WO2014030669A1 - Authentication system, management device, and authentication method - Google Patents

Authentication system, management device, and authentication method Download PDF

Info

Publication number
WO2014030669A1
WO2014030669A1 PCT/JP2013/072285 JP2013072285W WO2014030669A1 WO 2014030669 A1 WO2014030669 A1 WO 2014030669A1 JP 2013072285 W JP2013072285 W JP 2013072285W WO 2014030669 A1 WO2014030669 A1 WO 2014030669A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
communication device
authentication
connection request
network
Prior art date
Application number
PCT/JP2013/072285
Other languages
French (fr)
Japanese (ja)
Inventor
和紀 宮澤
征世 秋定
康樹 櫻井
Original Assignee
横河電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 横河電機株式会社 filed Critical 横河電機株式会社
Publication of WO2014030669A1 publication Critical patent/WO2014030669A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the present invention relates to an authentication system, a management apparatus, and an authentication method for authenticating a communication device connected to a network.
  • This application claims priority based on Japanese Patent Application No. 2012-182297 for which it applied to Japan on August 21, 2012, and uses the content here.
  • DCS Distributed Control System
  • field devices measuring instruments, operation devices
  • a control device that controls these devices
  • communication means Most communication systems that form the basis of such a distributed control system perform communication by wire.
  • wireless communication conforming to industrial wireless communication standards such as ISA100.11a and WirelessHART (registered trademark) has been realized.
  • the above communication system is provided with an authentication system for authenticating a communication device connected to a wired or wireless network using PKI (Public Key Infrastructure) in order to ensure security.
  • PKI Public Key Infrastructure
  • the communication device can be connected to the wireless network if the communication device (wireless device) is disposed within the radio wave arrival area. Therefore, in a communication system that performs communication via a wireless network, the above authentication system is essential from the viewpoint of ensuring security.
  • the above-described authentication system includes a management apparatus that manages a certificate issued by a trusted certificate authority (CA) and authenticates a communication device using the certificate. Specifically, this management apparatus verifies the validity of the certificate presented by the communication device using the certificate managed by itself, and then performs data exchange with the communication device using a challenge / response method. (Message) is sent and received. As a result, the management apparatus authenticates the communication device.
  • CA trusted certificate authority
  • a first method (PiggyBack method) and a second method (anonymous connection method) are examples of methods by which the communication device presents a certificate to the management apparatus.
  • a certificate is presented together with a connection request (join request) to the network.
  • a certificate is presented during anonymous connection to the network.
  • Patent Document 1 discloses a challenge / response authentication method using a conventional PKI, which is not used in an authentication system provided in a plant or factory.
  • the certificate granted to the communication device (communication device authenticated by the management apparatus of the authentication system) from the above-mentioned certificate authority is generally set with an expiration date in order to increase security.
  • an expiration date When a certificate with such an expiration date is used, it is necessary to update the certificate by secure communication (secure communication) via the network before the expiration date elapses.
  • a wireless network compliant with the above-described wireless communication standard ISA100.11a or the like is formed by a wireless device (wireless field device) that performs intermittent operation using a battery as a power source, a wireless router, or the like. Therefore, it has the characteristic that it is power saving and low speed (the communication band is narrow). Due to such characteristics, the size of a packet transmitted / received via the wireless network is limited to about 100 bytes (for example, 128 bytes). Data indicating the process amount such as pressure, flow rate, temperature, etc. measured by the wireless device is communicated in units of this packet.
  • the certificate used for authentication of the wireless device has a data amount of about several kilobytes or more, and the data amount is larger than the data indicating the process amount. For this reason, in order to transmit a certificate from a wireless device to a management apparatus, many resources are required. For this reason, resources of a wireless device such as a wireless router arranged on a communication path between the wireless device that transmits the certificate and the management apparatus are consumed. Accordingly, there is a possibility that the replacement time of the battery is advanced, or that the data transmission of the original process amount is hindered.
  • the present invention provides an authentication system, a management apparatus, and an authentication method capable of simplifying management of a certificate used for authentication of a communication device and reducing resources required for certificate transmission / reception.
  • a database storing a first certificate used for authenticating a communication device connected to the first network, and when there is a connection request from the communication device.
  • a management apparatus that reads a first certificate for authenticating the communication device that has made the connection request from the database, and uses the first certificate to authenticate the communication device that has made the connection request; It is an authentication system provided with.
  • the first certificate for authenticating the communication device that has made the connection request is read from the database and read.
  • the management device authenticates the communication device that has made a connection request using the first certificate.
  • the first certificate stored in the database may be verified using a second certificate for verifying the first certificate.
  • the server further includes a server device connected to the management device via a second network different from the first network and providing information stored in the database.
  • the device may obtain the first certificate stored in the database from the server device.
  • a certificate authority server device that issues the first certificate stored in the database may be further provided.
  • the first certificate is assigned to the communication device, and the management device authenticates the communication device that has made the connection request. If one certificate is not stored in the database, the first certificate given to the communication device that has made the connection request is acquired, and authentication of the communication device that has made the connection request May be performed.
  • the first network may be a wireless network
  • the second network may have a wider communication band than the first network
  • the database stores the first certificate and an identifier that uniquely identifies the communication device in association with each other, and the management device receives the communication device from the communication device, A communication unit that receives the connection request and an identifier that uniquely identifies the communication device; a control unit that reads the first certificate associated with the identifier received by the communication unit from the database; A controller that authenticates the communication device that has made the connection request using the first certificate read by the controller.
  • the authentication unit encrypts the first message using a first public key included in the first certificate, and the communication unit encrypts the authentication unit.
  • the first message is transmitted to the communication device, the communication unit receives the second message encrypted using a second public key from the communication device, and the authentication unit receives the second message.
  • the message may be decrypted using a secret key, and the communication device may be authenticated based on whether the first message matches the second message.
  • the communication device may not hold the first certificate.
  • the first certificate stored in the database may include a public key, and a secret key corresponding to the public key may be held by the communication device. .
  • an expiration date is set for the first certificate, and before the expiration date, the database has the first certificate with a new expiration date set. It may be updated to a certificate.
  • the management device may authenticate the communication device using a challenge / response method.
  • the management apparatus when the authentication of the communication device is successful, accepts the connection request from the communication device and connects the communication device to the first network. May be.
  • the management device rejects the connection request from the communication device, and the communication device May not be connected to the first network.
  • the management device may not receive the first certificate from the communication device.
  • the management apparatus receives an anonymous connection request as a connection request from the communication device, causes the communication device to anonymously connect to the first network, and performs the communication.
  • the management device may switch the communication device from an anonymous connection to a regular connection and connect the communication device to the first network.
  • the management apparatus may disconnect the anonymous connection of the communication device from the first network.
  • the management apparatus when receiving a connection request from the communication device, may verify the first certificate using the second certificate.
  • the communication unit that receives a connection request from a communication device connected to a network, and the communication unit that performs the connection request when the communication unit receives the connection request.
  • a control unit that reads a first certificate for authenticating the communication device from a database, and an authentication unit that authenticates the communication device that has transmitted the connection request using the first certificate read by the control unit
  • a management device comprising:
  • a third aspect of the present invention is the first certificate used for receiving a connection request from a communication device connected to a network and authenticating the communication device when the connection request is received.
  • the first certificate for authenticating the communication device that has made the connection request is read from the database that stores the connection request, and the communication device that has made the connection request is authenticated using the read first certificate. This is the authentication method to be performed.
  • the first certificate for authenticating the communication device that has made the connection request is read from the database, and the read first certificate is It authenticates the communication device that made the connection request. For this reason, since the management of the first certificate for authenticating the communication device only needs to manage the certificate stored in the database, the management of the certificate used for authentication of the communication device can be simplified. In addition, since the certificate is not transmitted / received to / from the communication device that has made the connection request, resources required for the certificate transmission / reception can be reduced.
  • FIG. 1 is a block diagram showing the overall configuration of an authentication system 1 according to the first embodiment of the present invention.
  • the authentication system 1 of the first embodiment includes wireless devices 10a to 10c (communication devices), wireless routers 20a and 20b, a backbone router 30, a system manager 40a (management device), and an authentication database 50 (database). ).
  • the system manager 40a uses the authentication database 50 to authenticate the wireless devices 10a to 10c connected to the wireless network N1 (network).
  • the numbers of the wireless devices 10a to 10c and the wireless routers 20a and 20b shown in FIG. 1 are arbitrary.
  • the wireless network N1 is a wireless network having the characteristics of power saving and low speed (communication band is narrower than a predetermined value).
  • the backbone network N2 to which the backbone router 30 and the system manager 40a are connected is a wired or wireless network serving as the backbone of the authentication system 1 having the characteristic that it is a broadband (communication band is wider than a predetermined value).
  • the wireless devices 10a to 10c are wireless field devices installed in plants or factories such as sensor devices such as flow meters and temperature sensors, valve devices such as flow control valves and on-off valves, and actuator devices such as fans and motors. . These wireless devices 10a to 10c perform intermittent operation using a battery as a power source, and perform wireless communication conforming to ISA100.11a which is a wireless communication standard for industrial automation.
  • the wireless devices 10a to 10c cannot be properly connected to the wireless network N1 unless authenticated by the system manager 40a. Therefore, certificates C11 to C13 (see FIG. 2) indicating that the wireless devices 10a to 10c themselves are legitimate wireless devices are prepared in advance. Although details will be described later, since the certificates C11 to C13 are stored in the authentication database 50, they are not necessarily held in the wireless devices 10a to 10c.
  • the wireless routers 20a and 20b perform wireless communication conforming to the wireless communication standard ISA100.11a with the wireless devices 10a to 10c and the backbone router 30. That is, the wireless routers 20a and 20b relay data transmitted and received between the wireless devices 10a to 10c and the backbone router 30. These wireless routers 20a and 20b also perform intermittent operation using a battery as a power source, similarly to the wireless devices 10a to 10c.
  • the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30 are wirelessly connected to each other, thereby forming a star-mesh wireless network N1.
  • wireless devices having the functions (relay function) of the wireless routers 20a and 20b may be provided.
  • the backbone router 30 connects the wireless network N1 and the backbone network N2, and relays various data transmitted and received between the wireless devices 10a to 10c and the system manager 40a.
  • the backbone router 30 operates continuously with, for example, DC power supplied from the backbone network N2 or DC power supplied via a path different from the backbone network N2.
  • the backbone router 30 performs wireless communication conforming to the wireless communication standard ISA100.11a.
  • the system manager 40a operates continuously with, for example, power supplied from a commercial power source, and manages and controls the authentication system 1 in an integrated manner.
  • the system manager 40a controls wireless communication performed via the wireless network N1.
  • the system manager 40a performs assignment control of wireless communication resources (time slots and communication channels) to the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30.
  • the system manager 40a realizes wireless communication by TDMA (Time Division Multiple Access) via the wireless network N1.
  • TDMA Time Division Multiple Access
  • the system manager 40a authenticates the wireless devices 10a to 10c connected to the wireless network N1 using the certificates C11 to C13 and the certificate C20 (see FIG. 2) stored in the authentication database 50. Specifically, when there is a connection request from the wireless devices 10a to 10c, the system manager 40a converts the certificates C11 to C13 (see FIG. 2) stored in the authentication database 50 into the certificate C20 (see FIG. 2). ) To verify. Thereafter, the system manager 40a authenticates the wireless devices 10a to 10c that have made connection requests by the challenge / response method. As shown in FIG. 1, the system manager 40 a includes a communication unit 41, a control unit 42 a, and an authentication unit 43.
  • the communication unit 41 receives connection requests from the wireless devices 10a to 10c connected to the wireless network N1.
  • the control unit 42a uses a certificate (for example, the certificate C11) for authenticating the wireless device (for example, the wireless device 10a) that has made the connection request, as an authentication database 50. Read from.
  • the authentication unit 43 authenticates the wireless device (for example, the wireless device 10a) that transmitted the connection request, using the certificate (for example, the certificate C11) read by the control unit 42a.
  • the authentication database 50 is a database in which information necessary for authenticating the wireless devices 10a to 10c is stored. Specifically, the authentication database 50 stores certificates C11 to C13 (first certificate: see FIG. 2) and certificate C20 (second certificate: see FIG. 2). Certificates C11 to C13 are certificates for the wireless devices 10a to 10c.
  • the certificate C20 is a certificate issued by a trusted certificate authority, and is a certificate C20 (second certificate: see FIG. 2) used to verify the certificates C11 to C13.
  • the certificates C11 to C13 for the wireless devices 10a to 10c are stored in the authentication data database 50 in association with an identifier (for example, EUI64 address) that uniquely identifies the wireless devices 10a to 10c.
  • an identifier for example, EUI64 address
  • the certificates C11 to C13 for the wireless devices 10a to 10c are originally held in the wireless devices 10a to 10c, respectively.
  • the certificates C11 to C13 are stored in the authentication database 50 and are not held in the wireless devices 10a to 10c. This is to simplify the management of certificates for the wireless devices 10a to 10c. Another reason is to eliminate resources necessary for transmitting and receiving the certificates C11 to C13 by eliminating transmission and reception of the certificates C11 to C13 via the wireless network N1.
  • FIG. 2 is a diagram for explaining a PKI (Public Key Infrastructure) used in the first embodiment of the present invention.
  • the certificates C11 to C13 for the wireless devices 10a to 10c and the certificate C20 used to verify these certificates C11 to C13 are requested to be issued by the system manager 40a to the certificate authority 60.
  • the certificate authority 60 issues certificates C11 to C13 and a certificate C20 to the system manager 40a (P12).
  • the certificate authority 60 is a certificate authority that the system manager 40a can trust, for example, a public certificate authority.
  • the certificates C11 to C13 and certificate C20 issued by the certificate authority 60 are stored in the authentication database 50.
  • the certificates C11 to C13 for the wireless devices 10a to 10c may be stored in the authentication database 50 and held in the wireless devices 10a to 10c, respectively.
  • the certificate C11 is transmitted from the certificate authority 60 to the wireless device 10a (P13).
  • the certificates C11 to C13 and the certificate C20 include different public keys.
  • the private keys corresponding to the public keys included in the certificates C11 to C13 are held in the wireless devices 10a to 10c, respectively.
  • the private key corresponding to the public key included in the certificate C20 is held in the certificate authority 60 and is strictly managed.
  • the authentication of the wireless device 10a using the certificate C11 and the certificate 20 stored in the authentication database 50 is performed by the system manager 40a. (P14).
  • the wireless device 10b is authenticated using the certificate C12 and the certificate 20 stored in the authentication database 50.
  • the wireless device 10c is authenticated using the certificate C13 and the certificate 20 stored in the authentication database 50.
  • FIG. 3 is a diagram showing an example of a method for incorporating the certificates C11 to C13 in the first embodiment of the present invention.
  • a wireless network N1 realized in a plant or factory is different from a general network such as the Internet.
  • the wireless network N1 is designed by carefully planning the installation location, number, type, and the like of the devices (the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30) that constitute the wireless network N1. For this reason, when the design of the wireless network N1 is completed, a wireless device that needs to be connected to the wireless network N1 is determined, and a certificate necessary for the authentication is also determined.
  • the vendor V of the wireless device issues a certificate C11 to C13 and a certificate C20 for the wireless devices 10a to 10c that need to be connected to the wireless network N1 to the certificate authority 60.
  • Request the certificate authority 60 issues certificates C11 to C13 and a certificate C20 for the wireless devices 10a to 10c (P21).
  • the vendor V incorporates the certificates C11 to C13 into the wireless devices 10a to 10c, respectively (P22).
  • the vendor V copies the certificates C11 to C13 and the certificate C20 to a computer-readable recording medium M such as a CD-ROM or DVD (registered trademark) -ROM (P23). Then, the vendor V transfers the wireless device (in the example shown in FIG. 3, the wireless device 10a) whose certificate has been installed to the user U (for example, a person who operates the authentication system 1 in a plant or factory). Ship (P24). The vendor V sends the recording medium M on which the certificates C11 to C13 and the certificate C20 are recorded to the user U (P25).
  • a computer-readable recording medium M such as a CD-ROM or DVD (registered trademark) -ROM
  • the user U installs the wireless device 10a sent from the vendor V at a position defined in the design stage, and the certificates C11 to C13 and the certificate C20 recorded on the recording medium M sent from the vendor V. Is incorporated into the system manager 40a (P26). Since the certificate C20 is data serving as a basis for maintaining the reliability of the authentication system 1, the integrity (integrity) of the certificate C20 is confirmed using a secure method and is incorporated in the system manager 40a.
  • the certificates C11 to C13 incorporated in the system manager 40a are stored in the authentication data database 50 in association with identifiers that uniquely identify the wireless devices 10a to 10c.
  • the certificate C20 incorporated in the system manager 40a is stored alone in the authentication data database 50. In this manner, the certificates C11 to C13 and the certificate C20 are incorporated into the authentication database 50.
  • the user U requests the vendor V with reference to the network design document ND of the wireless network N1 (P27), it is a certificate of the wireless device to be connected to the wireless network N1, and is stored in the authentication database 50. It is possible to obtain what is not stored.
  • an expiration date is set for the certificates C11 to C13, the certificate C11 to C13 or a certificate in which a new expiration date is set by the user U requesting the vendor V before the expiration date is expired.
  • the certificates C11 to C13 or the certificate C20 stored in the authentication database 50 can be updated. Since the certificates C11 to C13 and the certificate C20 may be disclosed, the route through which the user U obtains the recording medium M from the vendor V can be selected as appropriate.
  • the operation of the authentication system 1 is an operation when a certificate is presented by a method according to the PiggyBack method (first operation) and an operation when a certificate is presented by the anonymous connection method. (Second operation). Below, these 1st, 2nd operation
  • FIG. 4 is a flowchart showing a first operation of the authentication system 1 according to the first embodiment of the present invention.
  • FIG. 5 is a timing chart showing the first operation of the authentication system 1. As shown in FIGS. 4 and 5, first, an offline operation for preparing a certificate used for authenticating the wireless device 10a is performed (step S10). Next, an online operation for authenticating the wireless device 10a using the certificate prepared in the offline mode is performed (step S20).
  • step S11 the process of acquiring the certificate C20 issued by the certificate authority 60 and storing it in the authentication database 50 is performed by the control unit 42a of the system manager 40a (step S11).
  • the control unit 42a of the system manager 40a reads the certificate C20 recorded on the recording medium M (recording medium M sent from the vendor V) described with reference to FIG. Done.
  • Step S12 processing for obtaining the certificates C11 to C13 issued by the certificate authority 60 and verifying the validity of these certificates C11 to C13 using the certificate C20 is performed by the control unit 42a of the system manager 40a (Ste S12).
  • the certificates C11 to C13 recorded on the recording medium M described with reference to FIG. 3 are read, and the certificate C20 stored in the authentication database 50 in the process of step S11.
  • the control unit 42a of the system manager 40a performs processing for verifying the validity of the certificates C11 to C13 using the certificate C20.
  • step S13 whether or not the certificates C11 to C13 are valid is determined by the control unit 42a of the system manager 40a (step S13). If the control unit 42a of the system manager 40a determines that the certificates C11 to C13 are invalid (when the determination result is “NO”), the series of processing illustrated in FIG. 4 ends. On the other hand, when the control unit 42a of the system manager 40a determines that the certificates C11 to C13 are valid (when the determination result is “YES”), the identifier uniquely identifies the wireless devices 10a to 10c. A process of storing the certificates C11 to C13 in association with each other in the authentication database 50 is performed by the control unit 42a (step S14). When the above processing is completed, the offline operation is terminated and the online operation is started.
  • the system manager 40a waits to receive a connection request via the wireless network N1 based on the control of the control unit 42a (step S21). In this state, if a connection request for the wireless network N1 is transmitted from the wireless device 10a, the connection request is received by the communication unit 41 of the system manager 40a (step S22).
  • a certificate for the wireless device 10a is transmitted from the wireless device 10a to the system manager 40a together with the connection request.
  • the connection request is made without sending the certificate. Only sent. For this reason, the communication unit 41 of the system manager 22 receives only the connection request for the wireless device 10a.
  • the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23).
  • the identifier of the wireless device 10a used when searching the authentication database 50 is transmitted from the wireless device 10a along with the connection request.
  • the authentication unit 43 of the system manager 40a transmits / receives data (message) to / from the wireless device 10a by the challenge / response method. Authentication is performed (step S24). Specifically, first, the authentication unit 43 of the system manager 40a encrypts a special message using the public key included in the certificate C11 read from the authentication database 50 in step S23, and the encrypted message is The communication unit 41 transmits the wireless device 10a via the wireless network N1 (challenge).
  • the wireless device 10a When receiving the message transmitted from the communication unit 41 of the system manager 40a, the wireless device 10a decrypts the message using the private key held by itself. Since the message from the system manager 40a is encrypted using the public key included in the certificate C11 for the wireless device 10a, it can be decrypted only with the private key held in the wireless device 10a. .
  • the wireless device 10a When the message from the system manager 40a is decrypted, the wireless device 10a presents the decrypted message to the system manager 40a in a secure manner (response). For example, the wireless device 10a encrypts a message (decrypted message) using the public key of the system manager 40a, and transmits the encrypted message to the system manager 40a.
  • the message transmitted from the wireless device 10a to the system manager 40a can be decrypted only with the private key held and managed by the system manager 40a. Therefore, the wireless device 10a can present the decrypted message to the system manager 40a in a secure manner.
  • the wireless device 10a regards a part of the decrypted message as a target key and encrypts the decrypted message or a part of the message with the key, thereby presenting the decrypted message or the message part to the system manager 40a in a secure manner. it can.
  • the authentication unit 43 of the system manager 40a determines whether or not the authentication of the wireless device 10a is successful from the content of the message transmitted to the wireless device 10a (Ste S25). Specifically, whether or not the wireless device 10a has been successfully authenticated depends on whether or not the message transmitted to the wireless device 10a matches the message presented from the wireless device 10a according to a predetermined verification rule. The authentication unit 43 determines whether or not.
  • step S25 When the authentication unit 43 determines that the authentication is successful (when the determination result of step S25 is “YES”), the control unit 42a of the system manager 40a accepts a connection request from the wireless device 10a, and the communication unit 41 Notifies the wireless device 10a of an authentication result indicating that the authentication is successful (step S26).
  • the wireless device 10a is normally connected to the wireless network N1, and communication via the wireless network N1 becomes possible under the management of the system manager 40a.
  • step S25 determines that the authentication has failed (when the determination result of step S25 is “NO”)
  • the control unit 42a of the system manager 40a rejects the connection request from the wireless device 10a.
  • the communication unit 41 notifies the wireless device 10a of an authentication result indicating that the authentication has failed (step S27).
  • FIG. 6 is a flowchart showing a second operation of the authentication system 1 according to the first embodiment of the present invention.
  • FIG. 7 is a timing chart showing the second operation of the authentication system 1. 6 and 7, the same reference numerals are given to steps in which the same processes as those shown in FIGS. 4 and 5 are performed.
  • an offline operation is first performed (step S10), and then an online operation is performed (step S20).
  • step S10 an offline operation
  • step S20 an online operation
  • description of the offline operation is omitted below, and only the online operation is described.
  • the system manager 40a waits to receive a connection request via the wireless network N1 based on the control of the control unit 42a (step S21).
  • the anonymous connection request is received and accepted by the communication unit 41 of the system manager 40a, and based on the control of the control unit 42a.
  • An anonymous connection is established between the wireless device 10a and the system manager 40a (step S31).
  • the certificate is not sent from the wireless device 10a to the system manager 40a.
  • the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23). Note that the identifier of the wireless device 10 a used when searching the authentication database 50 is transmitted from the wireless device 10 a accompanying the anonymous connection request and received by the communication unit 41.
  • control unit 42a When the control unit 42a reads the certificate C11 for the wireless device 10a, the control unit 42a of the system manager 40a transmits / receives data (message) to / from the wireless device 10a via the communication unit 41 by the challenge / response method. Then, the authentication of the wireless device 10a is performed by the authentication unit 43 (step S24). Note that the authentication of the wireless device 10a by the challenge / response method is performed by the same processing as the first operation, and thus detailed description thereof is omitted.
  • the system manager 40a determines whether or not the authentication of the wireless device 10a is successful (Step S25).
  • the authentication unit 43 determines that the authentication is successful (when the determination result is “YES”)
  • the control unit 42a of the system manager 40a authenticates the anonymous connection established with the wireless device 10a.
  • Processing for switching to connection is performed (step S32).
  • the wireless device 10a is normally connected to the wireless network N1, and communication via the wireless network N1 becomes possible under the management of the system manager 40a.
  • step S25 when the authentication unit 43 determines that the authentication has failed (when the determination result of step S25 is “NO”), the control unit 42a of the system manager 40a performs an anonymous connection with the wireless device 10a.
  • disconnects is performed (step S33).
  • the wireless device 10a is disconnected from the wireless network N1, and therefore cannot communicate via the wireless network N1.
  • the authentication database 50 for storing the certificates C11 to C13 (verified using the certificate C20) for the wireless devices 10a to 10c is provided.
  • the control unit 42a of the system manager 40a reads the certificate C11 for the wireless device 10a from the authentication database 50 and performs authentication.
  • the unit 43 authenticates the wireless device 10a.
  • the management of the certificates C11 to C13 for the wireless devices 10a to 10c may be performed for those stored in the authentication database 50, and it is not necessary to perform the management for those held in the wireless devices 10a to 10c. Therefore, management of the certificates C11 to C13 can be simplified.
  • certificates C11 to C13 are not transmitted / received via the wireless network N1. Therefore, it is possible to reduce resources required for transmitting / receiving the certificates C11 to C13.
  • FIG. 8 is a block diagram showing the overall configuration of the authentication system 2 according to the second embodiment of the present invention.
  • the authentication system 2 of the second embodiment includes an authentication server 70 (server device) that provides a certificate stored in the authentication database 50, and connects the system manager 40b and the authentication server 70 to a LAN ( In this configuration, the network N3 such as a Local Area Network is connected.
  • the system manager 40b includes a control unit 42b instead of the control unit 42a.
  • the system manager 40a is directly connected to the authentication database 50, and the system manager 40a reads the certificates C11 to C13 from the authentication database 50.
  • the control unit 42b of the system manager 40b makes a read request for the certificates C11 to C13 to the authentication server 70, and the certificates C11 to C13 according to the request are received.
  • the authentication server 70 provides the control unit 42b.
  • the system manager 40b makes a read request for the certificates C11 to C13, it is necessary to provide the authentication server 70 with an identifier that uniquely identifies the wireless devices 10a to 10c.
  • the load on the system manager 40b can be reduced.
  • 8 illustrates a configuration in which one authentication server 70 is connected to the system manager 40b via the network N3, but a plurality of authentication servers 70 are connected to the system manager 40b via the network N3. It may be a configuration. Further, the authentication server 70 may be connected to the system manager 40b via the backbone network N2.
  • the wireless devices 10a to 10 using the certificates C11 to C13 and the certificate C20 issued by the certificate authority 60 (for example, a public certificate authority) that can be trusted by the system managers 40a and 40b. 10c authentication was performed.
  • the wireless devices 10a to 10c are authenticated using a certificate issued by a certificate authority uniquely constructed by the user U (P33).
  • the system manager 40c unlike the system manager 40a of the first embodiment, the system manager 40c includes a control unit 42c instead of the control unit 42a.
  • FIG. 9 is a diagram for explaining the PKI used in the third embodiment of the present invention.
  • a certificate authority server device 80 that is a certificate authority uniquely constructed by the user U is provided.
  • the certificate authority server apparatus 80 includes certificates C31 to C33 (first certificate) used for authenticating the wireless devices 10a to 10c, and certificates used to verify these certificates C31 to C33.
  • C20 is issued (P32).
  • the certificate authority server device 80 may be connected to the network N3 provided in the authentication system 2 shown in FIG. 8, for example, but may be separated from the authentication system 2 in order to improve security.
  • the certificates C31 to C33 and certificate C20 newly issued by the certificate authority server apparatus 80 are stored in the authentication database 50, and the wireless devices 10a to 10c using the certificates C31 to C33 and the certificate C20 are stored by the system manager 40c. Authentication is performed. However, it is not easy to update the secret key stored in the wireless devices 10a to 10c.
  • the system manager 40c retrieves, for example, the certificate C11 corresponding to the wireless device 10a from the authentication database 50, the control unit 42c presents the public key included therein, and presents the certificate authority server device 80.
  • a signature request is made (P31). If such a certificate authority server device 80 is provided, it is possible to authenticate a wireless device using PKI as described above using a certificate authority uniquely constructed by the user U. Further, the certificate C31 generated in this way may be incorporated into the wireless device 10a via the system manager 40c.
  • the wireless devices 10a to 10c provide an interface for setting a secret key
  • the certificate including the public key that the certificate authority server device 80 pairs with the secret key as performed by the vendor V in FIG. May be generated and incorporated via the system manager 40c.
  • the system managers 40a and 40b authenticate the wireless devices 10a to 10c using the certificates C11 to C13 stored in the authentication database 50.
  • the wireless devices 10a to 10c can be authenticated (fallback).
  • the configuration of the authentication system of the fourth embodiment is the same as the configuration of the authentication system 1 of the first embodiment shown in FIG.
  • the fourth embodiment it is assumed that the certificates C11 to C13 whose expiration date has not passed are held in the wireless devices 10a to 10c.
  • the overall configuration of the authentication system according to the fourth embodiment is the same as that of the authentication system 1 according to the first embodiment shown in FIG. 1 or the authentication system 2 according to the second embodiment shown in FIG.
  • FIG. 10 is a flowchart showing the operation of the authentication system according to the fourth embodiment of the present invention.
  • the flowchart shown in FIG. 10 shows an operation (second operation) when a certificate is presented by the anonymous connection method, similarly to the flowchart shown in FIG.
  • the offline operation step S10
  • step S20 only the online operation
  • steps in which the same processing as that shown in FIG. 6 is performed are denoted by the same reference numerals.
  • the system manager 40a enters a state of waiting for reception of a connection request via the wireless network N1, as in the second operation in the first embodiment, based on the control of the control unit 42a. (Step S21).
  • the anonymous connection request is received and accepted by the communication unit 41 of the system manager 40a, and the control unit 42a receives the wireless device 10a.
  • An anonymous connection is established between the system manager 40a and the system manager 40a (step S31).
  • the certificate is not sent from the wireless device 10a to the system manager 40a.
  • the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23).
  • the identifier of the wireless device 10a used when searching the authentication database 50 is transmitted from the wireless device 10a along with the anonymous connection request and received by the communication unit 41.
  • control unit 42a of the system manager 40a determines whether or not the certificate C11 has been successfully read from the authentication database 50 (step S41).
  • the control unit 42a determines that the certificate C11 has been successfully read (when the determination result is “YES”)
  • the authentication unit 43 of the system manager 40a performs the challenge / response method as in the first embodiment.
  • the wireless device 10a is authenticated (step S24).
  • the authentication unit 43 of the system manager 40a sends the certificate to the wireless device 10a.
  • a transmission request for C11 is made via the communication unit 41, and the communication unit 41 obtains the certificate C11 from the wireless device 10a (step S42).
  • the authentication unit 43 authenticates the wireless device 10a by the challenge / response method (step S24).
  • the system manager 40a performs a process of switching the anonymous connection established with the wireless device 10a to a regular connection as in the first embodiment. Is performed by the controller 42a (step S32). If the authentication unit 43 fails to authenticate the wireless device 10a, the control unit 42a of the system manager 40a performs processing for disconnecting the anonymous connection with the wireless device 10a, as in the first embodiment. (Step S33).
  • the wireless devices 10a to 10c when the certificates C11 to C13 for the wireless devices 10a to 10c are not stored in the authentication database 50, the certificates C11 to C13 held in the wireless devices 10a to 10c are stored. And the authentication unit 43 authenticates the wireless devices 10a to 10c. Therefore, for example, even when a failure occurs in the authentication database 50, the wireless devices 10a to 10c can be connected to the wireless network N1 by the same method as before.
  • the present invention is not limited to the first to fourth embodiments described above, and is within the scope of the present invention. Can be changed freely.
  • the certificates C11 to C13 used for authentication of the wireless devices 10a to 10c are used using the certificate C20 when offline (step S10 in FIGS. 4 and 6). It was verified in advance and only the verified data was stored in the authentication database 50.
  • the verification of the certificates C11 to C13 when offline is not performed, and when the communication unit 41 receives a connection request or an anonymous connection request from the wireless devices 10a to 10c while online, The verification may be performed.
  • the present invention is directed to the backbone router 30 and the system managers 40a, 40b, and 40c. And may be integrated. In such a case, the backbone network N2 can be omitted.
  • examples of authenticating the wireless devices 10a to 10c connected to the wireless network N1 have been described.
  • the present invention is also applicable to authentication of communication devices connected to a wired network. can do.
  • the present invention requires an authentication system, a management apparatus, an authentication method, and the like that are required to simplify the management of a certificate used for authentication of a communication device, and to reduce the resources required for transmitting and receiving the certificate. Can be applied to.

