WO2016208068A1 - 認証システム - Google Patents
認証システム Download PDFInfo
- Publication number
- WO2016208068A1 WO2016208068A1 PCT/JP2015/068530 JP2015068530W WO2016208068A1 WO 2016208068 A1 WO2016208068 A1 WO 2016208068A1 JP 2015068530 W JP2015068530 W JP 2015068530W WO 2016208068 A1 WO2016208068 A1 WO 2016208068A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- maintenance
- random number
- certificate
- terminal
- target device
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Definitions
- the present invention relates to an authentication system, and more particularly to authentication of a maintenance person who performs maintenance on a maintenance target device and a maintenance terminal used for maintenance.
- the maintenance staff goes to the facility, and the maintenance target equipment is a personal computer (PC) terminal carried by the maintenance staff. May be implemented after connecting to.
- the terminal provided by the operator is required to be used, and the authenticity of the terminal and the maintenance staff is confirmed by performing authentication using the user ID and password of the maintenance staff.
- Patent Document 1 Conventionally, a technique has been proposed in which an electronic certificate of a terminal used for maintenance and inspection is acquired and the terminal connected to the apparatus is authenticated (for example, Patent Document 1).
- the number of terminals used for maintenance inspections is basically the same as the number of maintenance personnel. Conventionally, it has been necessary to issue an electronic certificate to each terminal.
- An object of the present invention is to be able to authenticate a maintenance terminal used for maintenance inspection without issuing an electronic certificate to each maintenance terminal.
- An authentication system is carried by a maintenance target device that is a maintenance target, an issue server that issues various certificates before maintenance is performed on the maintenance target device, and a maintenance staff that performs maintenance.
- a PKI token that stores a maintenance worker certificate and a maintenance worker private key issued by the issuing server, and a maintenance terminal that is connected to and used by the maintenance target device when maintenance is performed, Issuing means for issuing a CA certificate in the issuing server, terminal identification information of the maintenance terminal acquired before maintenance is performed in the issuing server, and the maintenance terminal acquired when maintenance is performed
- Terminal identification information collating means for collating the terminal identification information with the terminal identification information matching means when the maintenance is performed in the maintenance target device based on the collation result by the terminal identification information collating means.
- Maintenance terminal authentication processing means for authenticating maintenance terminals, maintenance staff authentication random number generation means for generating random numbers used for maintenance staff authentication when maintenance is performed, and the PKI token when maintenance is performed
- the maintenance staff certificate transmitted from the server is verified with the CA certificate issued by the issuing server, and the random number generated by the maintenance staff authentication random number generating means is encrypted by the maintenance staff private key by the PKI token.
- Maintenance personnel authentication processing means for authenticating the maintenance personnel by verifying the signature obtained by the above with a verified maintenance personnel certificate.
- the issuing unit issues a CA certificate to the maintenance target device, and the maintenance target device includes the maintenance worker authentication random number generation unit and the maintenance worker authentication processing unit to authenticate a maintenance worker. Is.
- the issuing means issues a CA certificate and an issuing server certificate signed with a CA certificate private key to the maintenance target device and a CA certificate to the maintenance terminal, respectively.
- the maintenance terminal acquires a random number and a signed issuing server certificate from the maintenance target device, the maintenance terminal includes a random number generator for maintenance personnel authentication and a maintenance engineer authentication processing unit.
- the encrypted server includes encrypted information generating means for generating encrypted information by verifying with a certificate and encrypting the acquired random number and the terminal identification information of the terminal with a verified issuing server certificate,
- the decryption means for decrypting the encrypted information acquired from the maintenance target device with the private key of the self-issued server, the random number decrypted by the decryption means, and the random number acquired from the maintenance target device are collated Random number collating means, wherein the terminal identification information collating means collates the terminal identification information decoded by the decoding means with the terminal identification information of the maintenance terminal acquired before maintenance is performed. To do.
- the issuing server has a maintenance target device authentication random number generation unit that generates a random number used for authentication of the maintenance target device before maintenance is performed, and the encryption information generation unit includes the maintenance target device.
- the random number generated by the maintenance target device authentication random number generation means and the signed issuing server certificate are acquired from the server, the acquired issuing server certificate is verified with the CA certificate, and the acquired random number and the terminal identification of the terminal itself
- the encrypted information is generated by encrypting the information with a verified issuing server certificate, and the random number verification unit is generated by the random number decrypted by the decryption unit and the maintenance target device authentication random number generation unit. Random numbers are checked against each other.
- the issuing means issues a CA certificate to the maintenance terminal, and the maintenance terminal has the maintenance person authentication random number generation means and the maintenance person authentication processing means in place of the maintenance target device for maintenance. It authenticates employees.
- a maintenance terminal used for maintenance inspection can be authenticated without issuing an electronic certificate to each maintenance terminal.
- the issuing server can confirm the validity of the maintenance target device.
- maintenance personnel can be authenticated at the maintenance terminal.
- FIG. 1 is an overall configuration diagram showing an embodiment of an authentication system according to the present invention. It is a hardware block diagram of the server computer which forms the issuing server in this Embodiment. It is a block block diagram of the authentication system in this Embodiment.
- FIG. 3 is a sequence diagram illustrating authentication processing for maintenance personnel and a maintenance terminal in the first embodiment.
- FIG. 10 is a sequence diagram showing authentication processing for maintenance personnel and a maintenance terminal in the second embodiment.
