receives the temporary registration result screen data via the communication unit 110 and displays it on the output unit 109 (S32). Then, the process proceeds to the sequence of FIG.
 次に、サービス提供装置4のサービス提供部407は、利用者が本登録の手続きを行うためのアクセス先を、第二利用者装置2に送信する(S33)。送信先は、図14のステップS16で受信したユーザ情報に含まれている通知先を使用する。本実施形態においては、通知先を第二利用者装置2に付随するメールアドレスとしているため、サービス提供部407は、第二利用者装置2へのメールの本文に本登録の手続を行うためのアクセス先であるURLを記載して、送信するものとする。 Next, the service providing unit 407 of the service providing apparatus 4 transmits an access destination for the user to perform the registration procedure to the second user apparatus 2 (S33). As the transmission destination, the notification destination included in the user information received in step S16 in FIG. 14 is used. In the present embodiment, since the notification destination is the mail address associated with the second user device 2, the service providing unit 407 is for performing the procedure of the main registration on the text of the mail to the second user device 2. The URL that is the access destination is described and transmitted.
 また、そのURLには、登録IDもしくは通知先等、第二利用者装置2の利用者を特定することのできる情報を含むものとする。 In addition, the URL includes information that can specify the user of the second user device 2, such as a registration ID or a notification destination.
 さらに、図示してはいないが、ステップS40を行った後、サービス提供装置4のサービス提供部407は、ユーザ情報管理装置5に対して、アクセス先の通知済登録要求メッセージを送信する。アクセス先の通知済登録要求メッセージには、通知済登録要求メッセージであることを示すデータの他、登録ID等が含まれているものとする。 Further, although not shown, after performing step S40, the service providing unit 407 of the service providing apparatus 4 transmits an access destination notified registration request message to the user information managing apparatus 5. It is assumed that the notified registration request message of the access destination includes a registration ID and the like in addition to data indicating the notified registration request message.
 このような通知済み登録要求メッセージを受信したユーザ情報管理装置5では、ユーザ情報管理部506が、通知済登録要求メッセージに含まれる登録IDに対応するユーザ情報テーブル502aのレコードを特定し、特定したレコードの状態フラグフィールド502qを「通知済」のステータスに更新する。 In the user information management apparatus 5 that has received such a notified registration request message, the user information management unit 506 specifies and specifies a record of the user information table 502a corresponding to the registration ID included in the notified registration request message. The status flag field 502q of the record is updated to the “notified” status.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、アクセス先の通知済登録結果を含めた通知済登録結果メッセージを生成し、サービス提供装置4に送信する。 Then, the user information management unit 506 of the user information management device 5 generates a notified registration result message including the notified registration result of the access destination, and transmits it to the service providing device 4.
 次に、第二利用者装置2は、ステップS33で送信された本登録のアクセス先を、サービス利用部207で受信する(S34)。 Next, the second user device 2 receives the access destination of the main registration transmitted in step S33 by the service utilization unit 207 (S34).
 そして、第二利用者装置2のサービス利用部207は、出力部211にアクセス先を表示して、入力部210を介して、表示されたアクセス先を選択した実行指示の入力を受け付けることにより、サービス提供装置4にユーザの本登録を行うための本登録要求メッセージを送信する(S35)。なお、ステップS35での処理は、利用者の都合のよいタイミングで実施されるものとし、必ずしも即時に実施される必要はない。 Then, the service using unit 207 of the second user device 2 displays the access destination on the output unit 211, and receives an execution instruction for selecting the displayed access destination via the input unit 210. A main registration request message for performing the main registration of the user is transmitted to the service providing apparatus 4 (S35). Note that the processing in step S35 is performed at a timing convenient for the user, and is not necessarily performed immediately.
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信した本登録要求メッセージを受信する(S36)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the main registration request message transmitted by the second user apparatus 2 via the communication unit 410 (S36).
 そして、サービス提供装置4のサービス提供部407は、利用者の本登録を行うための認証に必要なドメインBの利用者証明書等を要求する認証要求データを第二利用者装置2に送信する(S37)。例えば、SSL(Secure Socket Layer)あるいはTLS(Transport Layer Security)によるクライアント認証の要求が、ステップS37に相当する。 Then, the service providing unit 407 of the service providing apparatus 4 transmits to the second user apparatus 2 authentication request data for requesting a domain B user certificate or the like necessary for authentication for performing the main registration of the user. (S37). For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to step S37.
 第二利用者装置2のサービス利用部207は、無線通信部212を介して、ステップS37にて送信された認証要求データを受信する(S38)。 The service utilization unit 207 of the second user device 2 receives the authentication request data transmitted in step S37 via the wireless communication unit 212 (S38).
 次に、第二利用者装置2は、認証要求に基づき、ドメインBの秘密鍵を用いて電子署名を生成する(S39)。 Next, the second user device 2 generates an electronic signature using the private key of the domain B based on the authentication request (S39).
 電子署名の生成にあたっては、サービス利用部207の指示に応じて、第二利用者装置用認証部208が、第二利用者秘密鍵記憶領域202に記憶されている第二利用者秘密鍵を用いて電子署名データを生成する。 When generating the electronic signature, the second user device authentication unit 208 uses the second user secret key stored in the second user secret key storage area 202 in response to an instruction from the service use unit 207. To generate electronic signature data.
 そして、第二利用者装置2のサービス利用部207は、ステップS39で使用した第二利用者秘密鍵に対応するドメインBの利用者証明書を第二利用者証明書記憶領域203より抽出し、ステップS39で生成した電子署名データと、抽出した利用者証明書と、サービス提供装置4に送信する(S40)。例えば、SSLあるいはTLSによるクライアント証明書を送信する処理等が本ステップに相当する。 Then, the service utilization unit 207 of the second user device 2 extracts the domain B user certificate corresponding to the second user private key used in step S39 from the second user certificate storage area 203, The digital signature data generated in step S39, the extracted user certificate, and the service providing apparatus 4 are transmitted (S40). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信した電子署名データ、ドメインBの利用者証明書等を受信する(S41)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the domain B user certificate, and the like transmitted by the second user apparatus 2 via the communication unit 410 (S41).
 そして、サービス提供装置4の認証連携処理部408は、受信した電子署名データの署名検証を、ドメインBの利用者証明書を用いて行う(S42)。ここで、署名の検証に成功した場合はステップS44に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS43に進む。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the received electronic signature data using the domain B user certificate (S42). If the signature verification is successful, the process proceeds to step S44. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S43.
 ステップS43では、第二利用者装置2のサービス利用部207は、送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS35に戻り処理を繰り返してもよい。 In step S43, the service utilization unit 207 of the second user device 2 displays the transmitted error screen data on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
 一方、ステップS44では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS42で署名の検証に用いた利用者証明書の検証要求メッセージを送信する。この検証要求メッセージには、本登録要求であることを示す要求種別データと、検証の対象となる利用者証明書と、が含まれているものとする。 On the other hand, in step S44, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a verification request message for the user certificate used for verifying the signature in step S42 to the providing side certificate verification apparatus 6. It is assumed that the verification request message includes request type data indicating that this is a main registration request and a user certificate to be verified.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S45)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S45).
 そして、提供側証明書検証装置6の証明書検証部607は、ステップS45において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S46)。本ステップの詳細は、図22を用いて説明する。 Then, the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S45 (S46). Details of this step will be described with reference to FIG.
 さらに、ステップS46の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S47)。利用者証明書の検証応答メッセージには、利用者証明書の正当性検証の成否が含まれるものとする。 Further, according to the verification result in step S46, the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S47). The verification response message for the user certificate includes success / failure verification of the user certificate.
 次に、サービス提供装置4の認証連携処理部408は、ステップS47において送信された利用者証明書の検証応答メッセージを受信し、利用者証明書の正当性の検証結果を確認する(S48)。利用者証明書の正当性検証の結果、利用者証明書に問題がないことを確認できた場合にはステップS50に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、利用者証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS49に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S47 and confirms the verification result of the validity of the user certificate (S48). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S50, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S49.
 ステップS49では、第二利用者装置2のサービス利用部207は、ステップS48において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS35に戻り処理を繰り返してもよい。 In step S49, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S48 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
 一方、ステップS50では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報の本登録要求メッセージを送信する。ユーザ情報の本登録要求メッセージには、本登録要求メッセージであることを示すデータの他、ステップS41において受信したドメインBの利用者証明書、および、当該利用者証明書から抽出した発行者名、シリアル番号、所有者名等が含まれているものとする。 On the other hand, in step S50, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information main registration request message to the user information management apparatus 5. In the main registration request message of the user information, in addition to data indicating the main registration request message, the domain B user certificate received in step S41 and the issuer name extracted from the user certificate, The serial number, owner name, etc. shall be included.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信してきたユーザ情報の本登録要求メッセージを受信する(S51)。 Next, the user information management unit 506 of the user information management apparatus 5 receives the user information main registration request message transmitted by the service providing apparatus 4 via the communication unit 508 (S51).
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS51において受信した登録要求メッセージに含まれる情報に基づいて、ユーザ情報テーブル502を更新する(S52)。例えば、ユーザ情報管理部506は、ユーザ情報テーブル502の登録IDフィールド502bに対して、送信された登録IDを検索キーとして検索を実行し、当該登録IDが格納されているレコードを特定し、特定したレコードの利用者証明書フィールド502j、発行者名フィールド502k、シリアル番号フィールド502l、および、所有者名フィールド502m、にステップS51で受信した情報を格納し、状態フラグフィールド502qは「本登録」のステータスに更新する。 Then, the user information management unit 506 of the user information management device 5 updates the user information table 502 based on the information included in the registration request message received in step S51 (S52). For example, the user information management unit 506 performs a search on the registration ID field 502b of the user information table 502 using the transmitted registration ID as a search key, specifies a record in which the registration ID is stored, and specifies The information received in step S51 is stored in the user certificate field 502j, the issuer name field 502k, the serial number field 502l, and the owner name field 502m of the recorded record, and the status flag field 502q is “main registration”. Update to status.
 なお、本登録しようとしているドメインBの利用者証明書が、既に別のドメインAの利用者証明書に関連付けされている場合には、登録に失敗するようにする。 If the domain B user certificate to be registered is already associated with another domain A user certificate, registration fails.
 さらに、ステップS52を実行した後、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の本登録結果を含めた本登録結果メッセージを生成し、サービス提供装置4に送信する(S53)。 Further, after executing step S52, the user information management unit 506 of the user information management apparatus 5 generates a main registration result message including the main registration result of the user information and transmits it to the service providing apparatus 4 (S53).
 サービス提供装置4の認証連携処理部408は、通信部410を介して、ステップS53において送信された本登録結果メッセージを受信し、本登録の成否を確認する(S54)。その結果、本登録に成功した場合にはステップS56に進み、本登録に失敗した場合は、本登録に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS55に進む。 The authentication cooperation processing unit 408 of the service providing apparatus 4 receives the main registration result message transmitted in step S53 via the communication unit 410, and confirms the success or failure of the main registration (S54). As a result, if the main registration is successful, the process proceeds to step S56. If the main registration is unsuccessful, error screen data indicating that the main registration has failed is generated, and the error screen data is stored in the second user device 2. The process proceeds to step S55.
 ステップS55では、第二利用者装置2のサービス利用部207は、ステップS54において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS35に戻り処理を繰り返してもよい。 In step S55, the service use unit 207 of the second user device 2 displays the error screen data transmitted in step S54 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S35 as necessary.
 一方、ステップS56では、サービス提供装置4のサービス提供部407は、本登録に成功した旨を示す本登録結果画面データを生成し、当該本登録結果画面データを第二利用者装置2に送信する(S56)。 On the other hand, in step S56, the service providing unit 407 of the service providing apparatus 4 generates main registration result screen data indicating that the main registration is successful, and transmits the main registration result screen data to the second user apparatus 2. (S56).
 次に、第二利用者装置2のサービス利用部207は、無線通信部212を介して、ステップS56において送信された本登録結果画面データを受信し、出力部211に表示する(S57)。 Next, the service utilization unit 207 of the second user device 2 receives the main registration result screen data transmitted in step S56 via the wireless communication unit 212 and displays it on the output unit 211 (S57).
 次に、以上のように、図14及び図15に示す手順を実施することにより、サービス提供者にとって信頼度の高い利用者証明書と信頼度の低い利用者証明書との関連付けが完了する。なお、本実施形態においては、関連付けのことを連携と表現する場合もある。 Next, as described above, by performing the procedure shown in FIGS. 14 and 15, the association between the user certificate having high reliability and the user certificate having low reliability for the service provider is completed. In the present embodiment, association may be expressed as cooperation.
 図16は、サービス利用時の認証処理を示すシーケンス図である。 FIG. 16 is a sequence diagram showing an authentication process when using the service.
 ここでは、第二利用者装置2を用いる例を示しているが、第一利用者装置1を用いる場合も同様である。また、サービスを利用する前提として、利用者は図14及び図15に示す利用者証明書の登録処理を行っているものとする。 Here, an example in which the second user device 2 is used is shown, but the same applies to the case where the first user device 1 is used. In addition, as a premise for using the service, it is assumed that the user performs the registration process of the user certificate shown in FIGS.
 まず、第二利用者装置2のサービス利用部207は、入力部210を介して、サービス提供装置4が提供するサービスを利用するためのURLの入力を受け付け、サービス提供装置4にサービス要求メッセージを送信する(S60)。 First, the service using unit 207 of the second user apparatus 2 receives an input of a URL for using the service provided by the service providing apparatus 4 via the input unit 210 and sends a service request message to the service providing apparatus 4. Transmit (S60).
 サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信したサービス要求メッセージを受信する(S61)。 The service providing unit 407 of the service providing apparatus 4 receives the service request message transmitted by the second user apparatus 2 via the communication unit 410 (S61).
 次に、サービス提供装置4のサービス提供部407は、サービス利用時の認証に必要な利用者証明書等を要求する認証要求データを第二利用者装置2に送信する(S62)。 Next, the service providing unit 407 of the service providing apparatus 4 transmits authentication request data for requesting a user certificate or the like necessary for authentication at the time of service use to the second user apparatus 2 (S62).
 次に、第二利用者装置2のサービス利用部207は、無線通信部212を介して、ステップS62にて送信された認証要求データを受信する(S63)。 Next, the service utilization unit 207 of the second user device 2 receives the authentication request data transmitted in step S62 via the wireless communication unit 212 (S63).
 次に、第二利用者装置2のサービス利用部207は、第二利用者装置用認証部208に指示を出して、第二利用者装置用認証部208が、認証要求に基づき、第二利用者秘密鍵記憶領域202に記憶されているドメインBの秘密鍵を用いて電子署名データを生成する(S64)。例えば、SSLあるいはTLSによるクライアント認証のために必要なクライアント側の処理が本ステップに相当する。 Next, the service use unit 207 of the second user device 2 issues an instruction to the second user device authentication unit 208, and the second user device authentication unit 208 performs the second use based on the authentication request. The electronic signature data is generated using the private key of the domain B stored in the person private key storage area 202 (S64). For example, processing on the client side required for client authentication by SSL or TLS corresponds to this step.
 次に、第二利用者装置2のサービス利用部207は、ステップS64において生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、サービス提供装置4に送信する(S65)。例えば、SSLあるいはTLSによるクライアント証明書を送信する処理等が本ステップに相当する。 Next, the service use unit 207 of the second user device 2 generates the electronic signature data generated in step S64, the user certificate corresponding to the private key used to generate the electronic signature data, and the service providing device 4 (S65). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
 そして、サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信した電子署名データ及び利用者証明書等を受信する(S66)。 Then, the service providing unit 407 of the service providing device 4 receives the electronic signature data, the user certificate, and the like transmitted by the second user device 2 via the communication unit 410 (S66).
 次に、サービス提供装置4の認証連携処理部408は、第二利用者装置2から受信した電子署名データの署名検証を、一緒に受信した利用者証明書を用いて行う(S67)。ここで、署名の検証に成功した場合はステップS69に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装2に送信し、ステップS68に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the second user apparatus 2 using the user certificate received together (S67). If the signature verification is successful, the process proceeds to step S69. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S68.
 ステップS68では、第二利用者装置2のサービス利用部207は、ステップS67において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS60に戻り処理を繰り返してもよい。 In step S68, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S67 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
 一方、ステップS69では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS67で署名の検証に用いた利用者証明書の検証要求メッセージを送信する。この検証要求メッセージには、サービス要求であることを示す要求種別データと利用者証明書とが含まれているものとする。 On the other hand, in step S69, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S67. The verification request message includes request type data indicating a service request and a user certificate.
 提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S70)。 The certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S70).
 次に、提供側証明書検証装置6の証明書検証部607は、ステップS70において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S71)。本ステップの詳細については、図22を用いて説明する。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S70 (S71). Details of this step will be described with reference to FIG.
 そして、ステップS71の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S72)。証明書の検証応答メッセージには、第二利用者証明書2の正当性検証の成否が含まれるものとし、また、ステップS71において信頼度の低い利用者証明書を検証している場合には、図22に従って、当該利用者証明書に関連付けされている信頼度の高い利用者証明書の正当性検証結果も検証応答に含まれるものとする。 Then, according to the verification result of step S71, the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a certificate verification response message and transmits it to the service providing apparatus 4 (S72). The certificate verification response message includes the success or failure of the validity verification of the second user certificate 2, and if the user certificate with low reliability is verified in step S71, According to FIG. 22, it is assumed that the verification response also includes the validity verification result of the user certificate with high reliability associated with the user certificate.