Abstract

This management device is equipped with: a communication unit for receiving connection requests from communication devices connected to a network; a control unit that reads from a database a first certificate for authenticating a communication device that has made a communication request when the request is received by the communication unit; and an authentication unit for authenticating the communication device that has transmitted the connection request by using the first certificate read by the control unit.

Description

認証システム、管理装置及び認証方法Authentication system, management apparatus, and authentication method
 本発明は、ネットワークに接続される通信デバイスの認証を行う認証システム、管理装置及び認証方法に関する。
 本願は、2012年8月21日に、日本に出願された特願2012-182297号に基づき優先権を主張し、その内容をここに援用する。 The present invention relates to an authentication system, a management apparatus, and an authentication method for authenticating a communication device connected to a network.
This application claims priority based on Japanese Patent Application No. 2012-182297 for which it applied to Japan on August 21, 2012, and uses the content here.
 従来から、プラントや工場等においては、高度な自動操業を実現すべく、分散制御システム(DCS:Distributed Control System)が構築されている。この分散制御システムでは、フィールド機器と呼ばれる現場機器(測定器、操作器)と、これらの制御を行う制御装置とが通信手段を介して接続される。このような分散制御システムの基礎をなす通信システムは、有線によって通信を行うものが殆どであった。しかし、近年においてはISA100.11aやWirelessHART(登録商標)等の産業用無線通信規格に準拠した無線通信を行うものも実現されている。 Conventionally, distributed control systems (DCS: Distributed Control System) have been constructed in plants, factories, etc. in order to realize advanced automatic operation. In this distributed control system, field devices (measuring instruments, operation devices) called field devices and a control device that controls these devices are connected via communication means. Most communication systems that form the basis of such a distributed control system perform communication by wire. In recent years, however, wireless communication conforming to industrial wireless communication standards such as ISA100.11a and WirelessHART (registered trademark) has been realized.
 上記の通信システムには、セキュリティを確保するために、PKI(Public Key Infrastructure:公開鍵基盤)を用いて有線又は無線のネットワークに接続される通信デバイスを認証する認証システムが設けられる。とりわけ、無線ネットワークを介して通信を行う通信システムでは、通信デバイス(無線デバイス)が電波の到達エリア内に配置されていれば無線ネットワークに接続し得る。そのため、無線ネットワークを介して通信を行う通信システムでは、セキュリティを確保する観点から上記の認証システムは必須になる。 The above communication system is provided with an authentication system for authenticating a communication device connected to a wired or wireless network using PKI (Public Key Infrastructure) in order to ensure security. In particular, in a communication system that performs communication via a wireless network, the communication device (wireless device) can be connected to the wireless network if the communication device (wireless device) is disposed within the radio wave arrival area. Therefore, in a communication system that performs communication via a wireless network, the above authentication system is essential from the viewpoint of ensuring security.
 ここで、上記の認証システムは、信頼できる認証局(CA:Certification Authority)が発行した証明書を管理するとともに、この証明書を用いて通信デバイスの認証を行う管理装置を備える。具体的に、この管理装置は、通信デバイスから提示される証明書の正当性を、自らが管理している証明書を用いて検証した上で、通信デバイスとの間でチャレンジ・レスポンス方式によりデータ(メッセージ)の送受信を行う。これにより、管理装置は、通信デバイスの認証を行う。 Here, the above-described authentication system includes a management apparatus that manages a certificate issued by a trusted certificate authority (CA) and authenticates a communication device using the certificate. Specifically, this management apparatus verifies the validity of the certificate presented by the communication device using the certificate managed by itself, and then performs data exchange with the communication device using a challenge / response method. (Message) is sent and received. As a result, the management apparatus authenticates the communication device.
 尚、通信デバイスが管理装置に対して証明書を提示する方法として、第1方式(ピギーバック(PiggyBack)方式)と、第2方式(匿名接続方式)とが挙げられる。第1方式では、ネットワークへの接続要求(ジョイン要求)とともに証明書を提示する。第2方式では、ネットワークに対して匿名接続を行っている最中に証明書を提示する。以下の特許文献1には、プラントや工場等に設けられる認証システムで用いられるものではないが、従来のPKIを用いたチャレンジ・レスポンス認証方法が開示されている。 In addition, a first method (PiggyBack method) and a second method (anonymous connection method) are examples of methods by which the communication device presents a certificate to the management apparatus. In the first method, a certificate is presented together with a connection request (join request) to the network. In the second method, a certificate is presented during anonymous connection to the network. The following Patent Document 1 discloses a challenge / response authentication method using a conventional PKI, which is not used in an authentication system provided in a plant or factory.
特開2008-167107号公報JP 2008-167107 A
 上述した認証局から通信デバイス(認証システムの管理装置によって認証を受ける通信デバイス)に付与される証明書は、一般的にセキュリティを高めるために有効期限が設定される。このような有効期限が設定された証明書が用いられる場合には、その有効期限が経過する前に、ネットワークを介した安全な通信(セキュアな通信)によって証明書を更新する必要がある。 The certificate granted to the communication device (communication device authenticated by the management apparatus of the authentication system) from the above-mentioned certificate authority is generally set with an expiration date in order to increase security. When a certificate with such an expiration date is used, it is necessary to update the certificate by secure communication (secure communication) via the network before the expiration date elapses.
 しかしながら、プラントや工場等で用いられるフィールド機器等の通信デバイスは、出荷された後で直ちに用いられるもの以外に、予備として長期間保管されるものもある。このような通信デバイスは、保管中に証明書の有効期限が経過してしまうと、ネットワークに接続することができなくなる。上述の通り、証明書の更新は、ネットワークを介した通信により行われる。そのため、証明書の有効期限の経過によってネットワークに接続できなくなると、証明書の更新も行うことができなくなる。このため、従来は、ネットワークに接続される可能性のある全ての通信デバイスについて証明書の期限管理をしなければならず、極めて煩雑な手間を要する。 However, some communication devices such as field devices used in plants and factories are stored for a long period of time in addition to those used immediately after shipment. Such a communication device cannot be connected to the network if the expiration date of the certificate elapses during storage. As described above, the certificate is updated by communication via the network. Therefore, if the certificate cannot be connected to the network due to the expiration of the certificate expiration date, the certificate cannot be updated. For this reason, conventionally, certificate expiration management has to be performed for all communication devices that may be connected to the network, which requires extremely complicated work.
 また、上述した無線通信規格ISA100.11a等に準拠した無線ネットワークは、電池を電源として間欠動作を行う無線デバイス(無線フィールド機器)や無線ルータ等によって形成される。そのため、省電力で低速(通信帯域が狭い)であるという特質を有する。このような特質から、上記の無線ネットワークを介して送受信されるパケットの大きさは、百バイト程度(例えば、128バイト)に制限される。無線デバイスで測定された圧力、流量、温度等のプロセス量を示すデータは、このパケットを単位として通信される。 In addition, a wireless network compliant with the above-described wireless communication standard ISA100.11a or the like is formed by a wireless device (wireless field device) that performs intermittent operation using a battery as a power source, a wireless router, or the like. Therefore, it has the characteristic that it is power saving and low speed (the communication band is narrow). Due to such characteristics, the size of a packet transmitted / received via the wireless network is limited to about 100 bytes (for example, 128 bytes). Data indicating the process amount such as pressure, flow rate, temperature, etc. measured by the wireless device is communicated in units of this packet.
 しかしながら、無線デバイスの認証に用いられる証明書は、データ量が数キロバイト程度以上であり、上記のプロセス量を示すデータに比べてデータ量が多い。このため、無線デバイスから管理装置に対して証明書を送信するためには、多くのリソースが必要である。そのため、証明書を送信する無線デバイスと管理装置との間の通信経路上に配置された無線ルータ等の無線デバイスのリソースが多く消費される。これにより、電池の交換時期が早まったり、本来のプロセス量のデータ送信に支障が生じたりする可能性がある。 However, the certificate used for authentication of the wireless device has a data amount of about several kilobytes or more, and the data amount is larger than the data indicating the process amount. For this reason, in order to transmit a certificate from a wireless device to a management apparatus, many resources are required. For this reason, resources of a wireless device such as a wireless router arranged on a communication path between the wireless device that transmits the certificate and the management apparatus are consumed. Accordingly, there is a possibility that the replacement time of the battery is advanced, or that the data transmission of the original process amount is hindered.
 本発明は、通信デバイスの認証に用いられる証明書の管理を簡素化することができるとともに、証明書の送受信に要するリソースを削減することができる認証システム、管理装置及び認証方法を提供する。 The present invention provides an authentication system, a management apparatus, and an authentication method capable of simplifying management of a certificate used for authentication of a communication device and reducing resources required for certificate transmission / reception.
(1) 本発明の第1の態様は、第1ネットワークに接続される通信デバイスを認証するために用いられる第1証明書を格納するデータベースと、前記通信デバイスからの接続要求があった場合に、前記接続要求を行った前記通信デバイスを認証するための第1証明書を前記データベースから読み出し、第1証明書を用いて、前記接続要求を行った前記通信デバイスの認証を行う管理装置と、を備える認証システムである。
 本発明の第1の態様によると、通信デバイスからの接続要求があった場合に、その接続要求を行った通信デバイスを認証するための第1証明書がデータベースから読み出され、読み出された第1証明書を用いて接続要求を行った通信デバイスの認証が管理装置によって行われる。 (1) According to a first aspect of the present invention, there is a database storing a first certificate used for authenticating a communication device connected to the first network, and when there is a connection request from the communication device. A management apparatus that reads a first certificate for authenticating the communication device that has made the connection request from the database, and uses the first certificate to authenticate the communication device that has made the connection request; It is an authentication system provided with.
According to the first aspect of the present invention, when there is a connection request from a communication device, the first certificate for authenticating the communication device that has made the connection request is read from the database and read. The management device authenticates the communication device that has made a connection request using the first certificate.
(2) 本発明の第1の態様において、前記データベースに格納される前記第1証明書は、前記第1証明書を検証するための第2証明書を用いて検証されても良い。 (2) In the first aspect of the present invention, the first certificate stored in the database may be verified using a second certificate for verifying the first certificate.
(3) 本発明の第1の態様において、前記第1ネットワークとは異なる第2ネットワークを介して前記管理装置に接続され、前記データベースに格納された情報を提供するサーバ装置を更に備え、前記管理装置は、前記サーバ装置から前記データベースに格納された前記第1証明書を取得されても良い。 (3) In the first aspect of the present invention, the server further includes a server device connected to the management device via a second network different from the first network and providing information stored in the database. The device may obtain the first certificate stored in the database from the server device.
(4) 本発明の第1の態様において、前記データベースに格納される前記第1証明書を発行する認証局サーバ装置を更に備えても良い。 (4) In the first aspect of the present invention, a certificate authority server device that issues the first certificate stored in the database may be further provided.
(5) 本発明の第1の態様において、前記通信デバイスには、前記第1証明書が付与されており、前記管理装置は、前記接続要求を行った前記通信デバイスを認証するための前記第1証明書が前記データベースに格納されていない場合には、前記接続要求を行った前記通信デバイスに付与されている前記第1証明書を取得して、前記接続要求を行った前記通信デバイスの認証を行っても良い。 (5) In the first aspect of the present invention, the first certificate is assigned to the communication device, and the management device authenticates the communication device that has made the connection request. If one certificate is not stored in the database, the first certificate given to the communication device that has made the connection request is acquired, and authentication of the communication device that has made the connection request May be performed.
(6) 本発明の第1の態様において、前記第1ネットワークは、無線ネットワークであり、前記第2ネットワークは、前記第1ネットワークよりも通信帯域が広くても良い。 (6) In the first aspect of the present invention, the first network may be a wireless network, and the second network may have a wider communication band than the first network.
(7) 本発明の第1の態様において、前記データベースは、前記第1証明書と、前記通信デバイスを一意に特定する識別子とを対応付けて格納し、前記管理装置は、前記通信デバイスから、前記接続要求と、前記通信デバイスを一意に特定する識別子とを受信する通信部と、前記通信部が受信した前記識別子に対応付けられた前記第1証明書を、前記データベースから読み出す制御部と、前記制御部が読み出した前記第1証明書を用いて前記接続要求を行った前記通信デバイスの認証を行う制御部と、を備えても良い。 (7) In the first aspect of the present invention, the database stores the first certificate and an identifier that uniquely identifies the communication device in association with each other, and the management device receives the communication device from the communication device, A communication unit that receives the connection request and an identifier that uniquely identifies the communication device; a control unit that reads the first certificate associated with the identifier received by the communication unit from the database; A controller that authenticates the communication device that has made the connection request using the first certificate read by the controller.
(8) 本発明の第1の態様において、前記認証部は、前記第1証明書に含まれる第1公開鍵を用いて第1メッセージを暗号化し、前記通信部は、前記認証部が暗号化した前記第1メッセージを、前記通信デバイスに送信し、前記通信部は、第2公開鍵を用いて暗号化された第2メッセージを、前記通信デバイスから受信し、前記認証部は、前記第2メッセージを、秘密鍵を用いて復号し、前記第1メッセージと前記第2メッセージとが一致するか否かに基づいて、前記通信デバイスの認証を行っても良い。 (8) In the first aspect of the present invention, the authentication unit encrypts the first message using a first public key included in the first certificate, and the communication unit encrypts the authentication unit. The first message is transmitted to the communication device, the communication unit receives the second message encrypted using a second public key from the communication device, and the authentication unit receives the second message. The message may be decrypted using a secret key, and the communication device may be authenticated based on whether the first message matches the second message.
(9) 本発明の第1の態様において、前記通信デバイスは、前記第1証明書を保持しなくても良い。 (9) In the first aspect of the present invention, the communication device may not hold the first certificate.
(10) 本発明の第1の態様において、前記データベースが格納する前記第1証明書には、公開鍵が含まれ、前記公開鍵に対応する秘密鍵は、前記通信デバイスによって保持されても良い。 (10) In the first aspect of the present invention, the first certificate stored in the database may include a public key, and a secret key corresponding to the public key may be held by the communication device. .
(11) 本発明の第1の態様において、前記第1証明書には、有効期限が設定され、前記有効期限が切れる前に、前記データベースは、新たな有効期限が設定された前記第1証明書に更新しても良い。 (11) In the first aspect of the present invention, an expiration date is set for the first certificate, and before the expiration date, the database has the first certificate with a new expiration date set. It may be updated to a certificate.
(12) 本発明の第1の態様において、前記管理装置は、チャレンジ・レスポンス方式を用いて、前記通信デバイスの認証を行っても良い。 (12) In the first aspect of the present invention, the management device may authenticate the communication device using a challenge / response method.
(13) 本発明の第1の態様において、前記通信デバイスの認証に成功した場合に、前記管理装置は、前記通信デバイスからの前記接続要求を受け入れ、前記通信デバイスを前記第1ネットワークに接続しても良い。 (13) In the first aspect of the present invention, when the authentication of the communication device is successful, the management apparatus accepts the connection request from the communication device and connects the communication device to the first network. May be.
(14) 本発明の第1の態様において、前記通信デバイスの認証に成功しなかった場合に、前記管理装置は、前記制御部は、前記通信デバイスからの前記接続要求を拒否し、前記通信デバイスを、前記第1ネットワークに接続しなくても良い。 (14) In the first aspect of the present invention, when the authentication of the communication device is not successful, the management device rejects the connection request from the communication device, and the communication device May not be connected to the first network.