- FIG. 5B is a sequence diagram showing an authentication process following FIG. 5A.
- FIG. 10 is a sequence diagram illustrating authentication processing for maintenance personnel and a maintenance terminal in the third embodiment.
- FIG. 6B is a sequence diagram showing an authentication process following FIG. 6A.
- FIG. 6A is an authentication process following FIG. 6A.
- FIG. 10 is a sequence diagram illustrating authentication processing for maintenance personnel and a maintenance terminal in the fourth embodiment.
- FIG. 7B is a sequence diagram showing an authentication process following FIG. 7A.
- FIG. 16 is a sequence diagram showing authentication processing for maintenance personnel and maintenance terminals in the fifth embodiment. It is the sequence diagram which showed the authentication process following FIG. 8A.
- FIG. 1 is an overall configuration diagram showing an embodiment of an authentication system according to the present invention.
- an issue server 10 and a monitoring server 2 installed in a monitoring center 1 of a maintenance company, a building system 4 installed in a building 3 contracted by the maintenance company, a monitoring server 2 and a building system 4 are shown.
- a network 5 to be connected, and a maintenance terminal 30 and an IC card 40 that are carried when a maintenance person performs maintenance inspection on the maintenance target device 20 are shown.
- the issuing server 10 is a server computer that issues a CA certificate, maintenance personnel certificate, and the like necessary for maintenance and inspection of the maintenance target device 20.
- the monitoring server 2 is a server that remotely monitors the building system 4.
- the building system 4 includes a management device (maintenance target device) 20 to be monitored by a maintenance company, a gateway, a controller for building facilities, and the like. In FIG. 1, the detailed configuration of the building system 4 is omitted.
- FIG. 2 is a hardware configuration diagram of a server computer forming the issuing server 10 in the present embodiment.
- the server computer forming the issuing server 10 in the present embodiment can be realized with a general-purpose hardware configuration that has existed in the past. That is, as shown in FIG. 2, the computer is connected to the CPU 51, ROM 52, RAM 53, hard disk drive (HDD) 54, keyboard 55 provided as input means, and display 56 provided as a display device. 57, a communication interface 58 provided as a communication means is connected to an internal bus 59.
- FIG. 3 is a block diagram of the authentication system in the present embodiment. Note that components not used in the description of the present embodiment are omitted from the drawings.
- the issuing server 10 includes a communication processing unit 11, an authentication preprocessing unit 12, an authentication processing unit 13, a control unit 14, and an authentication information storage unit 15.
- the communication processing unit 11 communicates with other devices 20, 30 and 40.
- the maintenance staff dispatches to the building 3, connects the maintenance terminal 30 to the maintenance target apparatus 20, and starts maintenance inspection after the maintenance staff and the maintenance terminal 30 are authenticated by the maintenance target apparatus 20.
- the pre-authentication processing unit 12 executes processing to be performed on the maintenance company side before the maintenance staff and the maintenance terminal 30 are authenticated in the building 3.
- the authentication preprocessing unit 12 has a function as an issuing unit, and issues a CA certificate to the maintenance target apparatus 20 in the case of the present embodiment.
- the authentication processing unit 13 executes an authentication process performed after the maintenance terminal 30 and the IC card 40 are brought into the building 3. Specifically, the authentication processing unit 13 has a function as a terminal identification information matching unit. In the case of the present embodiment, the unique number of the maintenance terminal 30 acquired before the maintenance is performed, and the maintenance is performed. The unique number of the maintenance terminal 30 acquired at the time of verification is collated. The control unit 14 controls the operation of each component 11 to 13.
- the authentication information storage unit 15 stores various information used for authentication processing. Specifically, in the case of the present embodiment, a CA certificate issued to the maintenance target apparatus 20, a maintenance worker certificate issued to the IC card 40, and a maintenance worker private key are registered in advance. Further, as will be described later, a unique number of the maintenance terminal 30 sent from the maintenance terminal 30 is stored. In addition, information such as an issuing server certificate and a random number used in an embodiment described later is also stored in the authentication information storage unit 15. In the present embodiment, for simplification of description, it is described that all information used for authentication processing is stored in the authentication information storage unit 15; however, various types of information are appropriately classified according to applications and stored differently. You may make it memorize
- Each component 11 to 14 in the issuing server 10 is realized by a cooperative operation of a computer that forms the issuing server 10 and a program that runs on the CPU 51 mounted on the computer.
- the authentication information storage unit 15 is realized by an HDD 54 mounted on the issuing server 10.
- the RAM 53 or an external storage means may be used via a network.
- the maintenance target device 20 includes a communication processing unit 21, an authentication preprocessing unit 22, an authentication processing unit 23, a control unit 24, and an authentication information storage unit 25.
- the communication processing unit 21 communicates with the other devices 20 and 30.
- the pre-authentication processing unit 22 executes processing that should be performed before the maintenance staff and the maintenance terminal 30 are authenticated in cooperation with the pre-authentication processing unit 12 in the issuing server 10.
- the authentication processing unit 23 performs authentication processing of the maintenance staff and the maintenance terminal 30 in cooperation with the authentication processing unit 13 in the issuing server 10 and the authentication processing unit 35 in the maintenance terminal 30.