 次に、サービス提供装置4の認証連携処理部408は、ステップS72において送信された証明書の検証応答メッセージを受信し、利用者証明書の正当性の検証結果を確認する(S73)。そして、利用者証明書の正当性検証の結果、証明書に問題がないことを確認できた場合にはステップS75に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、利用者証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS74に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the certificate verification response message transmitted in step S72, and confirms the verification result of the validity of the user certificate (S73). If it is confirmed that there is no problem with the certificate as a result of the validity verification of the user certificate, the process proceeds to step S75, and the result of the validity verification of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S74.
 ステップS74では、第二利用者装置2のサービス利用部207は、ステップS73において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS60に戻り処理を繰り返してもよい。 In step S74, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S73 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
 一方、ステップS75では、サービス提供装置4のサービス提供部407は、アクセス制御ポリシー情報記憶領域403に記憶されているアクセス制御ポリシーを参照して、当該利用者証明書の利用者に対するサービスへのアクセス可否を判定する。アクセス判定の結果、当該利用者にアクセス権限があることを確認できた場合にはステップS77に進み、アクセス判定に失敗した場合にはサービスへのアクセス権限がない旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS76に進む。 On the other hand, in step S75, the service providing unit 407 of the service providing apparatus 4 refers to the access control policy stored in the access control policy information storage area 403, and accesses the service for the user of the user certificate. Judgment is made. As a result of the access determination, if it is confirmed that the user has the access authority, the process proceeds to step S77. If the access determination fails, error screen data that indicates that there is no access authority to the service is generated. The error screen data is transmitted to the second user device 2 and the process proceeds to step S76.
 ステップS76では、第二利用者装置2のサービス利用部207は、ステップS75において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS60に戻り処理を繰り返してもよい。 In step S76, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S75 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S60 as necessary.
 一方、ステップS77では、サービス提供装置4のサービス提供部407は、サービスの提供を行うためのサービス提供画面データを生成し、当該サービス提供画面データを第二利用者装置2に送信する(S77)。 On the other hand, in step S77, the service providing unit 407 of the service providing apparatus 4 generates service providing screen data for providing the service, and transmits the service providing screen data to the second user apparatus 2 (S77). .
 そして、第二利用者装置2のサービス利用部207は、ステップS77において送信されたサービス提供画面データを出力部211に表示する(S78)。 Then, the service utilization unit 207 of the second user device 2 displays the service provision screen data transmitted in step S77 on the output unit 211 (S78).
 以上の手順を実施することにより、サービス提供者にとって信頼度の高い認証を行った上で、サービスの提供が可能となる。 By performing the above procedure, it is possible to provide a service after performing authentication with high reliability for the service provider.
 図17は、利用者証明書の関連付けの更新処理を示すシーケンス図である。 FIG. 17 is a sequence diagram showing a user certificate association update process.
 本シーケンスの前提として、利用者は図14及び図15に示す利用者証明書の登録処理が済んでいるものとする。また、本シーケンスでは、第一利用者装置1を用いて説明しているが、第二利用者装置2でも同様の処理が可能である。 Suppose that the user has already registered the user certificate shown in FIGS. 14 and 15 as a premise of this sequence. In this sequence, the first user device 1 is used for explanation, but the second user device 2 can perform the same processing.
 なお、利用者証明書の関連付けの更新が必要な場合としては、利用者証明書の有効期限切れに伴い、当該利用者証明書を発行した認証局と同一の認証局から新たに利用者証明書を発行された場合等が該当する。ここで、利用者証明書の関連付けの更新の対象となる利用者証明書は、ドメインAのものでもドメインBのものでもよいが、古い利用者証明書と新しい利用者証明書において、利用者証明書の発行者名及び所有者名が同一であるものとする。 If it is necessary to update the association of the user certificate, a new user certificate will be issued from the same certificate authority that issued the user certificate when the user certificate expires. Applicable when issued. Here, the user certificate for which the association of the user certificate is to be updated may be the domain A or the domain B, but the user certificate in the old user certificate and the new user certificate The issuer name and owner name of the certificate shall be the same.
 但し、新旧利用者証明書間において発行者名又は所有者名の少なくとも一部が一致しない場合であっても、証明書の発行者名もしくは所有者名の命名規則により、その他の一致する部分から同一の発行者もしくは所有者であることが判断できる場合には、更新の対象とすることが可能である。 However, even if at least a part of the issuer name or owner name does not match between the old and new user certificates, it is determined from other matching parts according to the naming rules for the issuer name or owner name of the certificate. If it can be determined that they are the same issuer or owner, they can be updated.
 まず、第一利用者装置1のサービス利用部104は、入力部108を介して、サービス提供装置4が提供するサービスにおいて利用者証明書の関連付けを更新するためのURLの入力を受け付け、サービス提供装置4に利用者証明書の関連付けを更新するための証明書更新要求メッセージを送信する(S80)。 First, the service using unit 104 of the first user device 1 receives an input of a URL for updating the association of the user certificate in the service provided by the service providing device 4 via the input unit 108 and provides the service. A certificate update request message for updating the association of the user certificate is transmitted to the device 4 (S80).
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信した証明書更新要求メッセージを受信する(S81)。 Next, the service providing unit 407 of the service providing device 4 receives the certificate update request message transmitted by the first user device 1 via the communication unit 410 (S81).
 次に、サービス提供装置4のサービス提供部407は、証明書更新時の認証に必要な利用者証明書等を要求する認証要求データを第一利用者装置1に送信する(S82)。 Next, the service providing unit 407 of the service providing apparatus 4 transmits authentication request data requesting a user certificate or the like necessary for authentication at the time of certificate update to the first user apparatus 1 (S82).
 次に、第一利用者装置1のサービス利用部104は、通信部110を介して、ステップS82で送信された認証要求データを受信する(S83)。 Next, the service utilization unit 104 of the first user device 1 receives the authentication request data transmitted in step S82 via the communication unit 110 (S83).
 次に、第一利用者装置1は、受信した認証要求データに基づき、利用者の秘密鍵を用いて電子署名を生成する(S84)。例えば、サービス利用部104は、第一利用者装置用認証部106及び利用者認証用デバイス制御部105を介して、利用者認証用デバイス120のデバイス用認証部127に電子署名データの生成を要求する。そして、デバイス用認証部127が、第一利用者秘密鍵記憶領域122に記憶されている利用者の秘密鍵を用いて電子署名データを生成した後、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、を第一利用者装置1のサービス利用部104に返信する。これは、SSLあるいはTLSによるクライアント認証のために必要なクライアント側の処理が本ステップに相当する。 Next, the first user device 1 generates an electronic signature using the user's private key based on the received authentication request data (S84). For example, the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do. Then, after the device authentication unit 127 generates electronic signature data using the user's private key stored in the first user private key storage area 122, the generated electronic signature data and the electronic signature data are generated. The user certificate corresponding to the secret key used for generating the message is returned to the service using unit 104 of the first user device 1. In this step, client-side processing necessary for client authentication by SSL or TLS corresponds to this step.
 なお、ここで使用する利用者証明書や秘密鍵は、新たに発行された利用者証明書や当該利用者証明書に対応する秘密鍵である。すなわち、関連付けの更新後に使用することを想定している利用者証明書や秘密鍵である。 Note that the user certificate and private key used here are a newly issued user certificate and a private key corresponding to the user certificate. That is, a user certificate or a private key that is assumed to be used after the association is updated.
 次に、第一利用者装置1のサービス利用部104は、ステップS84において生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、をサービス提供装置4に送信する(S85)。例えば、SSLあるいはTLSによるクライアント証明書を送信する処理等が本ステップに相当する。 Next, the service using unit 104 of the first user apparatus 1 receives the electronic signature data generated in step S84 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S85). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信した電子署名データ、利用者証明書等を受信する(S86)。 Next, the service providing unit 407 of the service providing device 4 receives the electronic signature data, the user certificate, etc. transmitted by the first user device 1 via the communication unit 410 (S86).
 次に、サービス提供装置4の認証連携処理部408は、第一利用者装置1から受信した電子署名データの署名検証を、一緒に受信した利用者証明書を用いて行う(S87)。ここで、署名の検証に成功した場合はステップS89に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS88に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate received together (S87). If the signature verification is successful, the process proceeds to step S89. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S88.
 ステップS88では、第一利用者装置1のサービス利用部104は、ステップS87において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS80に戻り処理を繰り返してもよい(S88)。 In step S88, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S87 on the output unit 109. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S80 as necessary (S88).
 一方、ステップS89では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS87で署名の検証に用いた利用者証明書の検証要求メッセージを送信する(S89)。この検証要求メッセージには、証明書更新要求であることを示す要求種別データと、検証の対象となる利用者証明書と、が含まれるものとする。 On the other hand, in step S89, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 the verification request message for the user certificate used for verifying the signature in step S87 ( S89). This verification request message includes request type data indicating a certificate update request and a user certificate to be verified.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S90)。 Next, the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S90).
 そして、提供側証明書検証装置6の証明書検証部607は、ステップS90において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S91)。本ステップの詳細については、図22を用いて説明する。 The certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S90 (S91). Details of this step will be described with reference to FIG.
 さらに、ステップS91の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S92)。利用者証明書の検証応答メッセージには、利用者証明書の正当性検証の成否を特定する情報が含まれるものとする。 Further, according to the verification result in step S91, the certificate verification unit 607 of the providing-side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S92). The user certificate verification response message includes information for specifying whether or not the validity verification of the user certificate is successful.
 次に、サービス提供装置4の認証連携処理部408は、通信部410を介して、ステップS92において送信された利用者証明書の検証応答メッセージを受信し、利用者証明書の正当性の検証結果を確認する(S93)。利用者証明書の正当性検証の結果、利用者証明書に問題がないことを確認できた場合にはステップS95に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、利用者証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS95に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S92 via the communication unit 410, and the verification result of the validity of the user certificate. Is confirmed (S93). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S95, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S95.
 ステップS94では、第一利用者装置1のサービス利用部104は、通信部110を介して、ステップS93において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS80に戻り処理を繰り返してもよい。 In step S94, the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S93 on the output unit 109 via the communication unit 110. In this embodiment, the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
 一方、ステップS95では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報を検索するための検索要求メッセージを送信する。ユーザ情報の検索要求メッセージには、検索要求メッセージであることを示すデータの他、ステップS86において受信した利用者証明書から抽出した発行者名もしくはその一部(発行者を識別することができる部分)、及び、所有者名もしくはその一部(所有者を識別することができる部分)が含まれているものとする。 On the other hand, in step S95, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for user information to the user information management apparatus 5. In the user information search request message, in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S86 or a part thereof (part that can identify the issuer) ) And the owner name or a part thereof (part that can identify the owner).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信したユーザ情報の検索要求メッセージを受信する(S96)。 Next, the user information management unit 506 of the user information management device 5 receives the user information search request message transmitted by the service providing device 4 via the communication unit 508 (S96).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS96において受信した情報をもとに、ユーザ情報テーブル502aを検索する(S97)。例えば、ユーザ情報管理部506は、ステップS96において受信した利用者証明書の発行者名もしくはその一部がどのドメインに属するものであるかを判断し、ユーザ情報テーブル502aにおいて、該当するドメインの所有者名フィールド502i、502mの列から、受信した所有者名を検索キーに一致するレコードを検索する(S97)。なお、本フローの前提条件に記載したとおり、証明書の命名規則によって所有者名の一部で利用者を一意に特定可能であるものについては、所有者名の一部を検索キーに使用する。 Next, the user information management unit 506 of the user information management device 5 searches the user information table 502a based on the information received in step S96 (S97). For example, the user information management unit 506 determines to which domain the issuer name or part of the user certificate received in step S96 belongs, and the user information table 502a has the corresponding domain. A record that matches the received owner name with the search key is searched from the columns of the person name fields 502i and 502m (S97). In addition, as described in the preconditions of this flow, for a part of the owner name that can uniquely identify the user according to the certificate naming rules, a part of the owner name is used as the search key. .
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の検索結果を含めた検索結果メッセージを生成し、サービス提供装置4に送信する(S98)。ここで、検索結果メッセージには、該当するレコードが存在した場合には、そのレコードの登録IDフィールド502bに格納されている登録IDを含め、該当するレコードが存在しない場合は、存在しないことを示す旨を示す情報を含めるものとする。 Next, the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the user information and transmits it to the service providing device 4 (S98). Here, if a corresponding record exists in the search result message, the registration ID stored in the registration ID field 502b of the record is included. If there is no corresponding record, it indicates that the record does not exist. Information indicating the effect shall be included.
 なお、本シーケンスの前提である証明書の関連付けの更新対象の条件からすると、該当するレコードは複数存在しない想定であるため、ステップS97において該当するレコードが複数検索された場合には、本ステップにおいて生成する検索結果としてエラーである旨のメッセージを生成するものとする。 In addition, according to the condition of the update target of the certificate association which is the premise of this sequence, it is assumed that there are not a plurality of corresponding records. Therefore, when a plurality of corresponding records are searched in step S97, in this step A message indicating an error is generated as a search result to be generated.
 次に、サービス提供装置4の認証連携処理部408は、通信部410を介して、ステップS98において送信された検索結果メッセージを受信し、受信した検索結果メッセージにユーザ情報が含まれているか否かを確認する(S99)。検索結果メッセージにユーザ情報である登録IDが含まれている場合にはステップS101に進み、検索結果からユーザ情報(登録ID)を取得できなかった場合は、更新の対象となる利用者証明書登録が行われていない旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS100に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S98 via the communication unit 410, and whether or not user information is included in the received search result message. Is confirmed (S99). If the search result message includes a registration ID that is user information, the process proceeds to step S101. If the user information (registration ID) cannot be acquired from the search result, the user certificate to be updated is registered. Error screen data that indicates that no error has occurred is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S100.
 ステップS100では、第一利用者装置1のサービス利用部104は、ステップS99において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS80に戻り処理を繰り返してもよい。 In step S100, the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S99 on the output unit 109. In this embodiment, the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
 一方、ステップS101では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報の変更要求メッセージを送信する。ユーザ情報の変更要求メッセージには、変更要求メッセージであることを示すデータの他、ステップS99において取得した登録ID、ステップS86において受信した利用者証明書、さらには当該利用者証明書から抽出した発行者名、シリアル番号、所有者名等が含まれるものとする。また、変更を要求する利用者証明書、発行者名、シリアル番号、所有者名の列については、発行者名から該当するドメインを特定し、変更する列を指定するものとする。 On the other hand, in step S 101, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5. The user information change request message includes data indicating the change request message, the registration ID acquired in step S99, the user certificate received in step S86, and the issue extracted from the user certificate. The name, serial number, owner name, etc. shall be included. In addition, for the user certificate, issuer name, serial number, and owner name columns requesting the change, the corresponding domain is identified from the issuer name, and the column to be changed is designated.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信したユーザ情報の変更要求メッセージを受信する(S102)。 Next, the user information management unit 506 of the user information management device 5 receives the user information change request message transmitted by the service providing device 4 via the communication unit 508 (S102).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS102において受信した情報により、ユーザ情報テーブル502に格納されている情報を更新する(S103)。本ステップでは、受信した情報に含まれる登録IDを検索キーとしてユーザ情報テーブル502のレコードを特定し、特定したレコードに、利用者証明書、発行者名、シリアル番号、所有者名、の情報を更新する。なお、更新する利用者証明書、発行者名、シリアル番号、所有者名のフィールドについては、発行者名から該当するドメインを特定し、特定したドメインに対応するフィールドを特定するものとする。 Next, the user information management unit 506 of the user information management device 5 updates the information stored in the user information table 502 with the information received in step S102 (S103). In this step, the record of the user information table 502 is specified using the registration ID included in the received information as a search key, and information on the user certificate, issuer name, serial number, owner name is included in the specified record. Update. For the user certificate, issuer name, serial number, and owner name fields to be updated, the corresponding domain is identified from the issuer name, and the field corresponding to the identified domain is identified.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の変更結果を含めたメッセージを生成し、サービス提供装置4に送信する(S104)。 Then, the user information management unit 506 of the user information management device 5 generates a message including the change result of the user information and transmits it to the service providing device 4 (S104).
 次に、サービス提供装置4の認証連携処理部408は、ステップS104において送信された変更結果メッセージを受信し、変更の成否を確認する(S105)。変更に成功した場合にはステップS107に進み、変更に失敗した場合は、変更に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS106に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S104, and confirms the success or failure of the change (S105). If the change is successful, the process proceeds to step S107. If the change is unsuccessful, error screen data notifying that the change has failed is generated, and the error screen data is transmitted to the first user device 1, and step S106 is performed. Proceed to
 ステップS106では、第一利用者装置1のサービス利用部104は、ステップS105において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS80に戻り処理を繰り返してもよい。 In step S106, the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S105 on the output unit 109. In this embodiment, the process ends in this step, but the process may be repeated by returning to step S80 as necessary.
 一方、ステップS107では、サービス提供装置4のサービス提供部407は、変更に成功した旨を示す変更結果画面データを生成し、当該画面データを第一利用者装置1に送信する(S107)。 On the other hand, in step S107, the service providing unit 407 of the service providing apparatus 4 generates change result screen data indicating that the change is successful, and transmits the screen data to the first user apparatus 1 (S107).
 そして、第一利用者装置1のサービス利用部104は、ステップS107において送信された変更結果画面データを出力部109に表示する(S108)。 Then, the service using unit 104 of the first user device 1 displays the change result screen data transmitted in step S107 on the output unit 109 (S108).
 以上の手順を実施することにより、利用者証明書の関連付けの更新が完了する。なお、本シーケンスでは、ユーザ情報の検索を行ってから(ステップS95~ステップS100)、ユーザ情報の変更要求メッセージを送信するようにしているが(ステップS101)、ユーザ情報の検索ステップ(ステップS95~ステップS100)については、スキップすることも可能である。 By performing the above procedure, the update of user certificate association is completed. In this sequence, the user information is searched (steps S95 to S100) and then the user information change request message is transmitted (step S101). However, the user information searching step (steps S95 to S100) is performed. Step S100) can be skipped.