(15) 本発明の第1の態様において、前記管理装置は、前記通信デバイスから前記第1証明書を受信しなくても良い。 (15) In the first aspect of the present invention, the management device may not receive the first certificate from the communication device.
(16) 本発明の第1の態様において、前記管理装置は、前記通信デバイスからの接続要求として、匿名接続要求を受信して、前記通信デバイスを、前記第1ネットワークに匿名接続させ、前記通信デバイスの認証に成功した場合に、前記管理装置は、前記通信デバイスを、匿名接続から正規接続に切り替えて、前記第1ネットワークに接続させても良い。 (16) In the first aspect of the present invention, the management apparatus receives an anonymous connection request as a connection request from the communication device, causes the communication device to anonymously connect to the first network, and performs the communication. When the device authentication is successful, the management device may switch the communication device from an anonymous connection to a regular connection and connect the communication device to the first network.
(17) 本発明の第1の態様において、前記通信デバイスの認証に成功しなかった場合に、前記管理装置は、前記通信デバイスの匿名接続を、前記第1ネットワークから切断しても良い。 (17) In the first aspect of the present invention, when the authentication of the communication device is not successful, the management apparatus may disconnect the anonymous connection of the communication device from the first network.
(18) 本発明の第1の態様において、前記通信デバイスからの接続要求を受信した場合に、前記管理装置は、前記第1証明書を前記第2証明書を用いて検証しても良い。 (18) In the first aspect of the present invention, when receiving a connection request from the communication device, the management apparatus may verify the first certificate using the second certificate.
(19) 本発明の第2の態様は、ネットワークに接続される通信デバイスからの接続要求を受信する通信部と、前記通信部が前記接続要求を受信した場合に、前記接続要求を行った前記通信デバイスを認証するための第1証明書を、データベースから読み出す制御部と、前記制御部が読み出した前記第1証明書を用いて、前記接続要求を送信した前記通信デバイスの認証を行う認証部と、を備える管理装置である。 (19) In the second aspect of the present invention, the communication unit that receives a connection request from a communication device connected to a network, and the communication unit that performs the connection request when the communication unit receives the connection request. A control unit that reads a first certificate for authenticating the communication device from a database, and an authentication unit that authenticates the communication device that has transmitted the connection request using the first certificate read by the control unit And a management device comprising:
(20) 本発明の第3の態様は、ネットワークに接続される通信デバイスからの接続要求を受信し、前記接続要求を受信した場合に、前記通信デバイスを認証するために用いられる第1証明書を格納するデータベースから、前記接続要求を行った前記通信デバイスを認証するための第1証明書を読み出し、読み出した前記第1証明書を用いて、前記接続要求を行った前記通信デバイスの認証を行う認証方法である。 (20) A third aspect of the present invention is the first certificate used for receiving a connection request from a communication device connected to a network and authenticating the communication device when the connection request is received. The first certificate for authenticating the communication device that has made the connection request is read from the database that stores the connection request, and the communication device that has made the connection request is authenticated using the read first certificate. This is the authentication method to be performed.
 本発明の一態様によれば、通信デバイスからの接続要求があった場合に、その接続要求を行った通信デバイスを認証するための第1証明書をデータベースから読み出し、読み出した第1証明書を用いて接続要求を行った通信デバイスの認証を行う。このため、通信デバイスを認証するための第1証明書の管理はデータベースに格納されたものを管理すれば良いため、通信デバイスの認証に用いられる証明書の管理を簡素化することができる。また、接続要求を行った通信デバイスとの間で証明書の送受信は行われないため、証明書の送受信に要するリソースを削減することができる。 According to one aspect of the present invention, when there is a connection request from a communication device, the first certificate for authenticating the communication device that has made the connection request is read from the database, and the read first certificate is It authenticates the communication device that made the connection request. For this reason, since the management of the first certificate for authenticating the communication device only needs to manage the certificate stored in the database, the management of the certificate used for authentication of the communication device can be simplified. In addition, since the certificate is not transmitted / received to / from the communication device that has made the connection request, resources required for the certificate transmission / reception can be reduced.
本発明の第1実施形態による認証システムの全体構成を示すブロック図である。It is a block diagram which shows the whole structure of the authentication system by 1st Embodiment of this invention. 本発明の第1実施形態で用いられるPKIを説明するための図である。It is a figure for demonstrating PKI used by 1st Embodiment of this invention. 本発明の第1実施形態における証明書の組み込み方法の一例を示す図である。It is a figure which shows an example of the incorporating method of the certificate in 1st Embodiment of this invention. 本発明の第1実施形態による認証システムの第1動作を示すフローチャートである。It is a flowchart which shows 1st operation | movement of the authentication system by 1st Embodiment of this invention. 本発明の第1実施形態による認証システムの第1動作を示すタイミングチャートである。It is a timing chart which shows the 1st operation | movement of the authentication system by 1st Embodiment of this invention. 本発明の第1実施形態による認証システムの第2動作を示すフローチャートである。It is a flowchart which shows 2nd operation | movement of the authentication system by 1st Embodiment of this invention. 本発明の第1実施形態による認証システムの第2動作を示すタイミングチャートである。It is a timing chart which shows the 2nd operation | movement of the authentication system by 1st Embodiment of this invention. 本発明の第2実施形態による認証システムの全体構成を示すブロック図である。It is a block diagram which shows the whole structure of the authentication system by 2nd Embodiment of this invention. 本発明の第3実施形態で用いられるPKIを説明するための図である。It is a figure for demonstrating PKI used by 3rd Embodiment of this invention. 本発明の第4実施形態による認証システムの動作を示すフローチャートである。It is a flowchart which shows operation | movement of the authentication system by 4th Embodiment of this invention.
 以下、図面を参照して本発明の第1~第4実施形態による認証システム、管理装置及び認証方法について詳細に説明する。 Hereinafter, an authentication system, a management apparatus, and an authentication method according to first to fourth embodiments of the present invention will be described in detail with reference to the drawings.
〔第1実施形態〕
 図1は、本発明の第1実施形態による認証システム1の全体構成を示すブロック図である。図1に示す通り、第1実施形態の認証システム1は、無線デバイス10a~10c(通信デバイス)、無線ルータ20a,20b、バックボーンルータ30、システムマネージャ40a(管理装置)、及び認証データベース50(データベース)を備える。システムマネージャ40aは、認証データベース50を用いて無線ネットワークN1(ネットワーク)に接続される無線デバイス10a~10cの認証を行う。尚、図1に示す無線デバイス10a~10c及び無線ルータ20a,20bの数は任意である。 [First Embodiment]
FIG. 1 is a block diagram showing the overall configuration of an authentication system 1 according to the first embodiment of the present invention. As shown in FIG. 1, the authentication system 1 of the first embodiment includes wireless devices 10a to 10c (communication devices), wireless routers 20a and 20b, a backbone router 30, a system manager 40a (management device), and an authentication database 50 (database). ). The system manager 40a uses the authentication database 50 to authenticate the wireless devices 10a to 10c connected to the wireless network N1 (network). The numbers of the wireless devices 10a to 10c and the wireless routers 20a and 20b shown in FIG. 1 are arbitrary.
 図1中の無線ネットワークN1は、システムマネージャ40aの管理制御の下で、無線デバイス10a~10c、無線ルータ20a,20b、及びバックボーンルータ30によって形成される。無線ネットワークN1は、省電力で低速(通信帯域が所定値よりも狭い)であるという特質を有する無線のネットワークである。また、バックボーンルータ30及びシステムマネージャ40aが接続されるバックボーンネットワークN2は、広帯域(通信帯域が所定値よりも広い)であるという特質を有する認証システム1の基幹となる有線又は無線のネットワークである。 1 is formed by the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30 under the management control of the system manager 40a. The wireless network N1 is a wireless network having the characteristics of power saving and low speed (communication band is narrower than a predetermined value). The backbone network N2 to which the backbone router 30 and the system manager 40a are connected is a wired or wireless network serving as the backbone of the authentication system 1 having the characteristic that it is a broadband (communication band is wider than a predetermined value).
 無線デバイス10a~10cは、例えば流量計や温度センサ等のセンサ機器、流量制御弁や開閉弁等のバルブ機器、ファンやモータ等のアクチュエータ機器等のプラントや工場に設置される無線フィールド機器である。これら無線デバイス10a~10cは、電池を電源として間欠動作を行い、インダストリアル・オートメーション用無線通信規格であるISA100.11aに準拠した無線通信を行う。 The wireless devices 10a to 10c are wireless field devices installed in plants or factories such as sensor devices such as flow meters and temperature sensors, valve devices such as flow control valves and on-off valves, and actuator devices such as fans and motors. . These wireless devices 10a to 10c perform intermittent operation using a battery as a power source, and perform wireless communication conforming to ISA100.11a which is a wireless communication standard for industrial automation.
 ここで、無線デバイス10a~10cは、システムマネージャ40aによって認証されなければ正規に無線ネットワークN1に接続することができない。このため、これら無線デバイス10a~10cには、自身が正規の無線デバイスであることを示す証明書C11~C13(図2参照)がそれぞれ予め用意される。詳細は後述するが、証明書C11~C13は、認証データベース50に格納されるため、必ずしも無線デバイス10a~10cに保持される必要は無い。 Here, the wireless devices 10a to 10c cannot be properly connected to the wireless network N1 unless authenticated by the system manager 40a. Therefore, certificates C11 to C13 (see FIG. 2) indicating that the wireless devices 10a to 10c themselves are legitimate wireless devices are prepared in advance. Although details will be described later, since the certificates C11 to C13 are stored in the authentication database 50, they are not necessarily held in the wireless devices 10a to 10c.
 無線ルータ20a,20bは、無線デバイス10a~10c及びバックボーンルータ30との間で無線通信規格ISA100.11aに準拠した無線通信を行う。つまり、無線ルータ20a,20bは、無線デバイス10a~10cとバックボーンルータ30との間で送受信されるデータを中継する。これら無線ルータ20a,20bも、無線デバイス10a~10cと同様に、電池を電源として間欠動作を行う。上記の無線デバイス10a~10c、無線ルータ20a,20b、及びバックボーンルータ30が互いに無線接続されることにより、スター・メッシュ状の無線ネットワークN1が形成される。尚、無線ルータ20a,20bに代えて、無線ルータ20a,20bの機能(中継機能)を備える無線デバイスが設けられても良い。 The wireless routers 20a and 20b perform wireless communication conforming to the wireless communication standard ISA100.11a with the wireless devices 10a to 10c and the backbone router 30. That is, the wireless routers 20a and 20b relay data transmitted and received between the wireless devices 10a to 10c and the backbone router 30. These wireless routers 20a and 20b also perform intermittent operation using a battery as a power source, similarly to the wireless devices 10a to 10c. The wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30 are wirelessly connected to each other, thereby forming a star-mesh wireless network N1. Instead of the wireless routers 20a and 20b, wireless devices having the functions (relay function) of the wireless routers 20a and 20b may be provided.
 バックボーンルータ30は、無線ネットワークN1とバックボーンネットワークN2とを接続し、無線デバイス10a~10c等とシステムマネージャ40aとの間で送受信される各種データの中継を行う。このバックボーンルータ30は、例えばバックボーンネットワークN2から供給される直流電力、或いはバックボーンネットワークN2とは別の経路を介して供給される直流電力により連続して動作する。バックボーンルータ30は、上記の無線通信規格ISA100.11aに準拠した無線通信を行う。 The backbone router 30 connects the wireless network N1 and the backbone network N2, and relays various data transmitted and received between the wireless devices 10a to 10c and the system manager 40a. The backbone router 30 operates continuously with, for example, DC power supplied from the backbone network N2 or DC power supplied via a path different from the backbone network N2. The backbone router 30 performs wireless communication conforming to the wireless communication standard ISA100.11a.
 システムマネージャ40aは、例えば商用電源から供給される電力により連続して動作し、認証システム1を統括して管理制御する。例えば、システムマネージャ40aは、無線ネットワークN1を介して行われる無線通信の制御を行う。具体的には、システムマネージャ40aは、無線デバイス10a~10c、無線ルータ20a,20b、及びバックボーンルータ30に対する無線通信リソース(タイムスロット及び通信チャネル)の割り当て制御を行う。これにより、システムマネージャ40aは、無線ネットワークN1を介したTDMA(Time Division Multiple Access:時分割多元接続)による無線通信を実現する。 The system manager 40a operates continuously with, for example, power supplied from a commercial power source, and manages and controls the authentication system 1 in an integrated manner. For example, the system manager 40a controls wireless communication performed via the wireless network N1. Specifically, the system manager 40a performs assignment control of wireless communication resources (time slots and communication channels) to the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30. As a result, the system manager 40a realizes wireless communication by TDMA (Time Division Multiple Access) via the wireless network N1.
 また、システムマネージャ40aは、認証データベース50に格納された証明書C11~C13及び証明書C20(図2参照)を用いて無線ネットワークN1に接続される無線デバイス10a~10cの認証を行う。具体的に、システムマネージャ40aは、無線デバイス10a~10cからの接続要求があった場合に、認証データベース50に格納された証明書C11~C13(図2参照)を、証明書C20(図2参照)を用いて検証する。その後、システムマネージャ40aは、チャレンジ・レスポンス方式により接続要求を行った無線デバイス10a~10cの認証を行う。
 図1に示すように、システムマネージャ40aは、通信部41、制御部42a、認証部43を備える。
 通信部41は、無線ネットワークN1に接続される無線デバイス10a~10cからの接続要求を、それぞれ受信する。
 制御部42aは、通信部41が接続要求を受信した場合に、接続要求を行った無線デバイス(例えば、無線デバイス10a)を認証するための証明書(例えば、証明書C11)を、認証データベース50から読み出す。
 認証部43は、制御部42aが読み出した証明書(例えば、証明書C11)を用いて、接続要求を送信した無線デバイス(例えば、無線デバイス10a)の認証を行う。 Further, the system manager 40a authenticates the wireless devices 10a to 10c connected to the wireless network N1 using the certificates C11 to C13 and the certificate C20 (see FIG. 2) stored in the authentication database 50. Specifically, when there is a connection request from the wireless devices 10a to 10c, the system manager 40a converts the certificates C11 to C13 (see FIG. 2) stored in the authentication database 50 into the certificate C20 (see FIG. 2). ) To verify. Thereafter, the system manager 40a authenticates the wireless devices 10a to 10c that have made connection requests by the challenge / response method.
As shown in FIG. 1, the system manager 40 a includes a communication unit 41, a control unit 42 a, and an authentication unit 43.
The communication unit 41 receives connection requests from the wireless devices 10a to 10c connected to the wireless network N1.
When the communication unit 41 receives a connection request, the control unit 42a uses a certificate (for example, the certificate C11) for authenticating the wireless device (for example, the wireless device 10a) that has made the connection request, as an authentication database 50. Read from.
The authentication unit 43 authenticates the wireless device (for example, the wireless device 10a) that transmitted the connection request, using the certificate (for example, the certificate C11) read by the control unit 42a.
 認証データベース50は、無線デバイス10a~10cの認証を行うために必要な情報が格納されるデータベースである。具体的に、認証データベース50には、証明書C11~C13(第1証明書:図2参照)と、証明書C20(第2証明書:図2参照)とが格納される。証明書C11~C13は、無線デバイス10a~10cについての証明書である。証明書C20は、信頼できる認証局によって発行された証明書であって、証明書C11~C13を検証するために用いられる証明書C20(第2証明書:図2参照)である。尚、無線デバイス10a~10cについての証明書C11~C13は、無線デバイス10a~10cを一意に特定する識別子(例えば、EUI64アドレス)に対応付けられて認証データデース50に格納される。 The authentication database 50 is a database in which information necessary for authenticating the wireless devices 10a to 10c is stored. Specifically, the authentication database 50 stores certificates C11 to C13 (first certificate: see FIG. 2) and certificate C20 (second certificate: see FIG. 2). Certificates C11 to C13 are certificates for the wireless devices 10a to 10c. The certificate C20 is a certificate issued by a trusted certificate authority, and is a certificate C20 (second certificate: see FIG. 2) used to verify the certificates C11 to C13. The certificates C11 to C13 for the wireless devices 10a to 10c are stored in the authentication data database 50 in association with an identifier (for example, EUI64 address) that uniquely identifies the wireless devices 10a to 10c.