- the authentication processing unit 23 has a function as a maintenance terminal authentication processing unit, and authenticates the maintenance terminal 30 based on a collation result by the authentication processing unit 13 of the issuing server 10 when maintenance is performed.
- the authentication system includes a random number generation means for maintenance personnel authentication that generates a random number used for authentication of maintenance personnel when maintenance is performed, and is transmitted from the IC card 40 when maintenance is performed.
- the signature obtained by verifying the maintenance staff certificate with the CA certificate issued by the issuing server 10 and encrypting the random number generated by the maintenance staff authentication random number generation means with the maintenance staff private key.
- Maintenance personnel authentication processing means for authenticating the maintenance staff by verifying with the verified maintenance staff certificate the authentication processing section 23 in the present embodiment includes the maintenance staff authentication random number generation means and the maintenance staff.
- the maintenance staff is authenticated by having the authentication processing means.
- the control unit 24 controls the operation of each of the components 21 to 23.
- the authentication information storage unit 25 stores various information used for authentication processing. Specifically, in the case of the present embodiment, the CA certificate and the random number generated by the authentication processing unit 23 are stored. Further, an issuance server certificate and the like used in an embodiment described later is also stored in the authentication information storage unit 25. In this embodiment, for simplification of description, it is described that all information used for authentication processing is stored in the authentication information storage unit 25. You may make it memorize
- Each component 21 to 24 in the maintenance target device 20 is realized by a cooperative operation of a computer forming the maintenance target device 20 and a program operating on a CPU mounted on the computer. Further, the authentication information storage unit 25 is realized by an HDD mounted on the maintenance target device 20. Alternatively, RAM or external storage means may be used via a network.
- the maintenance terminal 30 includes a communication processing unit 31, a login processing unit 32, a connection request unit 33, a pre-authentication processing unit 34, an authentication processing unit 35, a control unit 36, and an authentication information storage unit 37.
- the communication processing unit 31 performs communication with other devices 10, 20, and 40.
- the login processing unit 32 executes a login process for performing user authentication based on the user ID and password of the maintenance staff in response to the login request of the maintenance staff.
- the connection request unit 33 transmits a connection request for requesting the maintenance process of the maintenance staff and the maintenance terminal 30 to the maintenance target device 20 when performing maintenance inspection.
- the pre-authentication processing unit 34 performs processing that should be performed before the maintenance staff and the maintenance terminal 30 are authenticated in cooperation with the pre-authentication processing unit 12 in the issuing server 10.
- the authentication processing unit 35 performs authentication processing of the maintenance staff and the maintenance terminal 30 in cooperation with the authentication processing unit 13 in the issuing server 10 and the signature unit 43 of the IC card 40.
- the control unit 36 controls the operation of
- the authentication information storage unit 37 stores various information used for authentication processing. Specifically, in the case of the present embodiment, the random number transmitted from the maintenance target device 20 is stored. Further, a CA certificate or the like used in an embodiment described later is also stored in the authentication information storage unit 37. In the present embodiment, for simplification of explanation, it is described that all information used for authentication processing is stored in the authentication information storage unit 37. You may make it memorize
- Each component 31 to 36 in the maintenance terminal 30 is realized by a cooperative operation of a computer that forms the maintenance terminal 30 and a program that operates on a CPU mounted on the computer.
- the authentication information storage unit 37 is realized by an HDD installed in the maintenance terminal 30. Alternatively, RAM or external storage means may be used via a network.
- the program used in this embodiment can be provided not only by communication means but also by storing it in a computer-readable recording medium such as a CD-ROM or USB memory.
- the program provided from the communication means or the recording medium is installed in the computer, and various processes are realized by the CPU of the computer sequentially executing the program.
- the IC card 40 includes a communication processing unit 41, a pre-authentication processing unit 42, a signature unit 43, and a personal information storage unit 44.
- the communication processing unit 41 performs short-range wireless communication with the other devices 10 and 30.
- the pre-authentication processing unit 42 writes and saves the maintenance worker certificate and maintenance worker private key issued by the issuing server 10 in the personal information storage unit 44.
- the signature unit 43 signs the random number transmitted from the maintenance terminal 30 with the maintenance worker secret key. In the personal information storage unit 44, a maintenance staff certificate and a maintenance staff secret key are recorded.
- the IC card (smart card) 40 in the present embodiment is a PKI token in which a maintenance staff certificate and a maintenance staff secret key can be stored and a CPU is mounted.
- the maintenance target device 20 is in a state where it can communicate with the issuing server 10 by wire or wireless at the time of manufacture. After installation in the building 3, the maintenance target device 20 is in a state where it can communicate with the issuing server 10 via the network 5. In addition, the maintenance target devices 20 become communicable with each other by responding to a connection request from the maintenance terminal 30. The maintenance terminal 30 and the IC card 40 can communicate with the issuing server 10 at least while they are on the monitoring center 1 side. Further, while the authentication process is being executed in the building 3, the maintenance terminal 30 and the IC card 40 are in a state in which they can communicate by short-range wireless communication.
- the processing above the horizontal broken line is processing performed on the monitoring center 1 side before the maintenance target device 20 is installed in the building 3. That is, it is a process performed by each authentication pre-processing unit 12, 22, 34, 42 appropriately operating in cooperation.
- the processing below the broken line is processing that is performed when the maintenance staff goes to the building 3 and performs maintenance and inspection on the maintenance target device 20. That is, the authentication processing units 13, 23, and 35 appropriately operate in cooperation, and the login processing unit 32, the connection request unit 33, and the signature unit 43 operate.