 図18及び図19は、利用者証明書の関連付けの変更処理を示すシーケンス図である。 FIG. 18 and FIG. 19 are sequence diagrams showing the user certificate association changing process.
 ここで、本シーケンスの前提として、利用者は図14及び図15に示す利用者証明書の登録処理を済ましているものとする。 Here, as a premise of this sequence, it is assumed that the user has completed the registration process of the user certificate shown in FIGS.
 また、利用者証明書の関連付けの変更が必要となるのは、利用者証明書の関連付けの更新の条件に該当しない場合であり、例えば、既に登録済みの利用者証明書を発行した認証局とは別の認証局から発行された利用者証明書を関連付ける場合や、利用者証明書の情報に変更があり、利用者証明書の再発行を受け、当該利用者証明書を関連付ける場合等が該当する。 In addition, it is necessary to change the user certificate association when it does not meet the conditions for updating the user certificate association. For example, the certificate authority that issued the already registered user certificate Corresponds to the case of associating a user certificate issued from another certificate authority, or when the user certificate information has been changed, the user certificate is reissued, and the user certificate is associated To do.
 なお、本シーケンスの対象となるのは、信頼度の低い利用者証明書はそのままで、信頼度の高い利用者証明書を変更する場合である。そこで、本実施形態では、ドメインBの利用者証明書に新たなドメインAの利用者証明書を関連付ける場合について説明する。一方、サービス提供者にとって信頼度の高い利用者証明書(ドメインAの利用者証明書)はそのままで、信頼度の低い利用者証明書(ドメインBの利用者証明書)の関連付けを変更する場合は、図20及び図21に示す連携解除のシーケンス及び図14及び図15に示す登録のシーケンスを行うものとする。 Note that the target of this sequence is when the user certificate with high reliability is changed without changing the user certificate with low reliability. Therefore, in this embodiment, a case where a new domain A user certificate is associated with a domain B user certificate will be described. On the other hand, when changing the association of a low-trust user certificate (domain B user certificate) without changing the high-trust user certificate (domain A user certificate) for the service provider , The cooperation release sequence shown in FIGS. 20 and 21 and the registration sequence shown in FIGS. 14 and 15 are performed.
 まず、第二利用者装置2のサービス利用部104は、入力部210を介して、サービス提供装置4が提供するサービスにおいて利用者証明書の関連付けを変更するためのURLの入力を受け付け、サービス提供装置4に利用者証明書を変更するための証明書連携変更要求メッセージを送信する(S110)。 First, the service using unit 104 of the second user apparatus 2 receives an input of a URL for changing the association of the user certificate in the service provided by the service providing apparatus 4 via the input unit 210, and provides the service. A certificate linkage change request message for changing the user certificate is transmitted to the device 4 (S110).
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信した証明書連携変更要求メッセージを受信する(S111)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the certificate cooperation change request message transmitted by the second user apparatus 2 via the communication unit 410 (S111).
 次に、サービス提供装置4のサービス提供部407は、証明書連携変更時の認証に必要な利用者証明書等を要求する認証要求データを第二利用者装置2に送信する(S112)。 Next, the service providing unit 407 of the service providing apparatus 4 transmits to the second user apparatus 2 authentication request data for requesting a user certificate or the like necessary for authentication at the time of certificate linkage change (S112).
 そして、第二利用者装置2のサービス利用部104は、無線通信部212を介して、ステップS112にて送信された認証要求データを受信する(S113)。 Then, the service use unit 104 of the second user device 2 receives the authentication request data transmitted in step S112 via the wireless communication unit 212 (S113).
 次に、第二利用者装置2は、認証要求データに応じて、第二利用者秘密鍵記憶領域202に記憶されているドメインBの秘密鍵を用いて電子署名データを生成する(S14)。電子署名に付与にあたっては、サービス利用部104が、第二利用者装置用認証部208に指示することで、第二利用者装置用認証部208が、電子署名データを生成した後、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、サービス利用部207に返信する。例えば、SSLあるいはTLSによるクライアント認証のために必要なクライアント側の処理が本ステップに相当する。 Next, in response to the authentication request data, the second user device 2 generates electronic signature data using the domain B private key stored in the second user private key storage area 202 (S14). When providing the electronic signature, the service using unit 104 instructs the second user device authentication unit 208 to generate the electronic signature data and then the generated electronic signature data. The signature data, the user certificate corresponding to the secret key used to generate the electronic signature data, and the service utilization unit 207 are returned. For example, processing on the client side required for client authentication by SSL or TLS corresponds to this step.
 次に、第二利用者装置2のサービス利用部207は、ステップS114において生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、をサービス提供装置4に送信する(S115)。例えば、SSLあるいはTLSによるクライアント証明書を送信する処理等が本ステップに相当する。 Next, the service using unit 207 of the second user apparatus 2 receives the electronic signature data generated in step S114 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S115). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第二利用者装置2が送信した電子署名データ、利用者証明書等を受信する(S116)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the user certificate, and the like transmitted by the second user apparatus 2 via the communication unit 410 (S116).
 次に、サービス提供装置4の認証連携処理部408は、第二利用者装置2から受信した電子署名データの署名検証を、一緒に受信した利用者証明書を用いて行う(S117)。ここで、署名の検証に成功した場合はステップS119に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS118に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the second user apparatus 2 using the user certificate received together (S117). If the verification of the signature is successful, the process proceeds to step S119. If the verification of the signature fails, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the second user device. 2 and proceeds to step S118.
 ステップS118では、第二利用者装置2のサービス利用部207は、ステップS117において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS110に戻り処理を繰り返してもよい。 In step S118, the service use unit 207 of the second user device 2 displays the error screen data transmitted in step S117 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
 一方、ステップS119では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS117で署名の検証に用いた利用者証明書の検証要求メッセージを送信する。この検証要求メッセージには、連携変更要求であることを示す要求種別データと、利用者証明書と、が含まれるものとする。 On the other hand, in step S119, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S117. This verification request message includes request type data indicating a cooperation change request and a user certificate.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S120)。 Next, the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S120).
 そして、提供側証明書検証装置6の証明書検証部607は、ステップS120において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S121)。本ステップの詳細については、図22を用いて説明する。 Then, the certificate verification unit 607 of the providing-side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S120 (S121). Details of this step will be described with reference to FIG.
 次に、ステップS91の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S122)。利用者証明書の検証応答メッセージには、利用者証明書の正当性検証の成否が含まれるものとする。 Next, according to the verification result of step S91, the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S122). The verification response message for the user certificate includes success / failure verification of the user certificate.
 次に、サービス提供装置4の認証連携処理部408は、ステップS122において送信された利用者証明書の検証応答メッセージを受信し、利用者証明書の正当性の検証結果を確認する(S123)。利用者証明書の正当性検証の結果、利用者証明書に問題がないことを確認できた場合にはステップS125に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、利用者証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS124に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S122, and confirms the verification result of the validity of the user certificate (S123). As a result of verifying the validity of the user certificate, if it can be confirmed that there is no problem with the user certificate, the process proceeds to step S125, and the result of verifying the validity of the user certificate indicates failure. In this case, error screen data that indicates that the verification of the user certificate has failed is generated, the error screen data is transmitted to the second user device 2, and the process proceeds to step S124.
 ステップS124では、第二利用者装置2のサービス利用部207は、ステップS123において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS110に戻り処理を繰り返してもよい。 In step S124, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S123 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
 一方、ステップS125では、サービス提供装置4の認証連携処理部408は、当該利用者証明書の利用者に対して一意となる認証コードの生成を行う。 On the other hand, in step S125, the authentication cooperation processing unit 408 of the service providing apparatus 4 generates an authentication code that is unique to the user of the user certificate.
 そして、サービス提供装置4の認証連携処理部408は、通信部410を介して、ユーザ情報管理装置5に対して、認証コードの登録要求メッセージを送信する(S126)。認証コードの登録要求メッセージには、認証コードの登録要求メッセージであることを示すデータの他、ステップS116において受信した利用者証明書から抽出した発行者名及びシリアル番号と、認証コードと、が含まれているものとする。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits an authentication code registration request message to the user information management apparatus 5 via the communication unit 410 (S126). The authentication code registration request message includes, in addition to data indicating the authentication code registration request message, the issuer name and serial number extracted from the user certificate received in step S116, and the authentication code. It shall be assumed.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信した認証コードの登録要求メッセージを受信する(S127)。 Next, the user information management unit 506 of the user information management device 5 receives the registration request message of the authentication code transmitted by the service providing device 4 via the communication unit 508 (S127).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS127において受信した情報に基づき、ユーザ情報記憶領域502に記憶されているユーザ情報テーブル502aを更新する(S128)。ここでは、発行者名及びシリアル番号を検索キーとしてユーザ情報テーブル502aを検索し、当該発行者名及びシリアル番号が登録されているレコードに受信した情報に含まれる認証コードを登録する。 Next, the user information management unit 506 of the user information management device 5 updates the user information table 502a stored in the user information storage area 502 based on the information received in step S127 (S128). Here, the user information table 502a is searched using the issuer name and serial number as search keys, and the authentication code included in the received information is registered in the record in which the issuer name and serial number are registered.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、認証コードの登録結果を含めたメッセージを生成し、サービス提供装置4に送信する(S129)。 Then, the user information management unit 506 of the user information management device 5 generates a message including the authentication code registration result and transmits it to the service providing device 4 (S129).
 サービス提供装置4の認証連携処理部408は、通信部410を介して、ステップS129において送信された登録結果メッセージを受信し、登録の成否を確認する(S130)。登録に成功した場合にはステップS132に進み、登録に失敗した場合は、登録に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第二利用者装置2に送信し、ステップS131に進む。 The authentication cooperation processing unit 408 of the service providing apparatus 4 receives the registration result message transmitted in step S129 via the communication unit 410, and confirms the success or failure of registration (S130). If registration has succeeded, the process proceeds to step S132. If registration has failed, error screen data notifying that registration has failed is generated, the error screen data is transmitted to the second user device 2, and step S131. Proceed to
 ステップS131では、第二利用者装置2のサービス利用部207は、ステップS130において送信されたエラー画面データを出力部211に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS110に戻り処理を繰り返してもよい。 In step S131, the service utilization unit 207 of the second user device 2 displays the error screen data transmitted in step S130 on the output unit 211. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
 一方、ステップS132では、サービス提供装置4のサービス提供部407は、認証コードを記載した認証コード通知画面データを生成し、当該認証コード通知画面データを第二利用者装置2に送信する(S132)。 On the other hand, in step S132, the service providing unit 407 of the service providing device 4 generates authentication code notification screen data describing the authentication code, and transmits the authentication code notification screen data to the second user device 2 (S132). .
 第二利用者装置2のサービス利用部207は、ステップS132において送信された認証コード通知画面データを出力部211に表示する(S133)。なお、本ステップを実施した後、図19の次のステップS134に移行するタイミングは、利用者の都合のよいタイミングで実施されるものとし、必ずしも即時に実施される必要はない。また、本ステップ以降、利用者は第一利用者装置1を使用する。 The service usage unit 207 of the second user device 2 displays the authentication code notification screen data transmitted in step S132 on the output unit 211 (S133). In addition, after implementing this step, the timing which transfers to following step S134 of FIG. 19 shall be implemented at a timing convenient for a user, and does not necessarily need to be implemented immediately. Further, after this step, the user uses the first user device 1.
 図19に進み、次に、第一利用者装置1のサービス利用部104は、入力部108を介して、サービス提供装置4が提供するサービスにおける証明書変更要求を行うためのURLの入力を受け付け、サービス提供装置4に証明書変更要求メッセージを送信する(S134)。 Next, the service using unit 104 of the first user apparatus 1 accepts an input of a URL for making a certificate change request for a service provided by the service providing apparatus 4 via the input unit 108, as shown in FIG. Then, a certificate change request message is transmitted to the service providing apparatus 4 (S134).
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信した証明書変更要求を受信する(S135)。 Next, the service providing unit 407 of the service providing device 4 receives the certificate change request transmitted by the first user device 1 via the communication unit 410 (S135).
 次に、サービス提供装置4のサービス提供部407は、利用者証明書の変更を行うために必要な認証コード入力画面データを第一利用者装置1に送信する(S136)。 Next, the service providing unit 407 of the service providing apparatus 4 transmits the authentication code input screen data necessary for changing the user certificate to the first user apparatus 1 (S136).
 そして、第一利用者装置1のサービス利用部104は、ステップS136にて送信された認証コード入力画面データを受信し、出力部109に表示する(S137)。 Then, the service using unit 104 of the first user device 1 receives the authentication code input screen data transmitted in step S136 and displays it on the output unit 109 (S137).
 次に、第一利用者装置1のサービス利用部104は、入力部108を介して、変更に必要な情報の入力を受け付け、入力された情報を署名対象として、ドメインAの新しい秘密鍵を用いて電子署名データを生成する(S138)。例えば、サービス利用部104は、第一利用者装置用認証部106及び利用者認証用デバイス制御部105を介して、利用者認証用デバイス120のデバイス用認証部127に電子署名データの生成を要求する。そして、デバイス用認証部127が、第一利用者秘密鍵記憶領域122に記憶されている新しい秘密鍵を用いて電子署名データを生成した後、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する新しい利用者証明書と、を第一利用者装置1のサービス利用部104に返信する。 Next, the service utilization unit 104 of the first user device 1 accepts input of information necessary for the change via the input unit 108, and uses the new secret key of the domain A with the input information as a signature target. Electronic signature data is generated (S138). For example, the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do. Then, the device authentication unit 127 generates electronic signature data using the new private key stored in the first user private key storage area 122, and then generates the generated electronic signature data and the electronic signature data. A new user certificate corresponding to the secret key used for the service is returned to the service using unit 104 of the first user device 1.
 そして、第一利用者装置1のサービス利用部104は、ステップS138においてユーザに入力させた情報と、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する新しい利用者証明書と、をサービス提供装置4に送信する(S139)。 Then, the service utilization unit 104 of the first user apparatus 1 creates a new user corresponding to the information input by the user in step S138, the generated electronic signature data, and the private key used to generate the electronic signature data. The certificate is transmitted to the service providing apparatus 4 (S139).
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信したユーザの情報、電子署名データ、新しい利用者証明書等を受信する(S140)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the user information, electronic signature data, new user certificate, and the like transmitted by the first user apparatus 1 via the communication unit 410 (S140). .
 次に、サービス提供装置4の認証連携処理部408は、第一利用者装置1から受信した電子署名データの署名検証を、新しいドメインAの利用者証明書を用いて行う(S141)。ここで、署名の検証に成功した場合はステップS143に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS142に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate of the new domain A (S141). Here, if the signature verification is successful, the process proceeds to step S143. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S142.
 ステップS142では、第一利用者装置1のサービス利用部104は、ステップS141において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS110に戻り処理を繰り返してもよい。 In step S142, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S141 on the output unit 109. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S110 as necessary.
 一方、ステップS143では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS141で署名の検証に用いた利用者証明書の検証要求メッセージを送信する。検証要求メッセージには、証明書変更要求であることを示す要求種別データと、検証対象となる新しいドメインAの利用者証明書と、が含まれるものとする。 On the other hand, in step S143, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a verification request message for the user certificate used for verifying the signature in step S141 to the providing side certificate verification apparatus 6. The verification request message includes request type data indicating a certificate change request and a new domain A user certificate to be verified.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S144)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the user certificate verification request message transmitted by the service providing apparatus 4 via the communication unit 610 (S144).
 次に、提供側証明書検証装置6の証明書検証部607は、ステップS144において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S145)。本ステップの詳細については、図22を用いて説明する。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S144 (S145). Details of this step will be described with reference to FIG.
 さらに、ステップS145の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S146)。利用者証明書の検証応答メッセージには、新しいドメインAの利用者証明書の正当性検証の成否が含まれるものとする。 Further, according to the verification result in step S145, the certificate verification unit 607 of the providing-side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S146). The verification response message for the user certificate includes success / failure verification of the validity of the user certificate for the new domain A.
 そして、サービス提供装置4の認証連携処理部408は、ステップS146において送信された利用者証明書の検証応答メッセージを受信し、新しいドメインAの利用者証明書の正当性の検証結果を確認する(S147)。利用者証明書382の正当性検証の結果、証明書に問題がないことを確認できた場合にはステップS149に進み、利用者証明書の正当性検証の結果が失敗を示すものである場合には、証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS148に進む。 Then, the authentication collaboration processing unit 408 of the service providing apparatus 4 receives the user certificate verification response message transmitted in step S146 and confirms the verification result of the validity of the new domain A user certificate ( S147). As a result of the validity verification of the user certificate 382, if it can be confirmed that there is no problem with the certificate, the process proceeds to step S149, and the validity verification result of the user certificate indicates failure. Generates error screen data indicating that the certificate verification has failed, transmits the error screen data to the first user device 1, and proceeds to step S148.
 ステップS148では、第一利用者装置1のサービス利用部104は、ステップS147において送信されたエラー画面データを出力部109に表示する(S148)。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS134に戻り処理を繰り返してもよい。 In step S148, the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S147 on the output unit 109 (S148). In this embodiment, the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