 無線デバイス10a~10cについての証明書C11~C13は、本来であれば無線デバイス10a~10cにそれぞれ保持される。しかし、第1実施形態では、証明書C11~C13は、認証データベース50に格納され、無線デバイス10a~10cでは保持されない。これは、無線デバイス10a~10cについての証明書の管理を簡素化するためである。また、無線ネットワークN1を介した証明書C11~C13の送受信を無くすことによって、証明書C11~C13の送受信のために必要となるリソースを削減するためである。 The certificates C11 to C13 for the wireless devices 10a to 10c are originally held in the wireless devices 10a to 10c, respectively. However, in the first embodiment, the certificates C11 to C13 are stored in the authentication database 50 and are not held in the wireless devices 10a to 10c. This is to simplify the management of certificates for the wireless devices 10a to 10c. Another reason is to eliminate resources necessary for transmitting and receiving the certificates C11 to C13 by eliminating transmission and reception of the certificates C11 to C13 via the wireless network N1.
 図2は、本発明の第1実施形態で用いられるPKI(Public Key Infrastructure:公開鍵基盤)を説明するための図である。図2に示す通り、無線デバイス10a~10cについての証明書C11~C13、及びこれら証明書C11~C13を検証するために用いられる証明書C20は、認証局60に、システムマネージャ40aが発行を要求する(P11)。この要求に対して、認証局60は、システムマネージャ40aに、証明書C11~C13、証明書C20を発行する(P12)。認証局60は、システムマネージャ40aが信頼できる認証局であり、例えば、公的な認証局である。この認証局60によって発行された証明書C11~C13及び証明書C20は、認証データベース50に格納される。尚、無線デバイス10a~10cについての証明書C11~C13は、認証データベース50に格納されるとともに、無線デバイス10a~10cにそれぞれ保持されても良い。この場合には、例えば、証明書C11は、認証局60から無線デバイス10aに送信される(P13)。 FIG. 2 is a diagram for explaining a PKI (Public Key Infrastructure) used in the first embodiment of the present invention. As shown in FIG. 2, the certificates C11 to C13 for the wireless devices 10a to 10c and the certificate C20 used to verify these certificates C11 to C13 are requested to be issued by the system manager 40a to the certificate authority 60. (P11). In response to this request, the certificate authority 60 issues certificates C11 to C13 and a certificate C20 to the system manager 40a (P12). The certificate authority 60 is a certificate authority that the system manager 40a can trust, for example, a public certificate authority. The certificates C11 to C13 and certificate C20 issued by the certificate authority 60 are stored in the authentication database 50. The certificates C11 to C13 for the wireless devices 10a to 10c may be stored in the authentication database 50 and held in the wireless devices 10a to 10c, respectively. In this case, for example, the certificate C11 is transmitted from the certificate authority 60 to the wireless device 10a (P13).
 図2では図示を省略しているが、証明書C11~C13及び証明書C20にはそれぞれ異なる公開鍵が含まれる。証明書C11~C13に含まれている公開鍵に対応する秘密鍵は、無線デバイス10a~10cにそれぞれ保持される。証明書C20に含まれている公開鍵に対応する秘密鍵は、認証局60に保持されて厳重に管理される。 Although not shown in FIG. 2, the certificates C11 to C13 and the certificate C20 include different public keys. The private keys corresponding to the public keys included in the certificates C11 to C13 are held in the wireless devices 10a to 10c, respectively. The private key corresponding to the public key included in the certificate C20 is held in the certificate authority 60 and is strictly managed.
 無線ネットワークN1に対する接続要求が無線デバイス10aからあった場合には、図2に示す通り、認証データベース50に格納された証明書C11と証明書20とを用いた無線デバイス10aの認証がシステムマネージャ40aによって行われる(P14)。尚、無線ネットワークN1に対する接続要求が無線デバイス10bからあった場合には、認証データベース50に格納された証明書C12と証明書20とを用いて無線デバイス10bの認証が行われる。また、無線ネットワークN1に対する接続要求が無線デバイス10cからあった場合には、認証データベース50に格納された証明書C13と証明書20とを用いて無線デバイス10cの認証が行われる。 When a connection request for the wireless network N1 is received from the wireless device 10a, as shown in FIG. 2, the authentication of the wireless device 10a using the certificate C11 and the certificate 20 stored in the authentication database 50 is performed by the system manager 40a. (P14). When a connection request for the wireless network N1 is received from the wireless device 10b, the wireless device 10b is authenticated using the certificate C12 and the certificate 20 stored in the authentication database 50. When a connection request for the wireless network N1 is received from the wireless device 10c, the wireless device 10c is authenticated using the certificate C13 and the certificate 20 stored in the authentication database 50.
 次に、認証局60によって発行される証明書C11~C13及び証明書C20の組み込み方法について説明する。図3は、本発明の第1実施形態における証明書C11~C13の組み込み方法の一例を示す図である。プラントや工場で実現される無線ネットワークN1は、インターネット等の一般的なネットワークとは異なる。無線ネットワークN1は、無線ネットワークN1を構成する機器(無線デバイス10a~10c、無線ルータ20a,20b、及びバックボーンルータ30)の設置場所、数、種類等が綿密に計画されて設計される。このため、無線ネットワークN1の設計が終了した段階で、無線ネットワークN1に接続させる必要のある無線デバイスが確定し、その認証に必要となる証明書も確定する。 Next, a method for incorporating the certificates C11 to C13 and the certificate C20 issued by the certificate authority 60 will be described. FIG. 3 is a diagram showing an example of a method for incorporating the certificates C11 to C13 in the first embodiment of the present invention. A wireless network N1 realized in a plant or factory is different from a general network such as the Internet. The wireless network N1 is designed by carefully planning the installation location, number, type, and the like of the devices (the wireless devices 10a to 10c, the wireless routers 20a and 20b, and the backbone router 30) that constitute the wireless network N1. For this reason, when the design of the wireless network N1 is completed, a wireless device that needs to be connected to the wireless network N1 is determined, and a certificate necessary for the authentication is also determined.
 無線ネットワークN1の設計が終了すると、無線デバイスのベンダVは、認証局60に対し、無線ネットワークN1に接続させる必要のある無線デバイス10a~10cについての証明書C11~C13及び証明書C20の発行を要求する。これに対して、認証局60は、無線デバイス10a~10cについての証明書C11~C13及び証明書C20を発行する(P21)。認証局60から発行された証明書C11~C13及び証明書C20を取得すると、ベンダVは、証明書C11~C13を無線デバイス10a~10cにそれぞれ組み込む(P22)。それとともに、ベンダVは、証明書C11~C13及び証明書C20をCD-ROM又はDVD(登録商標)-ROM等のコンピュータ読み取り可能な記録媒体Mにコピーする(P23)。そして、ベンダVは、証明書の組み込みを終えた無線デバイス(図3に示す例では、無線デバイス10a)を、ユーザU(例えば、プラントや工場で認証システム1の運用を行っている者)に発送する(P24)。また、ベンダVは、証明書C11~C13及び証明書C20が記録された記録媒体Mを、ユーザUに発送する(P25)。 When the design of the wireless network N1 is completed, the vendor V of the wireless device issues a certificate C11 to C13 and a certificate C20 for the wireless devices 10a to 10c that need to be connected to the wireless network N1 to the certificate authority 60. Request. In response to this, the certificate authority 60 issues certificates C11 to C13 and a certificate C20 for the wireless devices 10a to 10c (P21). Upon obtaining the certificates C11 to C13 and the certificate C20 issued from the certificate authority 60, the vendor V incorporates the certificates C11 to C13 into the wireless devices 10a to 10c, respectively (P22). At the same time, the vendor V copies the certificates C11 to C13 and the certificate C20 to a computer-readable recording medium M such as a CD-ROM or DVD (registered trademark) -ROM (P23). Then, the vendor V transfers the wireless device (in the example shown in FIG. 3, the wireless device 10a) whose certificate has been installed to the user U (for example, a person who operates the authentication system 1 in a plant or factory). Ship (P24). The vendor V sends the recording medium M on which the certificates C11 to C13 and the certificate C20 are recorded to the user U (P25).
 ユーザUは、ベンダVから発送されてきた無線デバイス10aを、設計段階で規定された位置に設置し、ベンダVから発送されてきた記録媒体Mに記録された証明書C11~C13及び証明書C20をシステムマネージャ40aに組み込む(P26)。証明書C20は認証システム1の信頼性を保つための基礎となるデータであるため、証明書C20は、安全な方法を用いてインテグリティ(完全性)が確認され、システムマネージャ40aに組み込まれる。尚、システムマネージャ40aに組み込まれた証明書C11~C13は、無線デバイス10a~10cを一意に特定する識別子に対応付けられて認証データデース50に格納される。システムマネージャ40aに組み込まれた証明書C20は、単独で認証データデース50に格納される。このようにして、認証データベース50に対する証明書C11~C13及び証明書C20の組み込みが行われる。 The user U installs the wireless device 10a sent from the vendor V at a position defined in the design stage, and the certificates C11 to C13 and the certificate C20 recorded on the recording medium M sent from the vendor V. Is incorporated into the system manager 40a (P26). Since the certificate C20 is data serving as a basis for maintaining the reliability of the authentication system 1, the integrity (integrity) of the certificate C20 is confirmed using a secure method and is incorporated in the system manager 40a. The certificates C11 to C13 incorporated in the system manager 40a are stored in the authentication data database 50 in association with identifiers that uniquely identify the wireless devices 10a to 10c. The certificate C20 incorporated in the system manager 40a is stored alone in the authentication data database 50. In this manner, the certificates C11 to C13 and the certificate C20 are incorporated into the authentication database 50.
 ここで、ユーザUが無線ネットワークN1のネットワーク設計書NDを参照してベンダVに依頼すれば(P27)、無線ネットワークN1に接続させようとしている無線デバイスの証明書であって、認証データベース50に格納されていないものを取得することが可能である。
 また、証明書C11~C13に有効期限が設定される場合には、その有効期限が切れる前に、ユーザUがベンダVに依頼して新たな有効期限が設定された証明書C11~C13或いは証明書C20を取得すれば、認証データベース50に格納された証明書C11~C13或いは証明書C20を更新することも可能である。尚、証明書C11~C13及び証明書C20は、公開しても良いため、ユーザUがベンダVから記録媒体Mを入手する経路は適宜選択することができる。 Here, if the user U requests the vendor V with reference to the network design document ND of the wireless network N1 (P27), it is a certificate of the wireless device to be connected to the wireless network N1, and is stored in the authentication database 50. It is possible to obtain what is not stored.
In addition, when an expiration date is set for the certificates C11 to C13, the certificate C11 to C13 or a certificate in which a new expiration date is set by the user U requesting the vendor V before the expiration date is expired. If the certificate C20 is obtained, the certificates C11 to C13 or the certificate C20 stored in the authentication database 50 can be updated. Since the certificates C11 to C13 and the certificate C20 may be disclosed, the route through which the user U obtains the recording medium M from the vendor V can be selected as appropriate.
 次に、上記構成における認証システム1の動作について説明する。尚、以下では、無線ネットワークN1に接続させようとしている無線デバイスが無線デバイス10aである場合について説明する。そして、この無線デバイス10aの認証を行う場合の動作を例に挙げて説明する。ここで、認証システム1の動作は、ピギーバック(PiggyBack)方式に準じた方法で証明書が提示される際の動作(第1動作)と、匿名接続法によって証明書が提示される際の動作(第2動作)とに大別される。以下では、これら第1,第2動作について順に説明する。 Next, the operation of the authentication system 1 in the above configuration will be described. Hereinafter, the case where the wireless device to be connected to the wireless network N1 is the wireless device 10a will be described. An operation when performing authentication of the wireless device 10a will be described as an example. Here, the operation of the authentication system 1 is an operation when a certificate is presented by a method according to the PiggyBack method (first operation) and an operation when a certificate is presented by the anonymous connection method. (Second operation). Below, these 1st, 2nd operation | movement is demonstrated in order.
 〈第1動作〉
 図4は、本発明の第1実施形態による認証システム1の第1動作を示すフローチャートである。図5は、認証システム1の第1動作を示すタイミングチャートである。図4,図5に示す通り、まず無線デバイス10aを認証するために用いられる証明書を準備するオフライン時の動作が行われる(ステップS10)。次にオフライン時に準備された証明書を用いて無線デバイス10aの認証を行うオンライン時の動作が行われる(ステップS20)。 <First operation>
FIG. 4 is a flowchart showing a first operation of the authentication system 1 according to the first embodiment of the present invention. FIG. 5 is a timing chart showing the first operation of the authentication system 1. As shown in FIGS. 4 and 5, first, an offline operation for preparing a certificate used for authenticating the wireless device 10a is performed (step S10). Next, an online operation for authenticating the wireless device 10a using the certificate prepared in the offline mode is performed (step S20).
 オフライン時の動作が開始されると、まず認証局60が発行した証明書C20を取得して認証データベース50に格納する処理がシステムマネージャ40aの制御部42aで行われる(ステップS11)。例えば、図3を用いて説明した記録媒体M(ベンダVから発送された記録媒体M)に記録された証明書C20をシステムマネージャ40aの制御部42aが読み出して、認証データベース50に格納する処理が行われる。 When the offline operation is started, first, the process of acquiring the certificate C20 issued by the certificate authority 60 and storing it in the authentication database 50 is performed by the control unit 42a of the system manager 40a (step S11). For example, the control unit 42a of the system manager 40a reads the certificate C20 recorded on the recording medium M (recording medium M sent from the vendor V) described with reference to FIG. Done.
 次に、認証局60が発行した証明書C11~C13を取得し、これら証明書C11~C13の正当性を、証明書C20を用いて検証する処理がシステムマネージャ40aの制御部42aで行われる(ステップS12)。例えば、図3を用いて説明した記録媒体M(ベンダVから発送された記録媒体M)に記録された証明書C11~C13を読み出すとともに、ステップS11の処理で認証データベース50に格納した証明書C20を読み出し、証明書C11~C13の正当性を、証明書C20を用いて検証する処理がシステムマネージャ40aの制御部42aで行われる。 Next, processing for obtaining the certificates C11 to C13 issued by the certificate authority 60 and verifying the validity of these certificates C11 to C13 using the certificate C20 is performed by the control unit 42a of the system manager 40a ( Step S12). For example, the certificates C11 to C13 recorded on the recording medium M described with reference to FIG. 3 (the recording medium M shipped from the vendor V) are read, and the certificate C20 stored in the authentication database 50 in the process of step S11. The control unit 42a of the system manager 40a performs processing for verifying the validity of the certificates C11 to C13 using the certificate C20.
 次いで、証明書C11~C13が正当であるか否かがシステムマネージャ40aの制御部42aで判定される(ステップS13)。仮に、証明書C11~C13が不当であるとシステムマネージャ40aの制御部42aが判定した場合(判定結果が「NO」の場合)には、図4に示す一連の処理は終了する。これに対し、証明書C11~C13が正当であるとシステムマネージャ40aの制御部42aが判定した場合(判定結果が「YES」の場合)には、無線デバイス10a~10cを一意に特定する識別子に対応付けて証明書C11~C13を認証データベース50に格納する処理が制御部42aにより行われる(ステップS14)。以上の処理が終了すると、オフライン時の動作が終了し、オンライン時の動作が開始される。 Next, whether or not the certificates C11 to C13 are valid is determined by the control unit 42a of the system manager 40a (step S13). If the control unit 42a of the system manager 40a determines that the certificates C11 to C13 are invalid (when the determination result is “NO”), the series of processing illustrated in FIG. 4 ends. On the other hand, when the control unit 42a of the system manager 40a determines that the certificates C11 to C13 are valid (when the determination result is “YES”), the identifier uniquely identifies the wireless devices 10a to 10c. A process of storing the certificates C11 to C13 in association with each other in the authentication database 50 is performed by the control unit 42a (step S14). When the above processing is completed, the offline operation is terminated and the online operation is started.
 オンライン時の動作が開始されると、システムマネージャ40aは、制御部42aの制御に基づいて、無線ネットワークN1を介した接続要求の受信待ち状態になる(ステップS21)。かかる状態のときに、無線ネットワークN1に対する接続要求が無線デバイス10aから送信されると、この接続要求はシステムマネージャ40aの通信部41で受信される(ステップS22)。
 ここで、本来のピギーバック法であれば、接続要求とともに無線デバイス10aについての証明書が無線デバイス10aからシステムマネージャ40aに送信されるが、第1実施形態では証明書は送付されずに接続要求のみが送信される。このため、システムマネージャ22の通信部41では、無線デバイス10aの接続要求のみが受信される。 When the online operation is started, the system manager 40a waits to receive a connection request via the wireless network N1 based on the control of the control unit 42a (step S21). In this state, if a connection request for the wireless network N1 is transmitted from the wireless device 10a, the connection request is received by the communication unit 41 of the system manager 40a (step S22).
Here, if the original piggyback method is used, a certificate for the wireless device 10a is transmitted from the wireless device 10a to the system manager 40a together with the connection request. In the first embodiment, the connection request is made without sending the certificate. Only sent. For this reason, the communication unit 41 of the system manager 22 receives only the connection request for the wireless device 10a.