- the classification of the execution place of processing by the broken line is the same in each embodiment described later.
- the issuing server 10 issues a CA certificate to the maintenance target device 20 (step 111).
- the CA certificate is written and stored in the authentication information storage unit 25 when the maintenance target device 20 is manufactured, that is, before the maintenance target device 20 is installed in the building 3.
- the issuing server 10 issues a maintenance staff certificate and maintenance staff secret key of the maintenance staff to the IC card 40 (step 112).
- the IC card 40 is carried by the maintenance staff.
- the maintenance terminal 30 is registered by transmitting the unique number of the own terminal to the issuing server 10 (step 311).
- the maintenance terminal 30 transmits the unique number of its own terminal to the issuing server 10, but the issuing server 10 obtains the unique number from a management device or database of the maintenance terminal other than the maintenance terminal 30, for example. You may make it hold
- a MAC (Media Access Control) address that can identify each maintenance terminal 30 is assumed as a unique number, but identification information other than the MAC address such as a manufacturing number may be used.
- processing described above may be performed before the maintenance staff dispatches to the building 3 for maintenance inspection, and the execution order of each processing need not be limited to the order shown in FIG.
- the maintenance staff carries the IC card 40 and the maintenance terminal 30 for maintenance inspection and dispatches to the building 3 where the maintenance target device 20 is installed.
- the maintenance terminal 30 transmits a connection request to the maintenance target apparatus 20 (step 312).
- the maintenance target device 20 When the connection request is transmitted, the maintenance target device 20 generates a random number in response to the connection request (step 211), and transmits the generated random number to the maintenance terminal 30 (step 212).
- the maintenance terminal 30 transmits the random number to the IC card 40 (step 313).
- the IC card 40 signs by encrypting the random number with the maintenance person private key (step 411), and the signature obtained by the encryption and the maintenance read out from the personal information storage unit 44.
- the employee certificate is transmitted to the maintenance terminal 30 (step 412).
- the maintenance terminal 30 receives the random number transmitted from the maintenance target apparatus 20, the unique number of the own terminal, the maintenance staff certificate and signature transmitted from the IC card 40.
- the data is transmitted to the maintenance target device 20 (step 314).
- the maintenance target device 20 When the above information is transmitted from the maintenance terminal 30, the maintenance target device 20 first verifies the maintenance worker certificate using the CA certificate acquired in step 111 (step 213). Subsequently, the maintenance target apparatus 20 verifies the signature using the maintenance personnel public key included in the maintenance personnel certificate in order to verify whether the received random number is signed with a valid maintenance personnel private key. (Step 214). Subsequently, the maintenance target device 20 collates the received random number with the random number generated in Step 211 (Step 215).
- the maintenance target device 20 authenticates that the maintenance staff is a valid person by confirming that the above verification is successful and that the random numbers are completely matched by the verification. On the other hand, if the verification fails or the random numbers do not match, the random number or signature may have been tampered with. Accordingly, the maintenance target device 20 determines that the maintenance staff is not a valid person at this point of time, notifies the issue server 10 and the like to that effect, and ends the processing. In each of the embodiments described later, including this embodiment, unless otherwise specified, the verification of various certificates will be successful, and the description will be made assuming that the verification process for random numbers, unique numbers, and the like completely match.
- the maintenance target device 20 transmits the unique number acquired from the maintenance terminal 30 to the issuing server 10 (step 216). At this time, the maintenance target device 20 protects the unique number using SSL (Secure Sockets Layer) or the like.
- SSL Secure Sockets Layer
- the issuing server 10 collates the unique number acquired from the maintenance target device 20 in step 216 with the unique number acquired from the maintenance terminal 30 in step 311 (step 113), and notifies the maintenance target device 20 of the collation result. (Step 114). At this time, the issuing server 10 protects the collation result using SSL or the like.
- the maintenance target device 20 authenticates that the maintenance terminal 30 is a legitimate device by referring to the collation result transmitted from the issuing server 10 and confirming that the unique numbers completely match.
- the maintenance target device 20 authenticates the maintenance staff and the maintenance terminal 30 as described above.
- all the verifications and verifications in the authentication process described above are successful, it can be proved that both the maintenance staff who will perform maintenance and the maintenance terminal 30 that the maintenance staff will use for maintenance and inspection are valid. .
- the maintenance staff and the maintenance terminal 30 can be authenticated even if a unique number is used instead of the electronic certificate of the maintenance terminal 30, an electronic certificate is issued for each maintenance terminal 30. There is no need.
- Embodiment 2 the unique number transmitted from the maintenance terminal 30 to the maintenance target apparatus 20 is not encrypted. For this reason, there is a possibility of allowing impersonation of the maintenance terminal 30.
- the authentication processing unit 35 of the maintenance terminal 30 in the present embodiment further functions as an encryption information generation unit, and when the random number and the signed issuing server certificate are acquired from the maintenance target device 20, the acquired issuing server certificate is obtained.
- the certificate is verified with the CA certificate, and the obtained random number and the unique number of the terminal are encrypted with the verified issue server certificate to generate the encryption information (random number-containing encrypted unique number).
- the authentication processing unit 13 of the issuing server 10 further includes a decryption unit that decrypts the encrypted information acquired from the maintenance target device 20 with the private key of the own issue server, a decrypted random number, and the maintenance target device. It functions as a random number collating means for collating the random number acquired from 20.