 一方、ステップS149では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、認証コードを検索するための検索要求メッセージを送信する。認証コードの検索要求メッセージには、検索要求メッセージであることを示すデータの他、ステップS140において受信した利用者証明書から抽出した発行者名もしくはその一部(発行者を識別できる部分)、および、所有者名もしくはその一部(所有者を識別できる部分)が含まれるものとする。 On the other hand, in step S149, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for an authentication code to the user information management apparatus 5. In the authentication code search request message, in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S140 or a part thereof (part that can identify the issuer), and , The owner name or a part of it (part that can identify the owner) shall be included.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、サービス提供装置4が送信した認証コードの検索要求メッセージを受信する(S150)。 The user information management unit 506 of the user information management apparatus 5 receives the authentication code search request message transmitted by the service providing apparatus 4 (S150).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS150において受信した情報をもとに、ユーザ情報記憶領域502に記憶されているユーザ情報テーブル502aを検索する(S151)。本ステップでは、ユーザ情報テーブル502aにおいて、利用者証明書の発行者名もしくはその一部がどのドメインに属するものであるかを判断し、該当するドメインの所有者名の列から、受信した所有者名を検索キーに一致するレコードを検索する。なお、本フローの前提条件に記載したとおり、証明書の命名規則によって所有者名の一部で利用者を一意に特定可能であるものについては、所有者名の一部を検索キーに使用する。 Next, the user information management unit 506 of the user information management device 5 searches the user information table 502a stored in the user information storage area 502 based on the information received in step S150 (S151). In this step, in the user information table 502a, it is determined to which domain the issuer name of the user certificate or a part thereof belongs, and the received owner is obtained from the column of the owner name of the corresponding domain. Search for records whose names match the search key. In addition, as described in the preconditions of this flow, for a part of the owner name that can uniquely identify the user by the certificate naming rules, use a part of the owner name as the search key. .
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、認証コードの検索結果を含めた検索結果メッセージを生成し、サービス提供装置4に送信する(S152)。ここで、ステップS151において該当するレコードが存在した場合には、当該レコードに登録されている認証コードを検索結果メッセージに含め、該当するレコードが存在しない場合、あるいは、該当するレコードに認証コードが存在しない場合は、認証コードが存在しないことを示す情報を検索結果メッセージに含める。 Then, the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the authentication code and transmits it to the service providing device 4 (S152). Here, if there is a corresponding record in step S151, the authentication code registered in the record is included in the search result message, and if there is no corresponding record, or there is an authentication code in the corresponding record. If not, information indicating that the authentication code does not exist is included in the search result message.
 なお、本シーケンスの前提である利用者証明書の関連付けの更新対象の条件からすると、該当するレコードは複数存在しない想定であるため、ステップS151において該当するレコードが複数検索された場合には、本ステップにおいて生成する検索結果としてエラーである旨のメッセージを生成するものとする。 In addition, since it is assumed that there are not a plurality of corresponding records based on the update target condition of the user certificate association which is the premise of this sequence, when a plurality of corresponding records are searched in step S151, A message indicating an error is generated as a search result generated in the step.
 そして、サービス提供装置4の認証連携処理部408は、ステップS152において送信された検索結果メッセージを受信し、受信した認証コードと、ステップS140で受信した認証コードと、が一致するかどうかを検証する(S153)。検証に成功した場合は、ステップS155に進み、検証に失敗した場合(ステップS146で送信された検証結果メッセージに認証コードが含まれていない場合も含む)は、証明書の変更に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS154に進む。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S152, and verifies whether the received authentication code matches the authentication code received in step S140. (S153). If the verification succeeds, the process proceeds to step S155. If the verification fails (including the case where the verification result message transmitted in step S146 does not include an authentication code), the fact that the certificate change has failed is indicated. The error screen data to be transmitted is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S154.
 ステップS154では、第一利用者装置1のサービス利用部104は、ステップS153において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS134に戻り処理を繰り返してもよい。 In step S154, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S153 on the output unit 109. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
 一方、ステップS155では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報の変更要求メッセージを送信する。ユーザ情報の変更要求メッセージには、変更要求メッセージであることを示すデータの他、ステップS140において取得した認証コード、利用者証明書、さらには当該利用者証明書から抽出した発行者名、シリアル番号、所有者名等が含まれているものとする。また、変更を要求する利用者証明書、発行者名、シリアル番号、所有者名の列については、発行者名をから該当するドメインを特定し、変更する列を指定するものとする。 On the other hand, in step S155, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5. In the user information change request message, in addition to the data indicating the change request message, the authentication code acquired in step S140, the user certificate, and the issuer name and serial number extracted from the user certificate. , Owner name, etc. shall be included. For the user certificate, issuer name, serial number, and owner name columns requesting the change, the corresponding domain is identified from the issuer name, and the column to be changed is designated.
 ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信したユーザ情報の変更要求を受信する(S156)。 The user information management unit 506 of the user information management device 5 receives the user information change request transmitted by the service providing device 4 via the communication unit 508 (S156).
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS156において受信した情報を、ユーザ情報記憶領域502に記憶されているユーザ情報テーブル502aに格納する(S157)。本ステップでは、認証コードを検索キーにユーザ情報テーブル502aを検索し、当該認証コードが登録されているレコードに、利用者証明書、発行者名、シリアル番号、所有者名の情報を格納して更新する。また、当該レコードの認証コードの削除も行う。 Then, the user information management unit 506 of the user information management device 5 stores the information received in step S156 in the user information table 502a stored in the user information storage area 502 (S157). In this step, the user information table 502a is searched using the authentication code as a search key, and the user certificate, issuer name, serial number, and owner name information are stored in the record in which the authentication code is registered. Update. Also, the authentication code of the record is deleted.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の変更結果を含めた変更結果メッセージを生成し、サービス提供装置4に送信する(S158)。 Next, the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the user information and transmits it to the service providing device 4 (S158).
 サービス提供装置4の認証連携処理部408は、ステップS158において送信された変更結果メッセージを受信し、変更の成否を確認する(S159)。変更に成功した場合にはステップS161に進み、変更に失敗した場合は、変更に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS160に進む。 The authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S158 and confirms the success or failure of the change (S159). If the change is successful, the process proceeds to step S161. If the change is unsuccessful, error screen data notifying that the change has failed is generated, and the error screen data is transmitted to the first user device 1, and step S160. Proceed to
 ステップS160では、第一利用者装置1のサービス利用部104は、ステップS159において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS134に戻り処理を繰り返してもよい。 In step S160, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S159 on the output unit 109. In this embodiment, the process ends at this step, but the process may be repeated by returning to step S134 as necessary.
 一方、ステップS161では、サービス提供装置4のサービス提供部407は、変更に成功した旨を示す変更結果画面データを生成し、当該画面データを第一利用者装置1に送信する。 On the other hand, in step S161, the service providing unit 407 of the service providing apparatus 4 generates change result screen data indicating that the change is successful, and transmits the screen data to the first user apparatus 1.
 そして、第一利用者装置1のサービス利用部104は、ステップS161において送信された変更結果画面データを出力部109に表示する(S162)。 And the service utilization part 104 of the 1st user apparatus 1 displays the change result screen data transmitted in step S161 on the output part 109 (S162).
 以上の手順を実施することにより、サービス提供者にとって信頼度の高い利用者証明書の関連付けの変更が完了する。なお、本シーケンスでは、ユーザ情報の検索を行ってから(ステップS149~ステップS154)、ユーザ情報の変更要求メッセージを送信するようにしているが(ステップS155)、ユーザ情報の検索ステップ(ステップS149~ステップS154)については、スキップすることも可能である。 By performing the above procedure, the change of the association of the user certificate having high reliability for the service provider is completed. In this sequence, user information is searched (steps S149 to S154), and a user information change request message is transmitted (step S155). However, a user information search step (steps S149 to S154) is performed. Step S154) can be skipped.
 図20及び図21は、利用者証明書の関連付けの解除処理を示すシーケンス図である。サービス利用の前提として、利用者は図14及び図15に示す利用者証明書の登録処理を既に行っているものとする。また、ここでは、利用者が第一利用者装置1を利用する際のシーケンスを説明するが、第二利用者装置2を利用してもよい。 FIG. 20 and FIG. 21 are sequence diagrams showing a user certificate association release process. As a premise for using the service, it is assumed that the user has already performed the registration process of the user certificate shown in FIGS. Here, the sequence when the user uses the first user device 1 will be described, but the second user device 2 may be used.
 まず、第一利用者装置1のサービス利用部104は、入力部108を介して、サービス提供装置4が提供するサービスにおいて利用者証明書の関連付けを解除するためのURLの入力を受け付け、サービス提供装置4に利用者証明書の関連付けを解除するための連携解除要求メッセージを送信する(S170)。 First, the service using unit 104 of the first user device 1 receives an input of a URL for releasing the association of the user certificate in the service provided by the service providing device 4 via the input unit 108 and provides the service. A cooperation cancellation request message for canceling the association of the user certificate is transmitted to the apparatus 4 (S170).
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信した連係解除要求メッセージを受信する(S171)。 Next, the service providing unit 407 of the service providing device 4 receives the association cancellation request message transmitted by the first user device 1 via the communication unit 410 (S171).
 次に、サービス提供装置4のサービス提供部407は、連係解除時の認証に必要な利用者証明書等を要求する認証要求データを第一利用者装置1に送信する(S172)。 Next, the service providing unit 407 of the service providing apparatus 4 transmits to the first user apparatus 1 authentication request data requesting a user certificate or the like necessary for authentication at the time of cancellation of linkage (S172).
 そして、第一利用者装置1のサービス利用部104は、通信部110を介して、ステップS172にて送信された認証要求データを受信する(S173)。 Then, the service utilization unit 104 of the first user device 1 receives the authentication request data transmitted in step S172 via the communication unit 110 (S173).
 次に、第一利用者装置1は、受信した認証要求データに基づき、秘密鍵を用いて電子署名を生成する(S174)。例えば、サービス利用部104は、第一利用者装置用認証部106及び利用者認証用デバイス制御部105を介して、利用者認証用デバイス120のデバイス用認証部127に電子署名データの生成を要求する。そして、デバイス用認証部127が、第一利用者秘密鍵記憶領域122に記憶されている秘密鍵を用いて電子署名データを生成した後、生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、を第一利用者装置1のサービス利用部104に返信する。例えば、SSLあるいはTLSによるクライアント認証のために必要なクライアント側の処理が本ステップに相当する。なお、ここで使用する利用者証明書や秘密鍵は、有効な利用者証明書や当該証明書に対応する秘密鍵である。 Next, the first user device 1 generates an electronic signature using the secret key based on the received authentication request data (S174). For example, the service use unit 104 requests the device authentication unit 127 of the user authentication device 120 to generate electronic signature data via the first user device authentication unit 106 and the user authentication device control unit 105. To do. Then, the device authentication unit 127 generates electronic signature data using the private key stored in the first user private key storage area 122, and then generates the generated electronic signature data and the electronic signature data. The user certificate corresponding to the used private key is returned to the service using unit 104 of the first user device 1. For example, processing on the client side required for client authentication by SSL or TLS corresponds to this step. The user certificate and private key used here are a valid user certificate and a private key corresponding to the certificate.
 次に、第一利用者装置1のサービス利用部104は、ステップS174において生成した電子署名データと、当該電子署名データの生成に使用した秘密鍵に対応する利用者証明書と、をサービス提供装置4に送信する(S175)。例えば、SSLあるいはTLSによるクライアント証明書を送信する処理等が本ステップに相当する。 Next, the service using unit 104 of the first user apparatus 1 receives the electronic signature data generated in step S174 and the user certificate corresponding to the private key used for generating the electronic signature data. 4 (S175). For example, processing for transmitting a client certificate by SSL or TLS corresponds to this step.
 次に、サービス提供装置4のサービス提供部407は、通信部410を介して、第一利用者装置1が送信した電子署名データ、利用者証明書等を受信する(S176)。 Next, the service providing unit 407 of the service providing apparatus 4 receives the electronic signature data, the user certificate, and the like transmitted by the first user apparatus 1 via the communication unit 410 (S176).
 そして、サービス提供装置4の認証連携処理部408は、第一利用者装置1から受信した電子署名データの署名検証を、一緒に受信した利用者証明書を用いて行う(S177)。ここで、署名の検証に成功した場合はステップS179に進み、署名の検証に失敗した場合は、署名検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS178に進む。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 performs signature verification of the electronic signature data received from the first user apparatus 1 using the user certificate received together (S177). Here, if the signature verification is successful, the process proceeds to step S179. If the signature verification is unsuccessful, error screen data indicating that the signature verification has failed is generated, and the error screen data is stored in the first user device. 1 and proceeds to step S178.
 ステップS178では、第一利用者装置1のサービス利用部104は、ステップS177において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS170に戻り処理を繰り返してもよい。 In step S178, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S177 on the output unit 109. In this embodiment, the process ends at this step, but the process may return to step S170 and be repeated as necessary.
 一方、ステップS179では、サービス提供装置4の認証連携処理部408は、提供側証明書検証装置6に対して、ステップS177で署名の検証に用いた利用者証明書の検証要求メッセージを送信する。検証要求メッセージには、連携解除要求メッセージであることを示す要求種別データと、検証対象となる利用者証明書と、が含まれるものとする。 On the other hand, in step S179, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits to the providing side certificate verifying apparatus 6 a verification request message for the user certificate used for verifying the signature in step S177. It is assumed that the verification request message includes request type data indicating a cooperation cancellation request message and a user certificate to be verified.
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、サービス提供装置4が送信した利用者証明書の検証要求メッセージを受信する(S180)。 Next, the certificate verification unit 607 of the providing side certificate verification device 6 receives the user certificate verification request message transmitted by the service providing device 4 via the communication unit 610 (S180).
 そして、提供側証明書検証装置6の証明書検証部607は、ステップS180において受信した検証要求メッセージ中の利用者証明書の正当性の検証を行う(S181)。本ステップの詳細については、図22を用いて説明する。 The certificate verification unit 607 of the providing side certificate verification apparatus 6 verifies the validity of the user certificate in the verification request message received in step S180 (S181). Details of this step will be described with reference to FIG.
 次に、ステップS181の検証結果に応じて、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証応答メッセージを生成し、サービス提供装置4に送信する(S182)。利用者証明書の検証応答メッセージには、利用者証明書の正当性検証の成否が含まれるものとする。 Next, in response to the verification result in step S181, the certificate verification unit 607 of the providing side certificate verification apparatus 6 generates a user certificate verification response message and transmits it to the service providing apparatus 4 (S182). The verification response message for the user certificate includes success / failure verification of the user certificate.
 次に、サービス提供装置4の認証連携処理部408は、ステップS182において送信された利用者証明書の検証応答を受信し、利用者証明書の正当性の検証結果を確認する(S183)。利用者証明書の正当性検証の結果、利用者証明書に問題がないことを確認できた場合にはステップS185(図21)に進み、利用者証明書の正当性検証の結果が失敗していた場合には、証明書の検証に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS184に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the verification response of the user certificate transmitted in step S182 and confirms the verification result of the validity of the user certificate (S183). As a result of verifying the validity of the user certificate, if it is confirmed that there is no problem with the user certificate, the process proceeds to step S185 (FIG. 21), and the result of verifying the validity of the user certificate has failed. If it is, error screen data indicating that the certificate verification has failed is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S184.
 ステップS184では、第一利用者装置1のサービス利用部104は、ステップS183において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS170に戻り処理を繰り返してもよい。 In step S184, the service utilization unit 104 of the first user device 1 displays the error screen data transmitted in step S183 on the output unit 109. In this embodiment, the process ends at this step, but the process may return to step S170 and be repeated as necessary.
 図21に進み、ステップS185では、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報を検索するための検索要求メッセージを送信する。ユーザ情報の検索要求メッセージには、検索要求メッセージであることを示すデータの他、ステップS176において受信した利用者証明書から抽出した発行者名もしくはその一部(発行者を識別することのできる部分)、および、所有者名もしくはその一部(所有者を識別することのできる部分)、が含まれているものとする。 21, in step S185, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a search request message for searching for user information to the user information management apparatus 5. In the user information search request message, in addition to the data indicating that it is a search request message, the issuer name extracted from the user certificate received in step S176 or a part thereof (part that can identify the issuer) ), And the owner name or a part thereof (part that can identify the owner).
 ユーザ情報管理装置5のユーザ情報管理部506は、サービス提供装置4が送信したユーザ情報の検索要求メッセージを受信する(S186)。 The user information management unit 506 of the user information management device 5 receives the user information search request message transmitted by the service providing device 4 (S186).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS186において受信した情報をもとに、ユーザ情報記憶領域502に記憶されているユーザ情報テーブル502aを検索する(S187)。本ステップでは、利用者証明書の発行者名もしくはその一部がどのドメインに属するものであるかを判断し、該当するドメインの所有者名の列から、受信した所有者名を検索キーに一致するレコードを検索する。なお、証明書の命名規則によって所有者名の一部で利用者を一意に特定可能であるものについては、所有者名の一部を検索キーに使用する。 Next, the user information management unit 506 of the user information management device 5 searches the user information table 502a stored in the user information storage area 502 based on the information received in step S186 (S187). In this step, it is determined to which domain the issuer name or part of the user certificate belongs, and the received owner name is matched with the search key from the column of the owner name of the corresponding domain. Search for the record you want. For a part of the owner name that can uniquely identify the user by the certificate naming rule, a part of the owner name is used as a search key.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の検索結果を含めた検索結果メッセージを生成し、サービス提供装置4に送信する(S188)。ここで、検索結果メッセージには、該当するレコードが存在した場合には、そのレコードに格納されている登録ID、個人情報、各ドメインの利用者証明書の発行者名、シリアル番号、所有者名を少なくとも含め、該当するレコードが存在しない場合は、存在しない旨を示す情報を含めるものとする。 Then, the user information management unit 506 of the user information management device 5 generates a search result message including the search result of the user information and transmits it to the service providing device 4 (S188). Here, if the corresponding record exists in the search result message, the registration ID, personal information, issuer name, serial number, and owner name of each domain's user certificate stored in that record When there is no corresponding record, information indicating that it does not exist is included.