 無線デバイス10aからの接続要求を通信部41が受信すると、システムマネージャ40aの制御部42aは、無線デバイス10aの識別子に対応付けられた証明書C11を認証データベース50から読み出す(ステップS23)。尚、認証データベース50を検索する際に用いられる無線デバイス10aの識別子は、接続要求に付随して無線デバイス10aから送信される。 When the communication unit 41 receives a connection request from the wireless device 10a, the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23). The identifier of the wireless device 10a used when searching the authentication database 50 is transmitted from the wireless device 10a along with the connection request.
 無線デバイス10aについての証明書C11を制御部42aが読み出すと、システムマネージャ40aの認証部43は、チャレンジ・レスポンス方式により無線デバイス10aとの間でデータ(メッセージ)の送受信を行って無線デバイス10aの認証を行う(ステップS24)。
 具体的には、まず、システムマネージャ40aの認証部43が、ステップS23で認証データベース50から読み出した証明書C11に含まれる公開鍵を用いて特殊なメッセージを暗号化し、この暗号化したメッセージを、通信部41が、無線ネットワークN1を介して無線デバイス10aに対して送信する(チャレンジ)。 When the control unit 42a reads the certificate C11 for the wireless device 10a, the authentication unit 43 of the system manager 40a transmits / receives data (message) to / from the wireless device 10a by the challenge / response method. Authentication is performed (step S24).
Specifically, first, the authentication unit 43 of the system manager 40a encrypts a special message using the public key included in the certificate C11 read from the authentication database 50 in step S23, and the encrypted message is The communication unit 41 transmits the wireless device 10a via the wireless network N1 (challenge).
 システムマネージャ40aの通信部41から送信されたメッセージを受信すると、無線デバイス10aは、自身が保持している秘密鍵を用いてメッセージを復号する。尚、システムマネージャ40aからのメッセージは、無線デバイス10aについての証明書C11に含まれる公開鍵を用いて暗号化されているため、無線デバイス10aに保持されている秘密鍵のみで復号することができる。 When receiving the message transmitted from the communication unit 41 of the system manager 40a, the wireless device 10a decrypts the message using the private key held by itself. Since the message from the system manager 40a is encrypted using the public key included in the certificate C11 for the wireless device 10a, it can be decrypted only with the private key held in the wireless device 10a. .
 システムマネージャ40aからのメッセージを復号すると、無線デバイス10aは、復号したメッセージをセキュアな方法でシステムマネージャ40aに提示する(レスポンス)。
 例えば、無線デバイス10aは、システムマネージャ40aの公開鍵を用いてメッセージ(復号したメッセージ)を暗号化し、暗号化したメッセージをシステムマネージャ40aに向けて送信する。 When the message from the system manager 40a is decrypted, the wireless device 10a presents the decrypted message to the system manager 40a in a secure manner (response).
For example, the wireless device 10a encrypts a message (decrypted message) using the public key of the system manager 40a, and transmits the encrypted message to the system manager 40a.
 尚、無線デバイス10aからシステムマネージャ40aに送信されたメッセージは、システムマネージャ40aに保持されて管理されている秘密鍵のみで復号することができる。そのため、無線デバイス10aは、復号したメッセージをセキュアな方法でシステムマネージャ40aに提示することができる。或いは、無線デバイス10aが、復号したメッセージの一部を対象鍵とみなし、その鍵によって、復号したメッセージ又はメッセージの一部を暗号処理することで、セキュアな方法でシステムマネージャ40aに提示することができる。 Note that the message transmitted from the wireless device 10a to the system manager 40a can be decrypted only with the private key held and managed by the system manager 40a. Therefore, the wireless device 10a can present the decrypted message to the system manager 40a in a secure manner. Alternatively, the wireless device 10a regards a part of the decrypted message as a target key and encrypts the decrypted message or a part of the message with the key, thereby presenting the decrypted message or the message part to the system manager 40a in a secure manner. it can.
 無線デバイス10aから提示されたメッセージを通信部41が受信すると、システムマネージャ40aの認証部43は、無線デバイス10aに送信したメッセージの内容から無線デバイス10aの認証に成功したか否かを判定する(ステップS25)。具体的には、無線デバイス10aに送信したメッセージと無線デバイス10aから提示されたメッセージとが事前に定義された一定の検証ルールに従って一致するか否かによって、無線デバイス10aの認証に成功したか否かを認証部43は判定する。 When the communication unit 41 receives the message presented from the wireless device 10a, the authentication unit 43 of the system manager 40a determines whether or not the authentication of the wireless device 10a is successful from the content of the message transmitted to the wireless device 10a ( Step S25). Specifically, whether or not the wireless device 10a has been successfully authenticated depends on whether or not the message transmitted to the wireless device 10a matches the message presented from the wireless device 10a according to a predetermined verification rule. The authentication unit 43 determines whether or not.
 認証に成功したと認証部43が判定した場合(ステップS25の判定結果が「YES」の場合)には、システムマネージャ40aの制御部42aは、無線デバイス10aからの接続要求を受け入れ、通信部41は、認証に成功した旨を示す認証結果を無線デバイス10aに通知する(ステップS26)。以上の処理によって、無線デバイス10aは、正規に無線ネットワークN1に接続され、システムマネージャ40aの管理の下で無線ネットワークN1を介した通信が可能になる。 When the authentication unit 43 determines that the authentication is successful (when the determination result of step S25 is “YES”), the control unit 42a of the system manager 40a accepts a connection request from the wireless device 10a, and the communication unit 41 Notifies the wireless device 10a of an authentication result indicating that the authentication is successful (step S26). Through the above processing, the wireless device 10a is normally connected to the wireless network N1, and communication via the wireless network N1 becomes possible under the management of the system manager 40a.
 これに対し、認証に失敗したと認証部43が判定した場合(ステップS25の判定結果が「NO」の場合)には、システムマネージャ40aの制御部42aは、無線デバイス10aからの接続要求を拒否し、通信部41は、認証に失敗した旨を示す認証結果を無線デバイス10aに通知する(ステップS27)。
 以上の処理によって、無線デバイス10aの無線ネットワークN1に対する接続要求は拒否されるため、無線デバイス10aは、無線ネットワークN1に接続されず、無線ネットワークN1を介した通信を行うことができない。 On the other hand, when the authentication unit 43 determines that the authentication has failed (when the determination result of step S25 is “NO”), the control unit 42a of the system manager 40a rejects the connection request from the wireless device 10a. Then, the communication unit 41 notifies the wireless device 10a of an authentication result indicating that the authentication has failed (step S27).
Through the above processing, since the connection request to the wireless network N1 of the wireless device 10a is rejected, the wireless device 10a is not connected to the wireless network N1 and cannot communicate via the wireless network N1.
 〈第2動作〉
 図6は、本発明の第1実施形態による認証システム1の第2動作を示すフローチャートである。図7は、認証システム1の第2動作を示すタイミングチャートである。尚、図6,図7においては、図4,図5に示した処理と同様の処理が行われるステップには同一の符号を付してある。図6,図7に示す通り、第2動作においても、最初にオフライン時の動作が行われ(ステップS10)、続いてオンライン時の動作が行われる(ステップS20)。但し、第2動作におけるオフライン時の動作は第1動作におけるオフライン時の動作と同様であるため、以下ではオフライン時の動作の説明を省略し、オンライン時の動作についてのみ説明する。 <Second operation>
FIG. 6 is a flowchart showing a second operation of the authentication system 1 according to the first embodiment of the present invention. FIG. 7 is a timing chart showing the second operation of the authentication system 1. 6 and 7, the same reference numerals are given to steps in which the same processes as those shown in FIGS. 4 and 5 are performed. As shown in FIGS. 6 and 7, even in the second operation, an offline operation is first performed (step S10), and then an online operation is performed (step S20). However, since the offline operation in the second operation is the same as the offline operation in the first operation, description of the offline operation is omitted below, and only the online operation is described.
 オンライン時の動作が開始されると、システムマネージャ40aは、制御部42aの制御に基づいて、無線ネットワークN1を介した接続要求の受信待ち状態になる(ステップS21)。かかる状態のときに、無線ネットワークN1に対する匿名接続要求が無線デバイス10aから送信されると、この匿名接続要求はシステムマネージャ40aの通信部41で受信されて受け入れられ、制御部42aの制御に基づいて、無線デバイス10aとシステムマネージャ40aとの間で匿名接続が確立される(ステップS31)。尚、ここでは、従来の匿名接続法と同様に、無線デバイス10aからシステムマネージャ40aに対する証明書の送付は行われない。 When the online operation starts, the system manager 40a waits to receive a connection request via the wireless network N1 based on the control of the control unit 42a (step S21). In this state, when an anonymous connection request for the wireless network N1 is transmitted from the wireless device 10a, the anonymous connection request is received and accepted by the communication unit 41 of the system manager 40a, and based on the control of the control unit 42a. An anonymous connection is established between the wireless device 10a and the system manager 40a (step S31). Here, as in the conventional anonymous connection method, the certificate is not sent from the wireless device 10a to the system manager 40a.
 無線デバイス10aとの間の匿名接続が制御部42aにより確立されると、システムマネージャ40aの制御部42aは、無線デバイス10aの識別子に対応付けられた証明書C11を認証データベース50から読み出す(ステップS23)。尚、認証データベース50を検索する際に用いられる無線デバイス10aの識別子は、匿名接続要求に付随して無線デバイス10aから送信され、通信部41により受信される。 When the anonymous connection with the wireless device 10a is established by the control unit 42a, the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23). ). Note that the identifier of the wireless device 10 a used when searching the authentication database 50 is transmitted from the wireless device 10 a accompanying the anonymous connection request and received by the communication unit 41.
 無線デバイス10aについての証明書C11を制御部42aが読み出すと、システムマネージャ40aの制御部42aは、チャレンジ・レスポンス方式により無線デバイス10aとの間でデータ(メッセージ)の送受信を通信部41を介して行って、無線デバイス10aの認証を認証部43により行う(ステップS24)。尚、チャレンジ・レスポンス方式による無線デバイス10aの認証は、第1動作と同様の処理により行われるため、ここでの詳細な説明は省略する。 When the control unit 42a reads the certificate C11 for the wireless device 10a, the control unit 42a of the system manager 40a transmits / receives data (message) to / from the wireless device 10a via the communication unit 41 by the challenge / response method. Then, the authentication of the wireless device 10a is performed by the authentication unit 43 (step S24). Note that the authentication of the wireless device 10a by the challenge / response method is performed by the same processing as the first operation, and thus detailed description thereof is omitted.
 次いで、システムマネージャ40aは、無線デバイス10aの認証に成功したか否かを認証部43は判定する(ステップS25)。認証に成功したと認証部43が判定した場合(判定結果が「YES」の場合)には、システムマネージャ40aの制御部42aは、無線デバイス10aとの間で確立されている匿名接続を正規な接続に切り替える処理を行う(ステップS32)。以上の処理によって、無線デバイス10aは、正規に無線ネットワークN1に接続され、システムマネージャ40aの管理の下で無線ネットワークN1を介した通信が可能になる。 Next, the system manager 40a determines whether or not the authentication of the wireless device 10a is successful (Step S25). When the authentication unit 43 determines that the authentication is successful (when the determination result is “YES”), the control unit 42a of the system manager 40a authenticates the anonymous connection established with the wireless device 10a. Processing for switching to connection is performed (step S32). Through the above processing, the wireless device 10a is normally connected to the wireless network N1, and communication via the wireless network N1 becomes possible under the management of the system manager 40a.
 これに対し、認証に失敗したと認証部43が判定した場合(ステップS25の判定結果が「NO」の場合)には、システムマネージャ40aの制御部42aは、無線デバイス10aとの間の匿名接続を切断する処理を行う(ステップS33)。以上の処理によって、無線デバイス10aは無線ネットワークN1から切り離されるため、無線ネットワークN1を介した通信を行うことができなくなる。 On the other hand, when the authentication unit 43 determines that the authentication has failed (when the determination result of step S25 is “NO”), the control unit 42a of the system manager 40a performs an anonymous connection with the wireless device 10a. The process which cut | disconnects is performed (step S33). As a result of the above processing, the wireless device 10a is disconnected from the wireless network N1, and therefore cannot communicate via the wireless network N1.
 以上説明した通り、第1実施形態では、無線デバイス10a~10cについての証明書C11~C13(証明書C20を用いて検証されたもの)を格納する認証データベース50を設ける。そして、無線デバイス10aからの接続要求又は匿名接続要求を通信部41が受信した場合には、システムマネージャ40aの制御部42aが、無線デバイス10aについての証明書C11を認証データベース50から読み出して、認証部43が無線デバイス10aの認証を行う。 As described above, in the first embodiment, the authentication database 50 for storing the certificates C11 to C13 (verified using the certificate C20) for the wireless devices 10a to 10c is provided. When the communication unit 41 receives a connection request or an anonymous connection request from the wireless device 10a, the control unit 42a of the system manager 40a reads the certificate C11 for the wireless device 10a from the authentication database 50 and performs authentication. The unit 43 authenticates the wireless device 10a.
 これにより、無線デバイス10a~10cについての証明書C11~C13の管理は、認証データベース50に格納されたものについて行えば良く、無線デバイス10a~10cに保持されるものについては行う必要がなくなる。そのため、証明書C11~C13の管理を簡素化することができる。また、前述した第1,第2動作の何れの動作が行われる場合であっても、無線ネットワークN1を介して証明書C11~C13が送受信されることが無くなる。そのため、証明書C11~C13の送受信に要するリソースを削減することができる。 Thereby, the management of the certificates C11 to C13 for the wireless devices 10a to 10c may be performed for those stored in the authentication database 50, and it is not necessary to perform the management for those held in the wireless devices 10a to 10c. Therefore, management of the certificates C11 to C13 can be simplified. In addition, regardless of which of the first and second operations described above, certificates C11 to C13 are not transmitted / received via the wireless network N1. Therefore, it is possible to reduce resources required for transmitting / receiving the certificates C11 to C13.
〔第2実施形態〕
 図8は、本発明の第2実施形態による認証システム2の全体構成を示すブロック図である。尚、図8においては、図1に示した構成と同様の構成については同一の符号を付してある。図8に示す通り、第2実施形態の認証システム2は、認証データベース50に格納されている証明書を提供する認証サーバ70(サーバ装置)を設け、システムマネージャ40bと認証サーバ70とをLAN(Local Area Network)等のネットワークN3で接続した構成である。
 第2実施形態では、システムマネージャ40bは、第1実施形態のシステムマネージャ40aと異なり、制御部42aの代わりに制御部42bを備える。 [Second Embodiment]
FIG. 8 is a block diagram showing the overall configuration of the authentication system 2 according to the second embodiment of the present invention. In FIG. 8, the same components as those shown in FIG. 1 are denoted by the same reference numerals. As shown in FIG. 8, the authentication system 2 of the second embodiment includes an authentication server 70 (server device) that provides a certificate stored in the authentication database 50, and connects the system manager 40b and the authentication server 70 to a LAN ( In this configuration, the network N3 such as a Local Area Network is connected.
In the second embodiment, unlike the system manager 40a of the first embodiment, the system manager 40b includes a control unit 42b instead of the control unit 42a.
 前述した第1実施形態の認証システム1では、システムマネージャ40aが認証データベース50に直接接続されており、システムマネージャ40aが、認証データベース50からの証明書C11~C13の読み出しを行っていた。これに対し、第2実施形態の認証システム2では、システムマネージャ40bの制御部42bは、認証サーバ70に対して証明書C11~C13の読み出し要求を行い、要求に応じた証明書C11~C13が認証サーバ70によって制御部42bに提供される。尚、システムマネージャ40bが、証明書C11~C13の読み出し要求を行う場合には、無線デバイス10a~10cを一意に特定する識別子を認証サーバ70に提供する必要がある。 In the authentication system 1 of the first embodiment described above, the system manager 40a is directly connected to the authentication database 50, and the system manager 40a reads the certificates C11 to C13 from the authentication database 50. On the other hand, in the authentication system 2 of the second embodiment, the control unit 42b of the system manager 40b makes a read request for the certificates C11 to C13 to the authentication server 70, and the certificates C11 to C13 according to the request are received. The authentication server 70 provides the control unit 42b. When the system manager 40b makes a read request for the certificates C11 to C13, it is necessary to provide the authentication server 70 with an identifier that uniquely identifies the wireless devices 10a to 10c.