- the IC card issuance and the unique number are registered in the issuance server 10 as in the first embodiment (steps 112 and 311). Further, the issuing server 10 in this embodiment signs the issuing server certificate with the CA certificate private key, and issues the signed issuing server certificate to the maintenance target apparatus 20 in addition to the CA certificate (step 121). ). Further, the issuing server 10 transmits the CA certificate to the maintenance terminal 30 (step 122).
- the maintenance terminal 30 transmits a connection request to the maintenance target apparatus 20 (step 312).
- the maintenance target device 20 When the connection request is transmitted, the maintenance target device 20 generates a random number in response to the connection request (step 211), and maintains the generated random number and the signed issuing server certificate acquired from the issuing server 10. It transmits to the terminal 30 (step 221).
- the maintenance terminal 30 verifies the issuing server certificate with the CA certificate acquired in step 122 (step 321). Subsequently, the maintenance terminal 30 encrypts the random number and the unique number together with the public key included in the verified issue server certificate (step 322). In the present embodiment, the unique number encrypted together with the random number is referred to as “random number-containing encrypted unique number”. Subsequently, the maintenance terminal 30 transmits the random number acquired from the maintenance target device 20 to the IC card 40 (step 313).
- the IC card 40 When the random number is transmitted, the IC card 40 signs the random number with the maintenance personnel private key (step 411), and transmits the signature and the maintenance personnel certificate to the maintenance terminal 30 (step 412).
- the maintenance terminal 30 receives the random number transmitted from the maintenance target apparatus 20, the random number-containing encryption unique number, the maintenance staff certificate and the signature transmitted from the IC card 40. Is transmitted to the maintenance target apparatus 20 (step 323).
- the maintenance target device 20 When the above information is transmitted from the maintenance terminal 30, the maintenance target device 20 first verifies the maintenance worker certificate with the CA certificate acquired in Step 121 (Step 213). Subsequently, the maintenance target apparatus 20 verifies the signature with the maintenance staff public key included in the maintenance staff certificate in order to verify whether the received random number is signed with a valid maintenance staff private key (step 214). The maintenance target device 20 collates the received random number with the random number generated in step 211 (step 215). In this way, the maintenance target device 20 authenticates maintenance personnel.
- the maintenance target device 20 transmits the random number acquired from the maintenance terminal 30 and the random number-containing encrypted unique number to the issuing server 10 (step 222). At this time, the maintenance target device 20 protects the random number and the random number-containing encrypted unique number using SSL) or the like.
- the issuing server 10 stores the random number-containing encrypted unique number transmitted from the maintenance target device 20 in the authentication information storage unit 15. 10 is decrypted with the secret key of 10 (step 123), and the random number obtained by the decryption is collated with the random number acquired from the maintenance target apparatus 20 in step 222 (step 124). Further, the issuing server 10 collates the unique number obtained by decryption with the unique number acquired from the maintenance terminal 30 in Step 311 (Step 113). Then, the issuing server 10 notifies the maintenance target device 20 of the collation result (step 114). At this time, the issuing server 10 protects the collation result using SSL or the like.
- the maintenance target device 20 authenticates that the maintenance terminal 30 is a legitimate device by referring to the collation result transmitted from the issuing server 10 and confirming that the random number and the unique number completely match. To do.
- Embodiment 3 the maintenance target device 20 authenticates the maintenance staff and the maintenance terminal 30.
- This embodiment is characterized in that maintenance personnel authentication is performed by the maintenance terminal 30 and authentication of the maintenance terminal 30 is performed by the maintenance target device 20. That is, the maintenance staff authentication random number generation means and the maintenance staff authentication processing means are included in the maintenance target apparatus 20 in the first and second embodiments, but are included in the maintenance terminal 30 in the present embodiment.
- the maintenance staff authentication random number generation means and the maintenance staff authentication processing means are included in the maintenance target apparatus 20 in the first and second embodiments, but are included in the maintenance terminal 30 in the present embodiment.
- FIGS. 6A and 6B an authentication process between the maintenance staff and the maintenance terminal 30 in the present embodiment will be described with reference to the sequence diagrams shown in FIGS. 6A and 6B.
- Preparation in advance before maintenance is performed may be the same as in the second embodiment.
- the maintenance terminal 30 When the maintenance staff dispatches to the building 3 and logs in to the maintenance terminal 30 (step 331), the maintenance terminal 30 generates a random number A (step 332), and transmits the generated random number A to the IC card 40 (step 331). 313).
- the maintenance target device 20 since the maintenance target device 20 separately generates a random number in the subsequent processing, it is described as “random number A” here to indicate that it is different from the random number.
- the IC card 40 When the random number A is transmitted, the IC card 40 signs the random number A with the maintenance personnel private key (step 411), and transmits the signature and the maintenance personnel certificate to the maintenance terminal 30 (step 412).
- the maintenance terminal 30 verifies the maintenance engineer certificate with the CA certificate acquired in step 122 (step 334), and then the transmitted random number A is In order to verify whether the signature is signed with a valid maintenance personnel private key, the signature is verified with the maintenance personnel public key included in the maintenance personnel certificate (step 335). Thus, in the present embodiment, the maintenance terminal 30 authenticates the maintenance staff. Subsequently, the maintenance terminal 30 transmits a connection request to the maintenance target device 20 (step 312).