 なお、本フローの前提である証明書の関連付けの更新対象の条件からすると、該当するレコードは複数存在しない想定であるため、ステップS187において該当するレコードが複数検索された場合には、本ステップにおいて生成する検索結果としてエラーである旨のメッセージを生成するものとする。 In addition, since it is assumed that there are not a plurality of corresponding records based on the condition of the update target of the certificate association that is the premise of this flow, when a plurality of corresponding records are searched in step S187, in this step A message indicating an error is generated as a search result to be generated.
 次に、サービス提供装置4の認証連携処理部408は、ステップS188において送信された検索結果メッセージを受信し、受信した検索結果メッセージにユーザ情報(登録ID、個人情報、各ドメインの利用者証明書の発行者名、シリアル番号、所有者名)が含まれているか否かを確認する(S189)。検索結果メッセージにユーザ情報が含まれている場合には、ステップS191に進み、検索結果メッセージにユーザ情報が含まれていない場合は、解除の対象となる証明書登録が行われていない旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS190に進む。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the search result message transmitted in step S188, and includes user information (registration ID, personal information, user certificate of each domain) in the received search result message. (Issuer name, serial number, owner name) is included (S189). When the search result message includes user information, the process proceeds to step S191. When the search result message does not include user information, the user is informed that the certificate to be canceled is not registered. Error screen data is generated, the error screen data is transmitted to the first user device 1, and the process proceeds to step S190.
 ステップS190では、第一利用者装置1のサービス利用部104は、ステップS189において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS170に戻り処理を繰り返してもよい。 In step S190, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S189 on the output unit 109. In this embodiment, the process ends at this step, but the process may return to step S170 and be repeated as necessary.
 一方、ステップS191では、サービス提供装置4の認証連携処理部408は、連携解除を行うための連携解除選択画面データを生成し、当該連携解除選択画面データを第一利用者装置1に送信する。なお、連携解除選択画面データには、ステップS189において受信したユーザ情報をもとに、関連付けされている利用者証明書に関する情報の一覧を記載し、連携を解除するものをチェックした結果と登録IDを送信できる形態のものとする。 On the other hand, in step S191, the authentication cooperation processing unit 408 of the service providing apparatus 4 generates cooperation cancellation selection screen data for performing the cooperation cancellation, and transmits the cooperation cancellation selection screen data to the first user apparatus 1. The cooperation cancellation selection screen data includes a list of information related to the associated user certificate based on the user information received in step S189, and a result of checking what is to be canceled and a registration ID. Can be transmitted.
 そして、第一利用者装置1のサービス利用部104は、ステップS191において送信された連携解除選択画面データを出力部109に表示する(S192)。 And the service utilization part 104 of the 1st user apparatus 1 displays the cooperation cancellation | release selection screen data transmitted in step S191 on the output part 109 (S192).
 次に、第一利用者装置1のサービス利用部104は、入力部108を介して、利用者から連携を解除したい利用者証明書を特定する部分にチェックをつけさせるなどして選択を受け付ける(S193)。 Next, the service using unit 104 of the first user device 1 accepts a selection via the input unit 108 by, for example, checking a part that specifies a user certificate that the user wants to cancel the cooperation of (1). S193).
 そして、第一利用者装置1のサービス利用部104は、ステップS193において選択を受け付けた内容で特定される情報を連携解除証明書情報メッセージとして、サービス提供装置4に送信する(S194)。連携解除証明書情報メッセージには、登録ID、解除対象として選択された利用者証明書の発行者名、シリアル番号、所有者名等が含まれるものとする。 Then, the service using unit 104 of the first user device 1 transmits information specified by the content received in step S193 to the service providing device 4 as a cooperation cancellation certificate information message (S194). The cooperation cancellation certificate information message includes a registration ID, an issuer name of a user certificate selected as a cancellation target, a serial number, an owner name, and the like.
 次に、サービス提供装置4の認証連携処理部408は、通信部410を介して、第一利用者装置1が送信した連携解除証明書情報メッセージを受信する(S195)。 Next, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the cooperation cancellation certificate information message transmitted by the first user apparatus 1 via the communication unit 410 (S195).
 そして、サービス提供装置4の認証連携処理部408は、ユーザ情報管理装置5に対して、ユーザ情報の変更要求メッセージを送信する(S196)。ユーザ情報の変更要求メッセージには、変更要求メッセージであることを示すデータの他、ステップS195において取得した登録ID、解除対象となった利用者証明書の発行者名、シリアル番号、所有者名等が含まれているものとする。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 transmits a user information change request message to the user information management apparatus 5 (S196). In the user information change request message, in addition to the data indicating that it is a change request message, the registration ID acquired in step S195, the issuer name, serial number, owner name, etc. of the user certificate to be canceled Is included.
 ユーザ情報管理装置5のユーザ情報管理部506は、通信部508を介して、サービス提供装置4が送信したユーザ情報の変更要求メッセージを受信する(S197)。 The user information management unit 506 of the user information management device 5 receives the user information change request message transmitted by the service providing device 4 via the communication unit 508 (S197).
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ステップS197において受信した変更要求メッセージに含まれる情報に基づいて、ユーザ情報テーブル502aを更新する(S198)。本ステップでは、ユーザ情報テーブル502aにおいて、登録IDを検索キーに、当該登録IDが登録されているレコードの、解除対象となる利用者証明書、発行者名、シリアル番号、所有者名の情報を削除する。なお、削除する利用者証明書、発行者名、シリアル番号、所有者名の列については、発行者名から該当するドメインを特定し、削除する列を特定するものとする。 Next, the user information management unit 506 of the user information management device 5 updates the user information table 502a based on the information included in the change request message received in step S197 (S198). In this step, in the user information table 502a, the registration ID is used as a search key, and the user certificate, issuer name, serial number, and owner name information to be canceled of the record in which the registration ID is registered are stored. delete. For the user certificate, issuer name, serial number, and owner name columns to be deleted, the domain to be deleted is specified from the issuer name, and the column to be deleted is specified.
 次に、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報の変更結果を含めた変更結果メッセージを生成し、サービス提供装置4に送信する(S199)。 Next, the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the user information and transmits it to the service providing device 4 (S199).
 そして、サービス提供装置4の認証連携処理部408は、ステップS199において送信された変更結果メッセージを受信し、変更の成否を確認する(S200)。変更に成功した場合にはステップS202に進み、変更に失敗した場合は、連携解除に失敗した旨を伝えるエラー画面データを生成し、当該エラー画面データを第一利用者装置1に送信し、ステップS201に進む。 Then, the authentication cooperation processing unit 408 of the service providing apparatus 4 receives the change result message transmitted in step S199, and confirms the success or failure of the change (S200). If the change is successful, the process proceeds to step S202. If the change is unsuccessful, error screen data notifying that the cooperation cancellation has failed is generated, the error screen data is transmitted to the first user device 1, and step The process proceeds to S201.
 ステップS201では、第一利用者装置1のサービス利用部104は、ステップS200において送信されたエラー画面データを出力部109に表示する。本実施形態においては本ステップで処理が終了するが、必要に応じてステップS170に戻り処理を繰り返してもよい。 In step S201, the service using unit 104 of the first user device 1 displays the error screen data transmitted in step S200 on the output unit 109. In this embodiment, the process ends at this step, but the process may return to step S170 and be repeated as necessary.
 一方、ステップS202では、サービス提供装置4のサービス提供部407は、連携解除に成功した旨を示す連携解除結果画面データを生成し、当該連携解除結果画面データを第一利用者装置1に送信する(S202)。 On the other hand, in step S <b> 202, the service providing unit 407 of the service providing apparatus 4 generates cooperation cancellation result screen data indicating that the cooperation cancellation is successful, and transmits the cooperation cancellation result screen data to the first user apparatus 1. (S202).
 そして、第一利用者装置1のサービス利用部104は、ステップS202において送信された連携解除結果画面データを出力部109に表示する(S203)。 And the service utilization part 104 of the 1st user apparatus 1 displays the cooperation cancellation result screen data transmitted in step S202 on the output part 109 (S203).
 以上の手順を実施することにより、利用者証明書の関連付けの解除が完了する。なお、本シーケンスでは、ユーザ情報の検索を行ってから(ステップS189~ステップS190)、連係解除選択画面データを送信するようにしているが(ステップS191)、ユーザ情報の検索ステップ(ステップS189~ステップS190)については、スキップすることも可能である。 The above procedure completes the cancellation of the user certificate association. In this sequence, after searching for user information (steps S189 to S190), the link release selection screen data is transmitted (step S191), but the user information searching step (steps S189 to S190) is performed. S190) can be skipped.
 図22は、利用者証明書の検証処理を示すフローチャートである。 FIG. 22 is a flowchart showing user certificate verification processing.
 まず、提供側証明書検証装置6の追加検証部608は、検証対象となる利用者証明書から発行者名を抽出し、検証対象となる利用者証明書がサービス提供にあたり利用を認めているサポート内の利用者証明書であるか否かを確認する(S210)。そして、サポート内の利用者証明書である場合にはステップS211に進み、サポート内の利用者証明書ではない場合にはステップS223に進む。 First, the additional verification unit 608 of the providing-side certificate verification apparatus 6 extracts the issuer name from the user certificate to be verified, and the support that the user certificate to be verified permits use in providing the service. It is confirmed whether it is a user certificate (S210). If it is a user certificate within the support, the process proceeds to step S211. If it is not a user certificate within the support, the process proceeds to step S223.
 次に、追加検証部608は、検証対象となる利用者証明書から抽出した発行者名より、ドメインを特定し、検証対象となる利用者証明書が信頼度の高い証明書として位置づけられている利用者証明書であるか否か(ここでは、ドメインAの利用者証明書であるか否か)を確認する(S211)。そして、信頼度の高い利用者証明書である場合にはステップS219に進み、信頼度の高い利用者証明書ではない場合にはステップS212に進む。 Next, the additional verification unit 608 identifies the domain from the issuer name extracted from the user certificate to be verified, and the user certificate to be verified is positioned as a highly reliable certificate. It is confirmed whether or not it is a user certificate (here, whether or not it is a domain A user certificate) (S211). If it is a highly reliable user certificate, the process proceeds to step S219. If it is not a highly reliable user certificate, the process proceeds to step S212.
 ステップS212では、追加検証部608は、サービス提供装置4が第一利用者装置1又は第二利用者装置2から受信した要求種別データが、連携変更要求メッセージを示すものであるか否かを判定する。そして、要求種別データが連携変更要求メッセージを示すものであった場合には、ステップS219に進み、要求種別データが連携変更要求メッセージを示すものではない場合には、ステップS213に進む。 In step S212, the additional verification unit 608 determines whether the request type data received from the first user device 1 or the second user device 2 by the service providing device 4 indicates a cooperation change request message. To do. If the request type data indicates a cooperation change request message, the process proceeds to step S219. If the request type data does not indicate a cooperation change request message, the process proceeds to step S213.
 ステップS213では、追加検証部608は、検証対象である利用者証明書の解析を行う。本実施形態においては、ドメインBの利用者証明書の解析を行うことになる。ここで解析を行う要素としては、利用者証明書の発行者名及びシリアル番号であり、これらの情報を取得する。 In step S213, the additional verification unit 608 analyzes the user certificate to be verified. In this embodiment, the domain B user certificate is analyzed. The elements to be analyzed here are the issuer name and serial number of the user certificate, and these pieces of information are acquired.
 次に、追加検証部608は、ユーザ情報管理装置5に対して、ユーザ情報を検索するための検索要求メッセージを送信する(S214)。ユーザ情報の検索要求のメッセージには、検索要求メッセージであることを示すデータの他、ステップS213において取得した利用者証明書の発行者名及びシリアル番号を含める。 Next, the additional verification unit 608 transmits a search request message for searching for user information to the user information management apparatus 5 (S214). In the user information search request message, the issuer name and serial number of the user certificate acquired in step S213 are included in addition to the data indicating the search request message.
 このような検索要求メッセージを受信したユーザ情報管理装置5では、ユーザ情報管理部506が、受信した検索要求メッセージに含まれる情報をもとに、ユーザ情報テーブル502aより、検証対象となる利用者証明書が連携付けられている利用者証明書を被連携証明書格納領域502dより取得する。 In the user information management device 5 that has received such a search request message, the user information management unit 506 uses the information contained in the received search request message to check the user certificate to be verified from the user information table 502a. The user certificate associated with the certificate is acquired from the linked certificate storage area 502d.
 例えば、本ステップでは、利用者証明書の発行者名がどのドメインに属するものであるかを判断し、該当するドメインのシリアル番号の列から、解析したシリアル番号を検索キーに一致するレコードを検索する。該当するレコードが存在した場合には、そのレコードの被連携証明書格納領域502dに格納されている利用者証明書、発行者名、シリアル番号、所有者名等を抽出し、さらに、そのレコードの状態フラグを抽出する。 For example, in this step, it is determined to which domain the issuer name of the user certificate belongs, and a record that matches the analyzed serial number with the search key is searched from the serial number column of the corresponding domain. To do. When the corresponding record exists, the user certificate, issuer name, serial number, owner name, etc. stored in the linked certificate storage area 502d of the record are extracted, and further, the record of the record is extracted. Extract status flags.
 さらに、ユーザ情報管理部506は、該当するレコードが存在した場合には、抽出した利用者証明書、発行者名、シリアル番号、所有者名、状態フラグ等を含むユーザ情報の検索結果メッセージを生成して、提供側証明書検証装置6に返信する。 Furthermore, when the corresponding record exists, the user information management unit 506 generates a search result message for user information including the extracted user certificate, issuer name, serial number, owner name, status flag, etc. Then, the message is returned to the providing side certificate verification device 6.
 そして、提供側証明書検証装置6の追加検証部608は、ユーザ情報管理装置5より、検索結果メッセージを受信すると(S215でYes)、受信した検索結果メッセージに含まれる状態フラグが「本登録」を示すものであるか否かを確認する(S216)。そして、「本登録」を示すものである場合にはステップS217に進み、「本登録」を示すものではない場合にはステップS223に進む。 When the additional verification unit 608 of the providing side certificate verification device 6 receives the search result message from the user information management device 5 (Yes in S215), the status flag included in the received search result message is “main registration”. Is confirmed (S216). If it indicates “main registration”, the process proceeds to step S217. If it does not indicate “main registration”, the process proceeds to step S223.
 ステップS217では、提供側証明書検証装置6の追加検証部608は、検証対象証明書に関連付けされた利用者証明書の正当性の検証を、証明書検証部607に要求し、証明書検証部607が検証を行う。ここで、本実施形態においては、本ステップでは、ドメインBの利用者証明書に関連付けされたドメインAの利用者証明書が検証の対象となる。なお、証明書検証部607での利用者証明書の正当性の検証処理の詳細は、図23及び図24を用いて説明する。 In step S217, the additional verification unit 608 of the providing side certificate verification apparatus 6 requests the certificate verification unit 607 to verify the validity of the user certificate associated with the verification target certificate, and the certificate verification unit 607 607 performs verification. Here, in the present embodiment, in this step, the domain A user certificate associated with the domain B user certificate is to be verified. Details of the verification process of the validity of the user certificate in the certificate verification unit 607 will be described with reference to FIGS.
 次に、提供側証明書検証装置6の追加検証部608は、ステップS217で行われた検証の検証結果を判定する(S218)。そして、検証結果が成功であった場合には、ステップS219に進み、検証結果が失敗であった場合には、ステップS221に進む。 Next, the additional verification unit 608 of the providing side certificate verification apparatus 6 determines the verification result of the verification performed in step S217 (S218). If the verification result is successful, the process proceeds to step S219. If the verification result is unsuccessful, the process proceeds to step S221.
 ステップS219では、提供側証明書検証装置6の追加検証部608が、検証対象となっている利用者証明書の正当性の検証を、証明書検証部607に要求することにより、証明書検証部607は検証を行う。証明書検証部607における証明書の正当性の検証処理の詳細は、図23及び図24を用いて説明する。 In step S219, the additional verification unit 608 of the providing-side certificate verification device 6 requests the certificate verification unit 607 to verify the validity of the user certificate that is the verification target, so that the certificate verification unit 607 607 performs verification. Details of the certificate validity verification processing in the certificate verification unit 607 will be described with reference to FIGS.
 次に、提供側証明書検証装置6の追加検証部608は、ステップS219において検証された利用者証明書の検証結果を判定する(S220)。利用者証明書の検証結果が成功であった場合にはステップS223に進み、利用者証明書の検証結果が失敗であった場合にはステップS221に進む。 Next, the additional verification unit 608 of the providing side certificate verification apparatus 6 determines the verification result of the user certificate verified in step S219 (S220). If the verification result of the user certificate is successful, the process proceeds to step S223, and if the verification result of the user certificate is unsuccessful, the process proceeds to step S221.
 ステップS221では、追加検証部608は、ユーザ情報管理装置5に対して、登録状態フラグの変更要求メッセージを送信する。登録状態フラグの変更要求メッセージには、登録フラグの変更要求メッセージであることを示すデータの他、検証に失敗した利用者証明書、当該利用者証明書の発行者名、シリアル番号等を含めるものとする。 In step S221, the additional verification unit 608 transmits a registration status flag change request message to the user information management device 5. The registration status flag change request message includes the data indicating that it is a registration flag change request message, as well as the user certificate that failed verification, the issuer name of the user certificate, the serial number, etc. And
 このような登録状態フラグの変更要求メッセージを受信したユーザ情報管理装置5では、ユーザ情報管理部506が、受信した変更要求メッセージに含まれている情報を、ユーザ情報テーブル502aに格納する。 In the user information management apparatus 5 that has received such a registration status flag change request message, the user information management unit 506 stores the information included in the received change request message in the user information table 502a.
 例えば、ユーザ情報管理装置5のユーザ情報管理部506は、ユーザ情報テーブル502aにおいて、利用者証明書の発行者名及びシリアル番号を検索キーに検索されたレコードの状態フラグフィールド502qに格納されている情報を、受信した変更要求メッセージで特定されるステータスに変更する。例えば、ドメインAの利用者証明書の検証に失敗した場合には、ドメインAの証明書が無効であることを特定する「A無効」のステータスに、ドメインBの利用者証明書の検証に失敗した場合には、ドメインBの証明書が無効であることを特定する「B無効」のステータスに、変更する。 For example, the user information management unit 506 of the user information management device 5 is stored in the status flag field 502q of the record searched using the issuer name and serial number of the user certificate in the user information table 502a as a search key. The information is changed to the status specified by the received change request message. For example, if the verification of the domain A user certificate fails, the verification of the domain B user certificate fails with the status of “A invalid” that specifies that the domain A certificate is invalid If it is, the status is changed to a “B invalid” status that specifies that the domain B certificate is invalid.
 なお、ユーザ情報管理装置5のユーザ情報管理部506は、変更を要求する利用者証明書、発行者名、シリアル番号の列については、発行者名から該当するドメインを特定し、更新する列を特定するものとする。 Note that the user information management unit 506 of the user information management device 5 specifies a domain to be updated by identifying a corresponding domain from the issuer name for the user certificate, issuer name, and serial number columns that request the change. Shall be identified.
 そして、ユーザ情報管理装置5のユーザ情報管理部506は、登録状態フラグの変更結果を含めた変更結果メッセージを生成し、提供側証明書検証装置6に送信する。 Then, the user information management unit 506 of the user information management device 5 generates a change result message including the change result of the registration status flag, and transmits it to the providing side certificate verification device 6.
 次に、提供側証明書検証装置6の追加検証部608は、ユーザ情報管理装置5より変更結果メッセージを受信すると(ステップS222でYes)、ステップS223に進む。 Next, when the additional verification unit 608 of the providing side certificate verification apparatus 6 receives the change result message from the user information management apparatus 5 (Yes in step S222), the process proceeds to step S223.