 以上の通り、第2実施形態では、認証データベース50に格納されている証明書を提供する認証サーバ70を設けているため、システムマネージャ40bの負荷を低減することができる。尚、図8では、1つの認証サーバ70がネットワークN3を介してシステムマネージャ40bに接続されている構成を例示しているが、複数の認証サーバ70がネットワークN3を介してシステムマネージャ40bに接続されている構成であっても良い。また、認証サーバ70は、バックボーンネットワークN2を介してシステムマネージャ40bに接続されていても良い。 As described above, in the second embodiment, since the authentication server 70 that provides the certificate stored in the authentication database 50 is provided, the load on the system manager 40b can be reduced. 8 illustrates a configuration in which one authentication server 70 is connected to the system manager 40b via the network N3, but a plurality of authentication servers 70 are connected to the system manager 40b via the network N3. It may be a configuration. Further, the authentication server 70 may be connected to the system manager 40b via the backbone network N2.
〔第3実施形態〕
 次に、本発明の第3実施形態について説明する。前述した第1及び第2実施形態では、システムマネージャ40a及び40bが信頼できる認証局60(例えば、公的な認証局)が発行した証明書C11~C13及び証明書C20を用いて無線デバイス10a~10cの認証を行っていた。これに対し、第3実施形態では、ユーザUが独自に構築した認証局が発行した証明書を用いて無線デバイス10a~10cの認証を行う(P33)。
 第3実施形態では、システムマネージャ40cは、第1実施形態のシステムマネージャ40aと異なり、制御部42aの代わりに制御部42cを備える。 [Third Embodiment]
Next, a third embodiment of the present invention will be described. In the first and second embodiments described above, the wireless devices 10a to 10 using the certificates C11 to C13 and the certificate C20 issued by the certificate authority 60 (for example, a public certificate authority) that can be trusted by the system managers 40a and 40b. 10c authentication was performed. On the other hand, in the third embodiment, the wireless devices 10a to 10c are authenticated using a certificate issued by a certificate authority uniquely constructed by the user U (P33).
In the third embodiment, unlike the system manager 40a of the first embodiment, the system manager 40c includes a control unit 42c instead of the control unit 42a.
 図9は、本発明の第3実施形態で用いられるPKIを説明するための図である。図9に示す通り、第3実施形態では、ユーザUが独自に構築した認証局である認証局サーバ装置80が設けられる。この認証局サーバ装置80は、無線デバイス10a~10cの認証を行うために用いられる証明書C31~C33(第1証明書)、及びこれらの証明書C31~C33を検証するために用いられる証明書C20を発行する(P32)。尚、認証局サーバ装置80は、例えば図8に示す認証システム2に設けられるネットワークN3に接続されていても良いが、セキュリティを向上させるために認証システム2とは分離されても良い。 FIG. 9 is a diagram for explaining the PKI used in the third embodiment of the present invention. As shown in FIG. 9, in the third embodiment, a certificate authority server device 80 that is a certificate authority uniquely constructed by the user U is provided. The certificate authority server apparatus 80 includes certificates C31 to C33 (first certificate) used for authenticating the wireless devices 10a to 10c, and certificates used to verify these certificates C31 to C33. C20 is issued (P32). The certificate authority server device 80 may be connected to the network N3 provided in the authentication system 2 shown in FIG. 8, for example, but may be separated from the authentication system 2 in order to improve security.
 認証局サーバ装置80が新たに発行した証明書C31~C33及び証明書C20は、認証データベース50に格納され、システムマネージャ40cによって証明書C31~C33及び証明書C20を用いた無線デバイス10a~10cの認証が行われる。しかしながら、無線デバイス10a~10cに格納された秘密鍵を更新することは容易ではない。 The certificates C31 to C33 and certificate C20 newly issued by the certificate authority server apparatus 80 are stored in the authentication database 50, and the wireless devices 10a to 10c using the certificates C31 to C33 and the certificate C20 are stored by the system manager 40c. Authentication is performed. However, it is not easy to update the secret key stored in the wireless devices 10a to 10c.
 そこで、図9に示す通り、システムマネージャ40cが認証データベース50から、例えば無線デバイス10aに対応した証明書C11を、制御部42cが取り出し、そこに含まれる公開鍵を提示して認証局サーバ装置80に署名要求を行う(P31)。このような認証局サーバ装置80を設ければ、ユーザUが独自に構築した認証局を用いて、これまでに述べたようなPKIを用いた無線デバイスの認証が可能となる。また、こうして生成した証明書C31を無線デバイス10aにシステムマネージャ40cを介して組み込んでも良い。尚、無線デバイス10a~10cが、秘密鍵を設定するインターフェイスを提供している場合、図3のベンダVが行ったように認証局サーバ装置80が秘密鍵とペアになる公開鍵を含む証明書を生成し、システムマネージャ40cを介して、それらを組み込んでも良い。 Therefore, as shown in FIG. 9, the system manager 40c retrieves, for example, the certificate C11 corresponding to the wireless device 10a from the authentication database 50, the control unit 42c presents the public key included therein, and presents the certificate authority server device 80. A signature request is made (P31). If such a certificate authority server device 80 is provided, it is possible to authenticate a wireless device using PKI as described above using a certificate authority uniquely constructed by the user U. Further, the certificate C31 generated in this way may be incorporated into the wireless device 10a via the system manager 40c. When the wireless devices 10a to 10c provide an interface for setting a secret key, the certificate including the public key that the certificate authority server device 80 pairs with the secret key as performed by the vendor V in FIG. May be generated and incorporated via the system manager 40c.
〔第4実施形態〕
 次に、本発明の第4実施形態について説明する。前述した第1及び第2実施形態では、システムマネージャ40a及び40bが認証データベース50に格納された証明書C11~C13を用いて無線デバイス10a~10cの認証を行っていた。第4実施形態では、無線デバイス10a~10cの認証を行うための証明書C11~C13が認証データベース50に格納されていない場合にも、無線デバイス10a~10cに保持されている証明書C11~C13を取得することにより、無線デバイス10a~10cの認証を可能とする(フォールバック)。
 なお、第4実施形態の認証システムの構成については、図1に示される第1実施形態の認証システム1の構成と同様であるため、それらの構成を引用して説明する。 [Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described. In the first and second embodiments described above, the system managers 40a and 40b authenticate the wireless devices 10a to 10c using the certificates C11 to C13 stored in the authentication database 50. In the fourth embodiment, the certificates C11 to C13 held in the wireless devices 10a to 10c even when the certificates C11 to C13 for authenticating the wireless devices 10a to 10c are not stored in the authentication database 50. By acquiring, the wireless devices 10a to 10c can be authenticated (fallback).
The configuration of the authentication system of the fourth embodiment is the same as the configuration of the authentication system 1 of the first embodiment shown in FIG.
 このため、第4実施形態では、有効期限が経過していない証明書C11~C13が無線デバイス10a~10cに保持されていることが前提となる。尚、第4実施形態による認証システムの全体構成は、図1に示す第1実施形態による認証システム1或いは図8に示す第2実施形態による認証システム2と同様である。 Therefore, in the fourth embodiment, it is assumed that the certificates C11 to C13 whose expiration date has not passed are held in the wireless devices 10a to 10c. The overall configuration of the authentication system according to the fourth embodiment is the same as that of the authentication system 1 according to the first embodiment shown in FIG. 1 or the authentication system 2 according to the second embodiment shown in FIG.
 図10は、本発明の第4実施形態による認証システムの動作を示すフローチャートである。この図10に示すフローチャートは、図6に示すフローチャートと同様に、匿名接続法によって証明書が提示される際の動作(第2動作)を示す。尚、図10においては、オフライン時の動作(ステップS10)を省略し、オンライン時の動作(ステップS20)のみを図示している。尚、図10においては、図6に示した処理と同様の処理が行われるステップには同一の符号を付してある。 FIG. 10 is a flowchart showing the operation of the authentication system according to the fourth embodiment of the present invention. The flowchart shown in FIG. 10 shows an operation (second operation) when a certificate is presented by the anonymous connection method, similarly to the flowchart shown in FIG. In FIG. 10, the offline operation (step S10) is omitted, and only the online operation (step S20) is shown. In FIG. 10, steps in which the same processing as that shown in FIG. 6 is performed are denoted by the same reference numerals.
 オンライン時の動作が開始されると、システムマネージャ40aは、制御部42aの制御に基づいて、第1実施形態における第2動作と同様に、無線ネットワークN1を介した接続要求の受信待ち状態になる(ステップS21)。かかる状態のときに、無線ネットワークN1に対する匿名接続要求が無線デバイス10aから送信されると、この匿名接続要求はシステムマネージャ40aの通信部41で受信されて受け入れられ、制御部42aは、無線デバイス10aとシステムマネージャ40aとの間で匿名接続を確立する(ステップS31)。尚、ここでは、従来の匿名接続法と同様に、無線デバイス10aからシステムマネージャ40aに対する証明書の送付は行われない。 When the online operation is started, the system manager 40a enters a state of waiting for reception of a connection request via the wireless network N1, as in the second operation in the first embodiment, based on the control of the control unit 42a. (Step S21). In this state, when an anonymous connection request for the wireless network N1 is transmitted from the wireless device 10a, the anonymous connection request is received and accepted by the communication unit 41 of the system manager 40a, and the control unit 42a receives the wireless device 10a. An anonymous connection is established between the system manager 40a and the system manager 40a (step S31). Here, as in the conventional anonymous connection method, the certificate is not sent from the wireless device 10a to the system manager 40a.
 無線デバイス10aとの間の匿名接続が確立されると、システムマネージャ40aの制御部42aは、無線デバイス10aの識別子に対応付けられた証明書C11を認証データベース50から読み出す(ステップS23)。尚、認証データベース50を検索する際に用いられる無線デバイス10aの識別子は、匿名接続要求に付随して無線デバイス10aから送信され、通信部41で受信される。 When the anonymous connection with the wireless device 10a is established, the control unit 42a of the system manager 40a reads the certificate C11 associated with the identifier of the wireless device 10a from the authentication database 50 (step S23). The identifier of the wireless device 10a used when searching the authentication database 50 is transmitted from the wireless device 10a along with the anonymous connection request and received by the communication unit 41.
 次に、システムマネージャ40aの制御部42aは、認証データベース50からの証明書C11の読み出しに成功したか否かを判定する(ステップS41)。証明書C11の読み出しに成功したと制御部42aが判定した場合(判定結果が「YES」の場合)には、システムマネージャ40aの認証部43は、第1実施形態と同様に、チャレンジ・レスポンス方式により無線デバイス10aの認証を行う(ステップS24)。 Next, the control unit 42a of the system manager 40a determines whether or not the certificate C11 has been successfully read from the authentication database 50 (step S41). When the control unit 42a determines that the certificate C11 has been successfully read (when the determination result is “YES”), the authentication unit 43 of the system manager 40a performs the challenge / response method as in the first embodiment. Thus, the wireless device 10a is authenticated (step S24).
 これに対し、証明書C11の読み出しに失敗したと制御部42aが判定した場合(判定結果が「NO」の場合)には、システムマネージャ40aの認証部43は、無線デバイス10aに対して証明書C11の送信要求を通信部41を介して行い、通信部41は、無線デバイス10aから証明書C11を取得する(ステップS42)。
 そして、無線デバイス10aから取得した証明書C11に含まれる公開鍵を用いて、チャレンジ・レスポンス方式により無線デバイス10aの認証を認証部43は行う(ステップS24)。 On the other hand, when the control unit 42a determines that the reading of the certificate C11 has failed (when the determination result is “NO”), the authentication unit 43 of the system manager 40a sends the certificate to the wireless device 10a. A transmission request for C11 is made via the communication unit 41, and the communication unit 41 obtains the certificate C11 from the wireless device 10a (step S42).
Then, using the public key included in the certificate C11 acquired from the wireless device 10a, the authentication unit 43 authenticates the wireless device 10a by the challenge / response method (step S24).
 尚、無線デバイス10aの認証に認証部43が成功した場合には、第1実施形態と同様に、無線デバイス10aとの間で確立されている匿名接続を正規な接続に切り替える処理がシステムマネージャ40aの制御部42aによって行われる(ステップS32)。また、無線デバイス10aの認証に認証部43が失敗した場合には、第1実施形態と同様に、無線デバイス10aとの間の匿名接続を切断する処理がシステムマネージャ40aの制御部42aによって行われる(ステップS33)。 If the authentication unit 43 succeeds in authenticating the wireless device 10a, the system manager 40a performs a process of switching the anonymous connection established with the wireless device 10a to a regular connection as in the first embodiment. Is performed by the controller 42a (step S32). If the authentication unit 43 fails to authenticate the wireless device 10a, the control unit 42a of the system manager 40a performs processing for disconnecting the anonymous connection with the wireless device 10a, as in the first embodiment. (Step S33).
 以上説明した通り、第4実施形態では、無線デバイス10a~10cについての証明書C11~C13が認証データベース50に格納されていない場合には、無線デバイス10a~10cに保持された証明書C11~C13を取得して無線デバイス10a~10cの認証を認証部43が行う。このため、例えば認証データベース50に障害が生じた場合であっても、従来と同じ方法で無線デバイス10a~10cを無線ネットワークN1に接続させることができる。 As described above, in the fourth embodiment, when the certificates C11 to C13 for the wireless devices 10a to 10c are not stored in the authentication database 50, the certificates C11 to C13 held in the wireless devices 10a to 10c are stored. And the authentication unit 43 authenticates the wireless devices 10a to 10c. Therefore, for example, even when a failure occurs in the authentication database 50, the wireless devices 10a to 10c can be connected to the wireless network N1 by the same method as before.
 以上、本発明の第1~第4実施形態による認証システム、管理装置及び認証方法について説明したが、本発明は上述した第1~第4実施形態に制限されることなく、本発明の範囲内で自由に変更が可能である。例えば、上記第1~第4実施形態では、オフライン時(図4,図6中のステップS10)において、無線デバイス10a~10cの認証に用いられる証明書C11~C13を、証明書C20を用いて予め検証し、検証されたもののみを認証データベース50に格納するようにしていた。しかしながら、オフライン時における証明書C11~C13の検証(証明書C20を用いた検証)は行わず、オンライン時に無線デバイス10a~10cからの接続要求又は匿名接続要求を通信部41が受信したときに上記の検証を行うようにしても良い。 The authentication system, the management apparatus, and the authentication method according to the first to fourth embodiments of the present invention have been described above. However, the present invention is not limited to the first to fourth embodiments described above, and is within the scope of the present invention. Can be changed freely. For example, in the first to fourth embodiments, the certificates C11 to C13 used for authentication of the wireless devices 10a to 10c are used using the certificate C20 when offline (step S10 in FIGS. 4 and 6). It was verified in advance and only the verified data was stored in the authentication database 50. However, the verification of the certificates C11 to C13 when offline (verification using the certificate C20) is not performed, and when the communication unit 41 receives a connection request or an anonymous connection request from the wireless devices 10a to 10c while online, The verification may be performed.
 また、上記第1~第4実施形態では、バックボーンルータ30とシステムマネージャ40a、40b、40cとが別々に設けられる態様について説明したが、本発明は、バックボーンルータ30とシステムマネージャ40a、40b、40cとが一体化されている態様であっても良い。かかる態様の場合には、バックボーンネットワークN2を省略することができる。また、上記第1~第4実施形態では、無線ネットワークN1に接続される無線デバイス10a~10cを認証する例について説明したが、本発明は有線のネットワークに接続される通信デバイスの認証にも適用することができる。 In the first to fourth embodiments, the aspect in which the backbone router 30 and the system managers 40a, 40b, and 40c are separately provided has been described. However, the present invention is directed to the backbone router 30 and the system managers 40a, 40b, and 40c. And may be integrated. In such a case, the backbone network N2 can be omitted. In the first to fourth embodiments, examples of authenticating the wireless devices 10a to 10c connected to the wireless network N1 have been described. However, the present invention is also applicable to authentication of communication devices connected to a wired network. can do.
 本発明は、通信デバイスの認証に用いられる証明書の管理を簡素化することが要求されるとともに、証明書の送受信に要するリソースを削減することが要求される認証システム、管理装置及び認証方法などに適用することができる。 The present invention requires an authentication system, a management apparatus, an authentication method, and the like that are required to simplify the management of a certificate used for authentication of a communication device, and to reduce the resources required for transmitting and receiving the certificate. Can be applied to.
 1,2  認証システム
 10a~10c  無線デバイス
 40a、40b、40c  システムマネージャ
 41  通信部
 42a、42b、42c  制御部
 43  認証部
 50  認証データベース
 70  認証サーバ
 80  認証局サーバ装置
 C11~C13  証明書
 C20  証明書
 C31~C33  証明書
 N1  無線ネットワーク
 N3  ネットワーク DESCRIPTION OF SYMBOLS 1, 2 Authentication system 10a- 10c Wireless device 40a, 40b, 40c System manager 41 Communication part 42a, 42b, 42c Control part 43 Authentication part 50 Authentication database 70 Authentication server 80 Certification authority server apparatus C11-C13 Certificate C20 Certificate C31 ~ C33 Certificate N1 Wireless network N3 network