- the maintenance target device 20 When the connection request is transmitted, the maintenance target device 20 generates a random number B in response to the connection request (step 211), and the generated random number B and the signed issuing server certificate acquired from the issuing server 10 Is transmitted to the maintenance terminal 30 (step 221).
- the maintenance terminal 30 verifies the issuing server certificate with the CA certificate acquired in step 122 (step 321), and is unique to the random number B. The number is combined with the public key included in the verified issuing server certificate (step 322). The maintenance terminal 30 transmits the random number-containing encrypted unique number generated by this encryption to the maintenance target apparatus 20 (step 336).
- the maintenance target device 20 transmits the random number-containing encrypted unique number and the random number B generated in step 211 to the issuing server 10 (step 222).
- the random number B and the random number-containing encrypted unique number are protected using SSL (Secure Sockets Layer) or the like.
- the issuing server 10 decrypts the random number-containing encrypted unique number with the secret key of the issuing server 10 (step 123), and is obtained by the decryption.
- the random number B and the random number B transmitted from the maintenance target device 20 are collated (step 124). Further, the issuing server 10 collates the unique number obtained by decryption with the unique number acquired from the maintenance terminal 30 in Step 311 (Step 113). Then, the issuing server 10 notifies the maintenance target device 20 of the collation result (step 114). During this communication, the verification result is protected using SSL or the like.
- the maintenance target device 20 refers to the collation result transmitted from the issuing server 10. Then, the maintenance target device 20 authenticates that the maintenance terminal 30 is a legitimate device based on the collation result of the random number B and the unique number.
- the maintenance target device 20 authenticates the maintenance staff and the maintenance terminal 30 as described above.
- the maintenance staff is authenticated by the maintenance terminal 30 and the maintenance terminal 30 is authenticated.
- Embodiment 4 In the present embodiment, in addition to the effects obtained in the second embodiment, even when the communication path between the issuing server 10 and the maintenance target device 20 is not secure, the issuing server 10 verifies the validity of the maintenance target device 20. The feature is that it can be confirmed. That is, the pre-authentication processing unit 12 of the issuing server 10 in the present embodiment functions as a maintenance target device authentication random number generation unit, and is used for authentication of the maintenance target device 20 before the maintenance is performed (random number A). Is generated.
- the issuing server 10 As pre-preparation to be performed before maintenance is performed, the issuing server 10 generates a random number A (step 141) and signs it with the secret key of the issuing server 10 (step 142). In this embodiment, since the maintenance target device 20 separately generates a random number in the subsequent processing, it is described as “random number A” here to indicate that it is different from the random number. Then, the issuing server 10 issues the signed random number A to the maintenance target apparatus 20 in addition to the signed issuing server certificate and CA certificate (step 142). Other advance preparations may be the same as those in the second embodiment.
- the CA certificate is issued when the maintenance target device 20 is manufactured, and the signed issuance server certificate and random number A are issued after the maintenance target device 20 is installed in the building 3 and transmitted via the network 5. May be.
- the maintenance target device 20 After being installed in the building 3, the maintenance target device 20 verifies the issued server certificate with the CA certificate acquired in Step 143 (Step 241), and verifies the random number A with the verified issued server certificate. (Step 242).
- the maintenance terminal 30 transmits a connection request to the maintenance target apparatus 20 (step 312).
- the maintenance target device 20 When the connection request is transmitted, the maintenance target device 20 generates a random number B in response to the connection request (step 211), the generated random number B, the signed issuing server certificate, and the verified random number A. Is transmitted to the maintenance terminal 30 (step 221).
- the maintenance terminal 30 verifies the issuing server certificate with the CA certificate acquired in step 122 (step 321). Then, the maintenance terminal 30 generates a random number-containing encrypted unique number by encrypting the random number A and the unique number with the public key included in the verified issue server certificate (step 322). Subsequently, the maintenance terminal 30 transmits the random number A and the random number B acquired from the maintenance target device 20 to the IC card 40 (step 313).
- the IC card 40 sets the random number A and the random number B as a set and signs with the maintenance worker private key (step 411), and the signature and the maintenance worker certificate are sent to the maintenance terminal 30. Transmit (step 412).
- the maintenance terminal 30 receives the random numbers A and B transmitted from the maintenance target apparatus 20, the random number-containing encryption unique number, and the maintenance staff transmitted from the IC card 40.
- the certificate and signature are transmitted to the maintenance target apparatus 20 (step 323).
- the maintenance target device 20 When the above information is transmitted from the maintenance terminal 30, the maintenance target device 20 first verifies the maintenance worker certificate with the CA certificate acquired in step 143 (step 213). Subsequently, the maintenance target device 20 verifies the received random number A and random number B with a valid maintenance personnel private key with the maintenance personnel public key included in the maintenance personnel certificate. Verification is performed (step 214). The maintenance target device 20 collates the received random number B with the random number B generated in step 211 (step 215). In this way, the maintenance target device 20 authenticates maintenance personnel.
- the maintenance target device 20 transmits the random number A, the random number B, the random number-containing encryption unique number, the maintenance staff certificate, and the signature acquired from the maintenance terminal 30 to the issuing server 10 (step 222).