 ステップS223では、提供側証明書検証装置6の追加検証部608は、証明書検証結果の生成を行う。例えば、ステップS210において検証対象証明書がサポート外のドメインであった場合、ステップS216において登録状態フラグが本登録以外の状態を示すものであった場合、あるいは、ステップS222で変更結果メッセージを受信した場合には、検証に失敗した旨の証明書検証結果メッセージを生成する。一方、ステップS222において検証対象証明書の検証に成功した場合には、検証に成功した旨の証明書検証結果メッセージを生成する。 In step S223, the additional verification unit 608 of the provider side certificate verification apparatus 6 generates a certificate verification result. For example, if the verification target certificate is an unsupported domain in step S210, if the registration status flag indicates a state other than the main registration in step S216, or a change result message is received in step S222. In this case, a certificate verification result message indicating that the verification has failed is generated. On the other hand, if the verification target certificate is successfully verified in step S222, a certificate verification result message indicating that the verification is successful is generated.
 以上の処理を実施することによって、サービス利用時に信頼度の低い利用者証明書が使われた場合であっても、当該利用者証明書に関連する信頼度の高い利用者証明書も併せて検証することができ、認証の信頼度を低下させないようにすることができる。 By performing the above processing, even when a low-trust user certificate is used when using the service, the high-trust user certificate related to the user certificate is also verified. It is possible to prevent the authentication reliability from being lowered.
 一方、サービス利用時に信頼度の高い利用者証明書が使われた場合や利用者証明書が無効であることが既に把握できている場合には、複数の利用者証明書を検証することはなく、検証における冗長性を排除することもできる。 On the other hand, if a highly reliable user certificate is used when using the service, or if it is already known that the user certificate is invalid, multiple user certificates will not be verified. Redundancy in verification can also be eliminated.
 図23及び図24は、利用者証明書の検証処理を示すシーケンス図である。 23 and 24 are sequence diagrams showing user certificate verification processing.
 ここでは、ドメインAの利用者証明書を検証する際の処理を記載しているが、ドメインBの利用者証明書を検証する際には、第一証明書検証装置3Aに代えて第二証明書検証装置3Bを、第一認証局装置3Aに代えて第二認証局装置7Bを、用いればよい。 Here, the processing for verifying the domain A user certificate is described, but when verifying the domain B user certificate, the second certificate is used instead of the first certificate verification device 3A. The certificate verification device 3B may be replaced with the second certificate authority device 7B instead of the first certificate authority device 3A.
 なお、本シーケンスの前提として、提供側証明書検証装置6以外の証明書検証装置として利用可能なもの(本実施形態においては、第一証明書検証装置3A及び第二証明書検証装置3B)が存在し、これらの証明書検証装置を利用する場合には、予め、提供側証明書検証装置6の設定情報として、これらの証明書検証装置を利用者証明書の検証に利用する設定にしておくものとする。 Note that, as a premise of this sequence, those that can be used as a certificate verification apparatus other than the providing side certificate verification apparatus 6 (in this embodiment, the first certificate verification apparatus 3A and the second certificate verification apparatus 3B) are available. When these certificate verification apparatuses exist and are used, the setting information of the provider certificate verification apparatus 6 is set in advance so that these certificate verification apparatuses are used for user certificate verification. Shall.
 まず、提供側証明書検証装置6の証明書検証部607は、利用者証明書の検証において、利用者証明書のドメインに対応した他の証明書検証装置を利用するかどうかについて、提供側証明書検証装置6の設定情報を確認する(S230)。他の証明書検証装置を利用する設定になっている場合にはステップS231に進み、他の証明書検証装置を利用しない設定になっている場合にはステップS244(図24)に進む。 First, the certificate verification unit 607 of the provider side certificate verification apparatus 6 determines whether or not to use another certificate verification apparatus corresponding to the domain of the user certificate in the verification of the user certificate. The setting information of the document verification device 6 is confirmed (S230). If it is set to use another certificate verification apparatus, the process proceeds to step S231. If it is set not to use another certificate verification apparatus, the process proceeds to step S244 (FIG. 24).
 ステップS231では、提供側証明書検証装置6の証明書検証部607は、他の証明書検証装置(ここでは、第一証明書検証装置3A)に対して、証明書検証要求メッセージを送信する。証明書検証要求メッセージは、検証する利用者証明書と、信頼する認証局証明書と、を含むメッセージであり、例えば、政府認証基盤(GPKI)政府認証基盤相互運用性仕様書に規定されている証明書検証サーバアクセスプロトコルや、RFC5055として規定されているSCVP(Server-Based Certificate Validation Protocol)の要求メッセージが該当する。 In step S231, the certificate verification unit 607 of the providing side certificate verification device 6 transmits a certificate verification request message to another certificate verification device (here, the first certificate verification device 3A). The certificate verification request message is a message including a user certificate to be verified and a trusted certificate authority certificate. For example, the certificate verification request message is defined in the government authentication infrastructure (GPKI) government authentication infrastructure interoperability specification. This includes a certificate verification server access protocol and a request message of SCVP (Server-Based Certificate-Validation Protocol) defined as RFC5055.
 第一証明書検証装置3Aの証明書検証部は、提供側証明書検証装置6が送信した証明書検証要求メッセージを受信する(S232)。 The certificate verification unit of the first certificate verification device 3A receives the certificate verification request message transmitted by the provider certificate verification device 6 (S232).
 次に、第一証明書検証装置3Aの証明書検証部は、ステップS232において受信した証明書検証要求メッセージに含まれる利用者証明書の認証パスを構築する(S233)。認証パスの構築とは、信頼する認証局の認証局証明書から利用者証明書に至るまで、上位の証明書の所有者名と下位の証明書の発行者名が一致するようにパスを構成し、当該パス上の証明書全てを収集することである。信頼する認証局の認証局証明書から利用者証明書までのパスがつながっていない場合や、認証パス上の証明書が取得できなかった場合は、認証パスの構築に失敗したことになる。 Next, the certificate verification unit of the first certificate verification apparatus 3A constructs an authentication path for the user certificate included in the certificate verification request message received in step S232 (S233). Constructing a certification path means configuring the path so that the owner name of the higher-level certificate matches the issuer name of the lower-level certificate from the certificate authority certificate of the trusted certificate authority to the user certificate. And collecting all certificates on the path. If the path from the CA certificate of the trusted CA to the user certificate is not connected, or if the certificate on the certification path cannot be acquired, the certification path construction has failed.
 そして、認証パスの構築に成功した場合はステップS234に進み、認証パスの構築に失敗した場合はステップS240に進む。 If the authentication path construction is successful, the process proceeds to step S234. If the authentication path construction fails, the process proceeds to step S240.
 ステップS234では、第一証明書検証装置3Aの証明書検証部は、構築された認証パスの検証を行う。認証パスの検証とは、信頼する認証局証明書から利用者証明書までの各証明書について、下位の証明書に付与されている電子署名を上位の証明書の公開鍵で検証すること等である。 In step S234, the certificate verification unit of the first certificate verification apparatus 3A verifies the constructed certification path. Verification of certification path means that for each certificate from a trusted CA certificate to a user certificate, the digital signature attached to the lower certificate is verified with the public key of the upper certificate. is there.
 そして、認証パスの検証に成功した場合はステップS235に進み、認証パスの検証に失敗した場合はステップS240に進む。 If the verification of the authentication path is successful, the process proceeds to step S235. If the verification of the authentication path fails, the process proceeds to step S240.
 ステップS235では、第一証明書検証装置3Aの証明書検証部は、利用者証明書の有効性の確認を行うため、有効性確認の対象としている利用者証明書を発行した認証局装置(ここでは、第一認証局装置3A)に対して、有効性確認要求メッセージを送信する。 In step S235, the certificate verification unit of the first certificate verification device 3A checks the validity of the user certificate, so that the certificate authority device that issued the user certificate that is the target of the validity check (here Then, a validity check request message is transmitted to the first certificate authority device 3A).
 ここで、本実施形態においては、有効性確認要求として証明書失効リストの取得要求を行うものとして説明を行うが、オンライン証明書ステータスプロトコルによる要求メッセージを送信する形態であってもよい。なお、有効性確認要求の問い合わせ先は、各証明書内に記載されているものとする。 Here, in the present embodiment, a description will be given on the assumption that a certificate revocation list acquisition request is made as a validity check request, but a request message based on an online certificate status protocol may be transmitted. It should be noted that the inquiry destination of the validity check request is described in each certificate.
 次に、第一認証局装置3Aの失効情報提供部310は、通信部314を介して、第一証明書検証装置3Aが送信した有効性確認要求メッセージを受信する(S236)。 Next, the revocation information providing unit 310 of the first certificate authority device 3A receives the validity check request message transmitted by the first certificate verification device 3A via the communication unit 314 (S236).
 次に、第一認証局装置3Aの失効情報提供部310は、失効した利用者証明書を特定する有効性確認情報を含めた有効性確認情報メッセージを生成し、第一証明書検証装置3Aに送信する(S237)。本実施形態においては、証明書失効リストを送信するものとするが、オンライン証明書ステータスプロトコル等の方法によって失効情報を提供する場合は、この限りではない。 Next, the revocation information providing unit 310 of the first certificate authority device 3A generates a validity check information message including validity check information for specifying the revoked user certificate, and sends it to the first certificate verification device 3A. Transmit (S237). In this embodiment, the certificate revocation list is transmitted, but this is not the case when the revocation information is provided by a method such as an online certificate status protocol.
 次に、第一証明書検証装置3Aの証明書検証部は、通信部を介して、ステップS237において送信された有効性確認情報メッセージを受信する(S238)。 Next, the certificate verification unit of the first certificate verification device 3A receives the validity check information message transmitted in step S237 via the communication unit (S238).
 次に、第一証明書検証装置3Aの証明書検証部は、ステップS238において受信した有効性確認情報メッセージに基づき、有効性を確認しようとしている利用者証明書が失効していないこと、および、証明書が有効期間内であることを確認する(S239)。 Next, the certificate verification unit of the first certificate verification apparatus 3A confirms that the user certificate whose validity is to be verified has not been revoked based on the validity confirmation information message received in step S238, and It is confirmed that the certificate is within the valid period (S239).
 次に、第一証明書検証装置3Aの証明書検証部は、ステップS233、ステップS234及びステップS239の検証結果に応じて、利用者証明書の検証応答メッセージを生成する(S240)。 Next, the certificate verification unit of the first certificate verification apparatus 3A generates a user certificate verification response message according to the verification results of steps S233, S234, and S239 (S240).
 例えば、ステップS239において証明書が有効であると判断された場合には、証明書検証応答として証明書の検証に成功した旨のメッセージを生成する。一方、ステップS233において認証パスの構築に失敗した場合、ステップS234において認証パスの検証に失敗した場合、および、ステップS239において証明書が無効であると判断された場合、には証明書検証応答として証明書の検証に失敗した旨のメッセージを生成する。 For example, if it is determined in step S239 that the certificate is valid, a message indicating that the certificate has been successfully verified is generated as a certificate verification response. On the other hand, if certification path construction fails in step S233, certification path validation fails in step S234, and if it is determined in step S239 that the certificate is invalid, a certificate validation response is provided. Generate a message that the certificate verification failed.
 次に、第一証明書検証装置3Aの証明書検証部は、ステップS240において生成した証明書検証応答メッセージを、提供側証明書検証装置6に送信する(S241)。 Next, the certificate verification unit of the first certificate verification device 3A transmits the certificate verification response message generated in step S240 to the providing side certificate verification device 6 (S241).
 次に、提供側証明書検証装置6の証明書検証部607は、通信部610を介して、ステップS241において送信された証明書検証応答メッセージを受信する(S242)。 Next, the certificate verification unit 607 of the providing side certificate verification device 6 receives the certificate verification response message transmitted in step S241 via the communication unit 610 (S242).
 次に、提供側証明書検証装置6の証明書検証部607は、ステップS242において受信した証明書検証応答メッセージの内容を確認することで、検証結果を判断する(S243)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 determines the verification result by checking the content of the certificate verification response message received in step S242 (S243).
 一方、ステップS230において、他の証明書検証装置を利用しない設定になっていた場合、図24のステップS244に進み、提供側証明書検証装置6の証明書検証部607は、利用者証明書の認証パスを構築する(S244)。認証パスの構築に成功した場合はステップS245に進み、認証パスの構築に失敗した場合はステップS251に進む。 On the other hand, if it is determined in step S230 that other certificate verification apparatuses are not used, the process proceeds to step S244 in FIG. 24, and the certificate verification unit 607 of the providing side certificate verification apparatus 6 determines the user certificate. An authentication path is constructed (S244). If the authentication path construction is successful, the process proceeds to step S245, and if the authentication path construction fails, the process proceeds to step S251.
 ステップS245では、提供側証明書検証装置6の証明書検証部607は、構築された認証パスの検証を行う。認証パスの検証に成功した場合はステップS246に進み、認証パスの検証に失敗した場合はステップS251に進む。 In step S245, the certificate verification unit 607 of the providing-side certificate verification device 6 verifies the constructed certification path. If the verification of the authentication path is successful, the process proceeds to step S246. If the verification of the authentication path fails, the process proceeds to step S251.
 ステップS246では、提供側証明書検証装置6の証明書検証部607は、利用者証明書の有効性確認を行うため、有効性確認の対象としている利用者証明書を発行した第一認証局装置3Aに対して有効性確認要求メッセージを送信する(S246)。 In step S246, the certificate verification unit 607 of the providing-side certificate verification apparatus 6 performs the verification of the validity of the user certificate, so that the first certificate authority apparatus that has issued the user certificate that is the target of the validity check A validity check request message is transmitted to 3A (S246).
 次に、第一認証局装置3Aの失効情報提供部310は、通信部314を介して、提供側証明書検証装置6が送信した有効性確認要求を、にて受信する(ステップ7540)。 Next, the revocation information providing unit 310 of the first certificate authority device 3A receives the validity confirmation request transmitted by the providing side certificate verification device 6 via the communication unit 314 (Step 7540).
 そして、第一認証局装置3Aの失効情報提供部310は、失効した利用者証明書を特定する有効性確認情報を含めた有効性確認情報メッセージを生成し、提供側証明書検証装置6に送信する(S248)。 Then, the revocation information providing unit 310 of the first certificate authority device 3A generates a validity check information message including validity check information for specifying the revoked user certificate, and transmits it to the providing side certificate verification device 6. (S248).
 次に、提供側証明書検証装置6の証明書検証部607は、ステップS248において送信された有効性確認情報メッセージを受信する(S249)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 receives the validity check information message transmitted in step S248 (S249).
 次に、提供側証明書検証装置6の証明書検証部607は、ステップS249において受信した有効性確認情報メッセージに基づき、有効性を確認しようとしている証明書が失効していないこと、及び、証明書が有効期間内であることを確認する(S250)。 Next, the certificate verification unit 607 of the providing side certificate verification apparatus 6 confirms that the certificate whose validity is to be verified has not been revoked based on the validity confirmation information message received in step S249, and the certificate It is confirmed that the certificate is within the valid period (S250).
 そして、提供側証明書検証装置6の証明書検証部607は、ステップS250において証明書が有効であると判断された場合には、証明書の検証に成功したと判断する。一方、ステップS244において認証パスの構築に失敗した場合、ステップS245において認証パスの検証に失敗した場合、ステップS250において証明書が無効であると判断された場合には、利用者証明書の検証に失敗したと判断する(S251)。 The certificate verification unit 607 of the providing-side certificate verification device 6 determines that the verification of the certificate has been successful when it is determined in step S250 that the certificate is valid. On the other hand, if certification path construction fails in step S244, certification path validation fails in step S245, or if it is determined in step S250 that the certificate is invalid, user certificate validation is performed. It is determined that the process has failed (S251).
 以上で、証明書の検証処理を完了する。 This completes the certificate verification process.
 なお、以上に記載した実施形態においては、サービス提供者が高い信頼をおいていない認証局が発行した利用者証明書を提示して、サービスの提供を受けようとする際には、サービス提供者が高い信頼をおく認証局が発行した利用者証明書と、サービスの提供を受けようとする際に提示した利用者証明書と、の両方の検証が成功することにより、サービスの提供を可能としているが、これらの利用者証明書の何れか一方の検証が成功した場合には、検証に成功した利用者証明書の信頼度に応じたサービスを提供することは可能である。 In the embodiment described above, when a service provider presents a user certificate issued by a certificate authority that does not have high trust and is about to receive the service, the service provider Service can be provided by successfully verifying both the user certificate issued by the certificate authority with high trust and the user certificate presented when trying to receive the service. However, if any one of these user certificates is successfully verified, it is possible to provide a service according to the reliability of the user certificate that has been successfully verified.
 このような場合には、図16のステップS72において、検証の成功した利用者証明書、検証の成功した利用者証明書の信頼度、または、検証の成功した利用者証明書のドメイン等を特定する情報を検証応答メッセージに含めて送信することで、サービス提供装置4において、検証に成功した利用者証明書の信頼度に応じたサービスの提供を判断することができる。この際、サービス提供装置4には、利用者証明書の信頼度又はドメインと、提供可能なサービスと、を関連付けた情報を記憶部401に記憶しておく。 In such a case, in step S72 of FIG. 16, the user certificate that has been successfully verified, the reliability of the user certificate that has been successfully verified, the domain of the user certificate that has been successfully verified, or the like is specified. By transmitting the information to be included in the verification response message, the service providing apparatus 4 can determine the provision of the service according to the reliability of the user certificate that has been successfully verified. At this time, in the service providing apparatus 4, information in which the reliability or domain of the user certificate is associated with the service that can be provided is stored in the storage unit 401.
 また、以上に記載した実施形態においては、サービスを提供する際に、サービス提供装置4、ユーザ情報管理装置5及び提供側証明書検証装置6で、利用者の検証を行うようにしているが、このような態様に限定されず、これらの装置で行っている処理を一又は複数の装置にまとめ、または、分散させることも可能である。例えば、ユーザ情報管理装置5及び提供側証明書検証装置6で行っている処理を一つの装置で行うことも可能である。 In the embodiment described above, when providing a service, the service providing apparatus 4, the user information management apparatus 5, and the providing side certificate verification apparatus 6 perform user verification. The present invention is not limited to such an embodiment, and the processing performed in these apparatuses can be integrated into one or a plurality of apparatuses or distributed. For example, the processing performed by the user information management device 5 and the provider certificate verification device 6 can be performed by one device.
 さらに、以上に記載した実施形態においては、サービスの提供を受ける利用者が、第一利用者装置1と第二利用者装置2とを使用する例を記載したが、このような例に限られず、一つの装置(例えば、第一利用者装置1)を使用して本実施形態の処理を行うようにすることも可能である。このような場合には、本登録の通知先として当該一つの装置(例えば、第一利用者装置1)の通信アドレスを登録しておけばよい。 Furthermore, in the embodiment described above, the example in which the user who receives the service uses the first user device 1 and the second user device 2 has been described. However, the present invention is not limited to such an example. It is also possible to perform the processing of this embodiment using a single device (for example, the first user device 1). In such a case, the communication address of the one device (for example, the first user device 1) may be registered as the notification destination of the main registration.
100 通信システム
1 第一利用者装置
101 記憶部
102 制御部
111 利用者認証用デバイス入出力部
120 利用者認証用デバイス
121 記憶部
125 制御部
2 第二利用者装置
201 記憶部
205 制御部
3 認証局装置
301 記憶部
307 制御部
4 サービス提供装置
401 記憶部
405 制御部
5 ユーザ情報管理装置
501 記憶部
504 制御部
6 提供側証明書検証装置
601 記憶部
605 制御部
7A 第一証明書検証装置
7B 第二証明書検証装置 100 Communication System 1 First User Device 101 Storage Unit 102 Control Unit 111 User Authentication Device Input / Output Unit 120 User Authentication Device 121 Storage Unit 125 Control Unit 2 Second User Device 201 Storage Unit 205 Control Unit 3 Authentication Station device 301 Storage unit 307 Control unit 4 Service providing device 401 Storage unit 405 Control unit 5 User information management device 501 Storage unit 504 Control unit 6 Providing side certificate verification device 601 Storage unit 605 Control unit 7A First certificate verification device 7B Second certificate verification device