Claims (20)

  1.  第1ネットワークに接続される通信デバイスを認証するために用いられる第1証明書を格納するデータベースと、
     前記通信デバイスからの接続要求があった場合に、前記接続要求を行った前記通信デバイスを認証するための第1証明書を前記データベースから読み出し、第1証明書を用いて、前記接続要求を行った前記通信デバイスの認証を行う管理装置と、
     を備える認証システム。     A database storing a first certificate used to authenticate a communication device connected to the first network;
    When there is a connection request from the communication device, a first certificate for authenticating the communication device that has made the connection request is read from the database, and the connection request is made using the first certificate. A management device for authenticating the communication device;
    An authentication system comprising:
  2.  前記データベースに格納される前記第1証明書は、前記第1証明書を検証するための第2証明書を用いて検証される請求項1記載の認証システム。 The authentication system according to claim 1, wherein the first certificate stored in the database is verified using a second certificate for verifying the first certificate.
  3.  前記第1ネットワークとは異なる第2ネットワークを介して前記管理装置に接続され、前記データベースに格納された情報を提供するサーバ装置を更に備え、
     前記管理装置は、前記サーバ装置から前記データベースに格納された前記第1証明書を取得する請求項1記載の認証システム。     A server device connected to the management device via a second network different from the first network, and providing information stored in the database;
    The authentication system according to claim 1, wherein the management device acquires the first certificate stored in the database from the server device.
  4.  前記データベースに格納される前記第1証明書を発行する認証局サーバ装置を更に備える請求項1記載の認証システム。 The authentication system according to claim 1, further comprising a certificate authority server device that issues the first certificate stored in the database.
  5.  前記通信デバイスには、前記第1証明書が付与されており、
     前記管理装置は、前記接続要求を行った前記通信デバイスを認証するための前記第1証明書が前記データベースに格納されていない場合には、前記接続要求を行った前記通信デバイスに付与されている前記第1証明書を取得して、前記接続要求を行った前記通信デバイスの認証を行う請求項1記載の認証システム。     The communication device is provided with the first certificate,
    If the first certificate for authenticating the communication device that has made the connection request is not stored in the database, the management apparatus is assigned to the communication device that has made the connection request The authentication system according to claim 1, wherein the first certificate is acquired and the communication device that has made the connection request is authenticated.
  6.  前記第1ネットワークは、無線ネットワークであり、
     前記第2ネットワークは、前記第1ネットワークよりも通信帯域が広い請求項1記載の認証システム。     The first network is a wireless network;
    The authentication system according to claim 1, wherein the second network has a wider communication band than the first network.
  7.  前記データベースは、前記第1証明書と、前記通信デバイスを一意に特定する識別子とを対応付けて格納し、
     前記管理装置は、
     前記通信デバイスから、前記接続要求と、前記通信デバイスを一意に特定する識別子とを受信する通信部と、
     前記通信部が受信した前記識別子に対応付けられた前記第1証明書を、前記データベースから読み出す制御部と、
     前記制御部が読み出した前記第1証明書を用いて前記接続要求を行った前記通信デバイスの認証を行う制御部と、
     を備える請求項1記載の認証システム。     The database stores the first certificate and an identifier that uniquely identifies the communication device in association with each other,
    The management device
    A communication unit that receives from the communication device the connection request and an identifier that uniquely identifies the communication device;
    A control unit for reading out the first certificate associated with the identifier received by the communication unit from the database;
    A controller that authenticates the communication device that has made the connection request using the first certificate read by the controller;
    The authentication system according to claim 1, further comprising:
  8.  前記認証部は、前記第1証明書に含まれる第1公開鍵を用いて第1メッセージを暗号化し、
     前記通信部は、前記認証部が暗号化した前記第1メッセージを、前記通信デバイスに送信し、
     前記通信部は、第2公開鍵を用いて暗号化された第2メッセージを、前記通信デバイスから受信し、
     前記認証部は、前記第2メッセージを、秘密鍵を用いて復号し、前記第1メッセージと前記第2メッセージとが一致するか否かに基づいて、前記通信デバイスの認証を行う
     請求項7記載の認証システム。     The authentication unit encrypts the first message using a first public key included in the first certificate,
    The communication unit transmits the first message encrypted by the authentication unit to the communication device,
    The communication unit receives a second message encrypted using a second public key from the communication device;
    8. The authentication unit decrypts the second message using a secret key, and authenticates the communication device based on whether the first message matches the second message. Authentication system.
  9.  前記通信デバイスは、前記第1証明書を保持しない請求項1記載の認証システム。 The authentication system according to claim 1, wherein the communication device does not hold the first certificate.
  10.  前記データベースが格納する前記第1証明書には、公開鍵が含まれ、
     前記公開鍵に対応する秘密鍵は、前記通信デバイスによって保持される請求項1記載の認証システム。     The first certificate stored in the database includes a public key,
    The authentication system according to claim 1, wherein a secret key corresponding to the public key is held by the communication device.
  11.  前記第1証明書には、有効期限が設定され、
     前記有効期限が切れる前に、前記データベースは、新たな有効期限が設定された前記第1証明書に更新する請求項1記載の認証システム。     The first certificate has an expiration date,
    The authentication system according to claim 1, wherein the database is updated to the first certificate in which a new expiration date is set before the expiration date.
  12.  前記管理装置は、チャレンジ・レスポンス方式を用いて、前記通信デバイスの認証を行う請求項1記載の認証システム。 The authentication system according to claim 1, wherein the management apparatus authenticates the communication device using a challenge / response method.
  13.  前記通信デバイスの認証に成功した場合に、前記管理装置は、前記通信デバイスからの前記接続要求を受け入れ、前記通信デバイスを前記第1ネットワークに接続する請求項1記載の認証システム。 The authentication system according to claim 1, wherein when the authentication of the communication device is successful, the management apparatus accepts the connection request from the communication device and connects the communication device to the first network.
  14.  前記通信デバイスの認証に成功しなかった場合に、前記管理装置は、前記制御部は、前記通信デバイスからの前記接続要求を拒否し、前記通信デバイスを、前記第1ネットワークに接続しない請求項13記載の認証システム。 The management apparatus, when the authentication of the communication device is not successful, the control unit rejects the connection request from the communication device and does not connect the communication device to the first network. The described authentication system.
  15.  前記管理装置は、前記通信デバイスから前記第1証明書を受信しない請求項13記載の認証システム。 The authentication system according to claim 13, wherein the management apparatus does not receive the first certificate from the communication device.
  16.  前記管理装置は、前記通信デバイスからの接続要求として、匿名接続要求を受信して、前記通信デバイスを、前記第1ネットワークに匿名接続させ、
     前記通信デバイスの認証に成功した場合に、前記管理装置は、前記通信デバイスを、匿名接続から正規接続に切り替えて、前記第1ネットワークに接続させる請求項1記載の認証システム。     The management apparatus receives an anonymous connection request as a connection request from the communication device, causes the communication device to anonymously connect to the first network,
    The authentication system according to claim 1, wherein when the authentication of the communication device is successful, the management device switches the communication device from an anonymous connection to a regular connection and connects the communication device to the first network.
  17.  前記通信デバイスの認証に成功しなかった場合に、前記管理装置は、前記通信デバイスの匿名接続を、前記第1ネットワークから切断する請求項16記載の認証システム。 The authentication system according to claim 16, wherein when the authentication of the communication device is not successful, the management device disconnects the anonymous connection of the communication device from the first network.
  18.  前記通信デバイスからの接続要求を受信した場合に、前記管理装置は、前記第1証明書を前記第2証明書を用いて検証する請求項2記載の認証システム。 3. The authentication system according to claim 2, wherein when receiving a connection request from the communication device, the management device verifies the first certificate using the second certificate.
  19.  ネットワークに接続される通信デバイスからの接続要求を受信する通信部と、
     前記通信部が前記接続要求を受信した場合に、前記接続要求を行った前記通信デバイスを認証するための第1証明書を、データベースから読み出す制御部と、
     前記制御部が読み出した前記第1証明書を用いて、前記接続要求を送信した前記通信デバイスの認証を行う認証部と、
      を備える管理装置。     A communication unit that receives a connection request from a communication device connected to the network;
    When the communication unit receives the connection request, a control unit that reads a first certificate for authenticating the communication device that has made the connection request from a database;
    An authentication unit that authenticates the communication device that has transmitted the connection request using the first certificate read by the control unit;
    A management device comprising:
  20.  ネットワークに接続される通信デバイスからの接続要求を受信し、
     前記接続要求を受信した場合に、前記通信デバイスを認証するために用いられる第1証明書を格納するデータベースから、前記接続要求を行った前記通信デバイスを認証するための第1証明書を読み出し、
     読み出した前記第1証明書を用いて、前記接続要求を行った前記通信デバイスの認証を行う認証方法。     Receives connection requests from communication devices connected to the network,
    A first certificate for authenticating the communication device that made the connection request is read from a database that stores a first certificate used to authenticate the communication device when the connection request is received;
    An authentication method for authenticating the communication device that has made the connection request using the read first certificate.
PCT/JP2013/072285 2012-08-21 2013-08-21 Authentication system, management device, and authentication method WO2014030669A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012182297A JP2014042095A (en) 2012-08-21 2012-08-21 Authentication system and method
JP2012-182297 2012-08-21