- the issuing server 10 verifies the maintenance staff certificate with the CA certificate (step 144). Subsequently, the issuing server 10 verifies the signature with the maintenance personnel public key included in the maintenance personnel certificate in order to verify whether the received random numbers A and B are signed with a valid maintenance personnel private key. (Step 145). Then, the issuing server 10 collates the received random number A with the random number A generated in step 141 (step 146).
- the issuing server 10 decrypts the random number-containing encrypted unique number transmitted from the maintenance target device 20 with the secret key of the issuing server 10 (step 123), and the random number A obtained by the decryption and the maintenance The random number A acquired from the target device 20 is collated (step 124). Further, the issuing server 10 collates the unique number obtained by decryption with the unique number acquired in Step 311 (Step 113).
- the issuing server 10 newly generates a random number A (step 147).
- the random number A is generated in advance preparation and transmitted to the maintenance target device 20 (steps 141 and 143).
- the issuing server 10 generates the random number A (hereinafter, “new random number A”) generated in step 147. By transmitting it to the maintenance target device 20 together with the subsequent verification result, it is possible to perform authentication using the random number A in the subsequent authentication processing in which steps 141 and 143 are not performed.
- the issuing server 10 signs the verification result by the unique number and the random number A, the new random number A and the random number B together with the secret key of the issuing server 10 (step 148), the signed verification result, the new random number A Then, the maintenance target device 20 is notified of the random number B (step 114).
- the maintenance target device 20 verifies the information with the public key included in the issued server certificate verified in step 241 (step 243). Subsequently, the maintenance target device 20 collates the random number B included in the verified information with the random number B generated in step 211 (step 244). The maintenance target device 20 stores the verified new random number A in the authentication information storage unit 25 as the random number A for the next authentication (step 245).
- the maintenance target device 20 authenticates the maintenance staff and the maintenance terminal 30 as described above, but in this embodiment, a communication path between the issuing server 10 and the maintenance target device 20 exists. Even if it is not safe, the information transmitted from the maintenance target device 20 to the issuing server 10 is verified based on the random number A, and the information transmitted from the issuing server 10 to the maintenance target device 20 is verified based on the random number B. Road safety will be guaranteed. Thereby, the issuing server 10 can confirm the validity of the maintenance target device 20.
- Embodiment 5 the maintenance staff and the maintenance terminal 30 are authenticated by the maintenance target device 20.
- This embodiment is characterized in that maintenance personnel authentication is performed by the maintenance terminal 30 and authentication of the maintenance terminal 30 is performed by the maintenance target device 20. That is, the maintenance staff authentication random number generation means and the maintenance staff authentication processing means are included in the maintenance target apparatus 20 in the fourth embodiment, but are included in the maintenance terminal 30 in the present embodiment.
- the authentication process between the maintenance staff and the maintenance terminal 30 in the present embodiment will be described with reference to the sequence diagrams shown in FIGS. 8A and 8B.
- Preparation in advance before maintenance is performed may be the same as in the fourth embodiment.
- the verification server certificate and random number A verification processing (steps 241 and 242) in the maintenance target apparatus 20 may be the same as in the fourth embodiment.
- the maintenance terminal 30 When the maintenance staff dispatches to the building 3 and logs into the maintenance terminal 30 (step 331), the maintenance terminal 30 generates a random number B (step 332) and transmits the generated random number B to the IC card 40 (step 331). 313).
- the IC card 40 When the random number B is transmitted, the IC card 40 signs the random number B with the maintenance worker private key (step 411), and transmits the signature and the maintenance worker certificate to the maintenance terminal 30 (step 412).
- the maintenance terminal 30 verifies the maintenance engineer certificate with the CA certificate acquired in step 122 (step 334), and then the transmitted random number B is In order to verify whether the signature is signed with a valid maintenance personnel private key, the signature is verified with the maintenance personnel public key included in the maintenance personnel certificate (step 335). Thus, in the present embodiment, the maintenance terminal 30 authenticates the maintenance staff. Subsequently, the maintenance terminal 30 transmits a connection request to the maintenance target device 20 (step 312).
- the maintenance target device 20 When the connection request is transmitted, the maintenance target device 20 generates a random number C in response to the connection request (Step 211), and obtains the generated random number C, the random number A generated in Step 242 and the issuing server 10.
- the signed issuing server certificate is transmitted to the maintenance terminal 30 (step 251).
- the maintenance terminal 30 verifies the issuing server certificate with the CA certificate acquired in step 122 (step 321). A, the random number C, and the unique number are combined and encrypted with the public key included in the verified issuing server certificate (step 322). The maintenance terminal 30 transmits the random number-containing encrypted unique number generated by this encryption to the maintenance target apparatus 20 (step 337).
- the maintenance target apparatus 20 When the random number-containing encrypted unique number is transmitted from the maintenance terminal 30, the maintenance target apparatus 20 issues the random number-containing encrypted unique number, the random number A verified in step 242 and the random number C generated in step 211. 10 (step 222).
- the issuing server 10 decrypts the random number-containing encrypted unique number with the secret key of the issuing server 10 (step 123).
- the obtained random number A is collated with the random number A acquired from the maintenance target apparatus 20 and the random number A generated in step 141 (step 151).
- the issuing server 10 collates the random number C obtained by decryption with the random number C acquired from the maintenance target device 20 (step 152). Further, the issuing server 10 collates the unique number obtained by decryption with the unique number acquired in Step 311 (Step 113).