Claims (13)

  1.  利用者装置と、当該利用者装置にサービスを提供するサービス提供装置と、を備える通信システムであって、
     前記サービス提供装置の制御部は、
     前記利用者装置から、第一の秘密鍵で署名された署名データと、当該第一の秘密鍵とペアをなす第一の公開鍵の公開鍵証明書である第一の利用者証明書と、が送られてきた場合には、当該署名データ及び当該第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供し、
     前記利用者装置から、前記第一の秘密鍵とは異なる第二の秘密鍵で署名された署名データと、当該第二の秘密鍵とペアをなす第二の公開鍵の公開鍵証明書である第二の利用者証明書と、が送られてきた場合には、当該第二の利用者証明書に関連付けられている第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供すること、
     を特徴とする通信システム。     A communication system comprising a user device and a service providing device that provides a service to the user device,
    The control unit of the service providing device includes:
    A signature data signed with a first private key from the user device, a first user certificate that is a public key certificate of a first public key paired with the first private key; Is sent to the user device by successfully verifying the signature data and the first user certificate,
    A signature data signed with a second secret key different from the first secret key from the user device and a public key certificate of a second public key paired with the second secret key When the second user certificate is sent, the user device is verified by successfully verifying the first user certificate associated with the second user certificate. Providing services to,
    A communication system.
  2.  請求項1に記載の通信システムであって、
     前記サービス提供装置の制御部は、
     前記利用者装置から、第二の秘密鍵で署名された署名データと、当該第二の秘密鍵とペアをなす第二の公開鍵の公開鍵証明書である第二の利用者証明書と、が送られてきた場合には、当該第二の利用者証明書に関連付けられている第一の利用者証明書、当該署名データ及び当該第二の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供すること、
     を特徴とする通信システム。     The communication system according to claim 1,
    The control unit of the service providing device includes:
    A signature data signed with a second private key from the user device, and a second user certificate that is a public key certificate of a second public key paired with the second private key; Is successfully sent, the first user certificate associated with the second user certificate, the signature data, and the second user certificate are successfully verified, Providing a service to the user device;
    A communication system.
  3.  請求項1に記載の通信システムであって、
     前記第一の利用者証明書は、前記第二の利用者証明書よりも信頼性が高いものとして、前記サービス提供装置において予め定められたものであること、
     を特徴とする通信システム。     The communication system according to claim 1,
    The first user certificate is predetermined in the service providing apparatus as having higher reliability than the second user certificate;
    A communication system.
  4.  請求項3に記載の通信システムであって、
     前記第一の利用者証明書と、前記第二の利用者証明書は、発行する認証局が異なるものであること、
     を特徴とする通信システム。     A communication system according to claim 3,
    The first user certificate and the second user certificate are issued by different certificate authorities,
    A communication system.
  5.  請求項1に記載の通信システムであって、
     前記サービス提供装置からの要請に応じて利用者証明書の検証をおこなう証明書検証装置をさらに備え、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、前記第一の利用者証明書の検証の要請を受けた場合には、前記第一の利用者証明書の検証を行い、
     前記サービス提供装置より、前記第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書の検証を行うこと、
     を特徴とする通信システム。     The communication system according to claim 1,
    A certificate verification device for verifying a user certificate in response to a request from the service providing device;
    The control unit of the certificate verification device includes:
    When receiving a request for verifying the first user certificate from the service providing device, verifying the first user certificate,
    When a request for verification of the second user certificate is received from the service providing device, verification of the first user certificate associated with the second user certificate is performed. ,
    A communication system.
  6.  請求項5に記載の通信システムであって、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、前記第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書及び前記第二の利用者証明書の検証を行うこと、
     を特徴とする通信システム。     The communication system according to claim 5, wherein
    The control unit of the certificate verification device includes:
    When a request for verification of the second user certificate is received from the service providing apparatus, the first user certificate associated with the second user certificate and the second user certificate Verifying user certificates,
    A communication system.
  7.  請求項5に記載の通信システムであって、
     前記利用者装置を利用する利用者毎に、当該利用者が使用する第一の利用者証明書と、当該第一の利用者証明書に関連付けられた第二の利用者証明書と、を特定するユーザ情報を記憶する記憶部を有するユーザ情報管理装置をさらに備え、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、前記第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書を前記ユーザ情報管理装置より取得して、取得した第一の利用者証明書を検証すること、
     を特徴とする通信システム。     The communication system according to claim 5, wherein
    For each user who uses the user device, the first user certificate used by the user and the second user certificate associated with the first user certificate are identified. A user information management device having a storage unit for storing user information to be
    The control unit of the certificate verification device includes:
    When a request for verification of the second user certificate is received from the service providing device, the first user certificate associated with the second user certificate is stored in the user information management Obtain from the device and verify the obtained first user certificate,
    A communication system.
  8.  サービス提供装置からの要請に応じて利用者証明書の検証をおこなう証明書検証装置であって、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、第一の利用者証明書の検証の要請を受けた場合には、前記第一の利用者証明書の検証を行い、
     前記サービス提供装置より、前記第一の利用者証明書とは異なる第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書の検証を行うこと、
     を特徴とする証明書検証装置。     A certificate verification device that verifies a user certificate in response to a request from a service providing device,
    The control unit of the certificate verification device includes:
    When a request for verification of the first user certificate is received from the service providing apparatus, the first user certificate is verified,
    When a request for verification of a second user certificate different from the first user certificate is received from the service providing apparatus, the first associated with the second user certificate Verifying user certificates for
    A certificate verification device characterized by
  9.  請求項8に記載の証明書検証装置であって、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、前記第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書及び前記第二の利用者証明書の検証を行うこと、
     を特徴とする証明書検証装置。     The certificate verification device according to claim 8, comprising:
    The control unit of the certificate verification device includes:
    When a request for verification of the second user certificate is received from the service providing apparatus, the first user certificate associated with the second user certificate and the second user certificate Verifying user certificates,
    A certificate verification device characterized by
  10.  請求項8に記載の証明書検証装置であって、
     前記利用者装置を利用する利用者毎に、当該利用者が使用する第一の利用者証明書と、当該第一の利用者証明書に関連付けられた第二の利用者証明書と、を特定するユーザ情報を記憶する記憶部を有し、
     前記証明書検証装置の制御部は、
     前記サービス提供装置より、前記第二の利用者証明書の検証の要請を受けた場合には、前記第二の利用者証明書に関連付けられている第一の利用者証明書を前記記憶部より取得して、取得した第一の利用者証明書を検証すること、
     を特徴とする証明書検証装置。     The certificate verification device according to claim 8, comprising:
    For each user who uses the user device, the first user certificate used by the user and the second user certificate associated with the first user certificate are identified. A storage unit for storing user information
    The control unit of the certificate verification device includes:
    When a request for verification of the second user certificate is received from the service providing device, the first user certificate associated with the second user certificate is received from the storage unit. Obtain and verify the obtained first user certificate,
    A certificate verification device characterized by
  11.  請求項8に記載の証明書検証装置であって、
     前記第一の利用者証明書は、前記第二の利用者証明書よりも信頼性が高いものとして、前記サービス提供装置において予め定められたものであること、
     を特徴とする証明書検証装置。     The certificate verification device according to claim 8, comprising:
    The first user certificate is predetermined in the service providing apparatus as having higher reliability than the second user certificate;
    A certificate verification device characterized by
  12.  請求項11に記載の証明書検証装置であって、
     前記第一の利用者証明書と、前記第二の利用者証明書は、発行する認証局が異なるものであること、
     を特徴とする証明書検証装置。     The certificate verification device according to claim 11, comprising:
    The first user certificate and the second user certificate are issued by different certificate authorities,
    A certificate verification device characterized by
  13.  利用者装置と、当該利用者装置にサービスを提供するサービス提供装置と、を備える通信システムで行うサービス提供方法であって、
     前記サービス提供装置の制御部が、前記利用者装置から、第一の秘密鍵で署名された署名データと、当該第一の秘密鍵とペアをなす第一の公開鍵の公開鍵証明書である第一の利用者証明書と、が送られてきた場合には、当該署名データ及び当該第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供する過程と、
     前記サービス提供装置の制御部が、前記利用者装置から、前記第一の秘密鍵とは異なる第二の秘密鍵で署名された署名データと、当該第二の秘密鍵とペアをなす第二の公開鍵の公開鍵証明書である第二の利用者証明書と、が送られてきた場合には、当該第二の利用者証明書に関連付けられている第一の利用者証明書の検証が成功することにより、前記利用者装置にサービスを提供する過程と、を備えること、
     を特徴とするサービス提供方法。     A service providing method performed by a communication system comprising a user device and a service providing device that provides a service to the user device,
    The control unit of the service providing device is signature data signed with a first secret key from the user device and a public key certificate of a first public key paired with the first secret key. A process of providing a service to the user device by successfully verifying the signature data and the first user certificate when the first user certificate is sent;
    The control unit of the service providing apparatus receives from the user device a signature data signed with a second secret key different from the first secret key and a second pair that is paired with the second secret key. When a second user certificate that is a public key certificate of the public key is sent, the first user certificate associated with the second user certificate is verified. Providing a service to the user device by success, and
    A service providing method characterized by the above.
PCT/JP2010/052213 2009-03-19 2010-02-15 Communication system, certificate verifying apparatus, and service providing method WO2010106860A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2009-067737 2009-03-19
JP2009067737A JP5425496B2 (en) 2009-03-19 2009-03-19 Communication system, certificate verification apparatus, and service providing method