Publications (1)

Publication Number Publication Date
WO2014030669A1 true WO2014030669A1 (en) 2014-02-27

Family

ID=50149975

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/072285 WO2014030669A1 (en) 2012-08-21 2013-08-21 Authentication system, management device, and authentication method

Country Status (2)

Country Link
JP (1) JP2014042095A (en)
WO (1) WO2014030669A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106412901A (en) * 2016-10-28 2017-02-15 上海斐讯数据通信技术有限公司 Network-loitering prevention wireless routing method and system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7001524B2 (en) * 2018-03-29 2022-01-19 セコム株式会社 Electric lock
JP7274400B2 (en) * 2019-12-04 2023-05-16 日立Geニュークリア・エナジー株式会社 Wireless communication control system and wireless communication control method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07193569A (en) * 1993-11-02 1995-07-28 Sun Microsyst Inc Method of maintaining safety of communication and device that safely transfers data
JPH09219701A (en) * 1995-12-13 1997-08-19 Ncr Internatl Inc Method and device for retrieving identity recognizing identification
JP2000508153A (en) * 1997-02-14 2000-06-27 インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン General-purpose user authentication method for network computers
JP2002501708A (en) * 1997-05-30 2002-01-15 3コム コーポレイション Method and apparatus for providing security in a star network connection using public key cryptography
JP2006059223A (en) * 2004-08-23 2006-03-02 Bank Of Tokyo-Mitsubishi Ltd Information communication mediation device, and control method and program for information communication mediation device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002208960A (en) * 2001-01-11 2002-07-26 Fuji Xerox Co Ltd Electronic mail device
US7308573B2 (en) * 2003-02-25 2007-12-11 Microsoft Corporation Enrolling / sub-enrolling a digital rights management (DRM) server into a DRM architecture

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07193569A (en) * 1993-11-02 1995-07-28 Sun Microsyst Inc Method of maintaining safety of communication and device that safely transfers data
JPH09219701A (en) * 1995-12-13 1997-08-19 Ncr Internatl Inc Method and device for retrieving identity recognizing identification
JP2000508153A (en) * 1997-02-14 2000-06-27 インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン General-purpose user authentication method for network computers
JP2002501708A (en) * 1997-05-30 2002-01-15 3コム コーポレイション Method and apparatus for providing security in a star network connection using public key cryptography
JP2006059223A (en) * 2004-08-23 2006-03-02 Bank Of Tokyo-Mitsubishi Ltd Information communication mediation device, and control method and program for information communication mediation device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BLAKE-WILSON, S. ET AL.: "Transport Layer Security (TLS) Extensions", IETF RFC 4366, April 2006 (2006-04-01), Retrieved from the Internet <URL:http://www.ietf.org/rfc/rfc4366.txt> [retrieved on 20131024] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106412901A (en) * 2016-10-28 2017-02-15 上海斐讯数据通信技术有限公司 Network-loitering prevention wireless routing method and system

Also Published As

Publication number Publication date
JP2014042095A (en) 2014-03-06

Similar Documents

Publication Publication Date Title
CN107784223B (en) Computer arrangement for transmitting a certificate to an instrument in a device
JP6612358B2 (en) Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point
US10959092B2 (en) Method and system for pairing wireless mobile device with IoT device
JP4039277B2 (en) RADIO COMMUNICATION SYSTEM, TERMINAL, PROCESSING METHOD IN THE TERMINAL, AND PROGRAM FOR CAUSING TERMINAL TO EXECUTE THE METHOD
JP5790653B2 (en) Service provision system
US20170111357A1 (en) Authentication method and authentication system
KR101765917B1 (en) Method for authenticating personal network entity
CN109672538A (en) A kind of lightweight vehicle bus safety communicating method and safe communication system
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
KR20120091635A (en) Authentication method and apparatus in wireless communication system
US11218873B2 (en) Communication system and method
WO2017150270A1 (en) Communication system, hardware security module, terminal device, communication method, and program
CN102624744B (en) Authentication method, device and system of network device and network device
US9648650B2 (en) Pairing of devices through separate networks
KR20200044117A (en) Digital certificate management method and device
US11134072B2 (en) Method for verifying a security classification of a first device using a digital certificate, a first and second device and certificate issuing apparatus
CN113545115B (en) Communication method and device
CN101471767B (en) Method, equipment and system for distributing cipher key
US9374371B2 (en) Authentication apparatus and method thereof, and computer program
CN101616414A (en) Method, system and server that terminal is authenticated
WO2014030669A1 (en) Authentication system, management device, and authentication method
CN115915132A (en) Key management method, device and system
US9065692B2 (en) Information notification apparatus, method, and program product
RU2447603C2 (en) Method for dhcp messages transmission
CN108352982B (en) Communication device, communication method, and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13831519

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13831519

Country of ref document: EP

Kind code of ref document: A1