Publications (2)

Publication Number Publication Date
WO2010106860A1 true WO2010106860A1 (en) 2010-09-23
WO2010106860A9 WO2010106860A9 (en) 2010-12-16

Family

ID=42739526

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2010/052213 WO2010106860A1 (en) 2009-03-19 2010-02-15 Communication system, certificate verifying apparatus, and service providing method

Country Status (2)

Country Link
JP (1) JP5425496B2 (en)
WO (1) WO2010106860A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012100188A (en) * 2010-11-05 2012-05-24 Tokai Rika Co Ltd Authentication system
JP5743946B2 (en) * 2012-04-06 2015-07-01 株式会社日立製作所 Service providing apparatus, joint signature verification apparatus, user identification / authentication method and program
US8732807B2 (en) * 2012-04-09 2014-05-20 Medium Access Systems Private Ltd. Method and system using a cyber ID to provide secure transactions
JP5899351B2 (en) * 2015-04-20 2016-04-06 株式会社日立製作所 Certificate authority apparatus, certificate update apparatus, and certificate management method
JP6910894B2 (en) * 2017-09-01 2021-07-28 キヤノン株式会社 Information processing equipment, control methods, and programs
JP7306170B2 (en) 2019-09-03 2023-07-11 富士通株式会社 Communication program and communication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006311425A (en) * 2005-05-02 2006-11-09 Kddi Corp Method and system for user authentication
JP2007184993A (en) * 2007-04-06 2007-07-19 Hitachi Ltd Key distribution method and system for encryption communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006311425A (en) * 2005-05-02 2006-11-09 Kddi Corp Method and system for user authentication
JP2007184993A (en) * 2007-04-06 2007-07-19 Hitachi Ltd Key distribution method and system for encryption communication

Also Published As

Publication number Publication date
JP2010220175A (en) 2010-09-30
JP5425496B2 (en) 2014-02-26
WO2010106860A9 (en) 2010-12-16

Similar Documents

Publication Publication Date Title
JP5329184B2 (en) Public key certificate verification method and verification server
JP5153591B2 (en) Authentication mediation server, program, authentication system, and selection method
US9973487B2 (en) Authentication method
US8352743B2 (en) Client device, key device, service providing apparatus, user authentication system, user authentication method, program, and recording medium
JP6285454B2 (en) Entity network translation (ENT)
JP2021526341A (en) Digital certificate management methods, devices, computer devices and computer programs
JP2021517412A (en) Digital certificate verification methods and their devices, computer equipment and computer programs
JP5425496B2 (en) Communication system, certificate verification apparatus, and service providing method
EP3593482A1 (en) Secure de-centralized domain name system
KR102118962B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
JP5462021B2 (en) Authentication system, authentication method, and authentication program
JP6372809B2 (en) Authentication system, authentication method, and authentication apparatus
JP2011238083A (en) Authentication cooperation apparatus and program for the same, device authentication apparatus and program for the same, and authentication cooperation system
KR102118935B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
Lee et al. Firmware verification of embedded devices based on a blockchain
KR100844436B1 (en) Local distributed CA system based on local PKI
KR102118947B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
JP4846464B2 (en) System for issuing and verifying multiple public key certificates, and method for issuing and verifying multiple public key certificates
JP2004214751A (en) Certificate route information management system and certificate route management method
CN115694847A (en) Equipment management method, system and device
KR20200083396A (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
CN114938278B (en) Zero-trust access control method and device
JP2006074425A (en) Public key certificate verification device, public key certificate verification method, and program
KR102118921B1 (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network
KR20200130191A (en) Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10753355

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10753355

Country of ref document: EP

Kind code of ref document: A1