- the issuing server 10 generates a new random number as in the fourth embodiment (step 147).
- the issuing server 10 then collates the unique number, the random number A and the random number C, and signs the new random number A and the random number C together with the secret key of the issuing server 10 (step 148).
- the new random number A and the random number C are notified to the maintenance target device 20 (step 114).
- the maintenance target device 20 verifies the information with the public key included in the issued server certificate verified in step 241 (step 243).
- the random number C included is collated with the random number C generated in step 211 (step 244).
- the maintenance target device 20 stores the verified new random number A in the authentication information storage unit 25 as the random number A for the next authentication (step 245).
- the safety of the communication path between the issuing server 10 and the maintenance target device 20 is ensured in the same manner as in the fourth embodiment, and maintenance personnel are maintained in the same manner as in the third embodiment.
- Can be authenticated by the maintenance terminal 30 and the maintenance terminal 30 can be authenticated by the maintenance target apparatus 20.
- the maintenance terminal 30 can be authenticated even if a unique number is used instead of the electronic certificate of the maintenance terminal 30. That is, according to the present embodiment, the maintenance staff does not have to issue an electronic certificate to each maintenance terminal 30 used for maintenance inspection.
- 1 monitoring center, 2 monitoring server, 3 building, 4 building system, 5 network, 10 issuing server, 11, 21, 31, 41 communication processing unit, 12, 22, 34, 42 pre-authentication processing unit, 13, 23, 35 Authentication processing unit, 14, 24, 36 Control unit, 15, 25, 37 Authentication information storage unit, 20 Maintenance target device, 30 Maintenance terminal, 32 Login processing unit, 33 Connection request unit, 40 IC card, 43 Signature unit, 44 Personal information storage unit, 51 CPU, 52 ROM, 53 RAM, 54 hard disk drive (HDD), 55 keyboard, 56 display, 57 input / output controller, 58 communication interface, 59 internal bus.
- HDD hard disk drive
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
図1は、本発明に係る認証システムの一実施の形態を示した全体構成図である。図1には、保守会社の監視センタ1に設置された発行サーバ10及び監視サーバ2と、保守会社の契約先のビル3に設置されたビルシステム4と、監視サーバ2とビルシステム4とを接続するネットワーク5と、保守員が保守点検を保守対象装置20に実施する際に携行される保守端末30及びICカード40と、が示されている。発行サーバ10は、保守対象装置20の保守点検に必要なCA証明書や保守員証明書等を発行するサーバコンピュータである。監視サーバ2は、ビルシステム4を遠隔監視するサーバである。ビルシステム4には、保守会社の監視対象となる管理装置(保守対象装置)20をはじめ、ゲートウェイやビル設備のコントローラ等が含まれている。なお、図1では、ビルシステム4の詳細な構成を省略している。
上記実施の形態1においては、保守端末30から保守対象装置20へ送信される固有番号は暗号化されていない。このため、保守端末30へのなりすましを許してしまう可能性がある。
上記実施の形態2では、保守員及び保守端末30の認証を保守対象装置20において行っていた。本実施の形態では、保守員の認証を保守端末30で、保守端末30の認証を保守対象装置20で、それぞれ行うことを特徴としている。すなわち、保守員認証用乱数生成手段及び保守員認証処理手段は、上記実施の形態1,2では保守対象装置20が有していたが、本実施の形態では保守端末30が有している。以下、本実施の形態における保守員と保守端末30の認証処理について図6A及び図6Bに示したシーケンス図を用いて説明する。
本実施の形態では、上記実施の形態2で得られる効果に加え、発行サーバ10と保守対象装置20との間の通信路が安全でない場合でも、発行サーバ10は保守対象装置20の正当性を確認できるようにしたことを特徴としている。すなわち、本実施の形態における発行サーバ10の認証前処理部12は、保守対象装置認証用乱数生成手段として機能し、保守が実施される前に保守対象装置20の認証に用いる乱数(乱数A)を生成する。
上記実施の形態4では、保守員及び保守端末30の認証を保守対象装置20において行っていた。本実施の形態では、保守員の認証を保守端末30で、保守端末30の認証を保守対象装置20で、それぞれ行うことを特徴としている。すなわち、保守員認証用乱数生成手段及び保守員認証処理手段は、上記実施の形態4では保守対象装置20が有していたが、本実施の形態では保守端末30が有している。以下、本実施の形態における保守員と保守端末30の認証処理について図8A及び図8Bに示したシーケンス図を用いて説明する。
Claims (5)
- 保守の対象となる保守対象装置と、
前記保守対象装置に保守が実施される前に、各種証明書を発行する発行サーバと、
保守を実施する保守員により携帯され、前記発行サーバにより発行された保守員証明書及び保守員秘密鍵を記憶するPKIトークンと、
保守が実施されるときに前記保守対象装置に接続され、使用される保守端末と、
を有し、
前記発行サーバにおいて、CA証明書を発行する発行手段と、
前記発行サーバにおいて、保守が実施される前に取得した前記保守端末の端末識別情報と、保守が実施されるときに取得した前記保守端末の端末識別情報と、を照合する端末識別情報照合手段と、
前記保守対象装置において、保守が実施されるときに前記端末識別情報照合手段による照合結果に基づき前記保守端末の認証を行う保守端末認証処理手段と、
保守が実施されるときに保守員の認証に用いる乱数を生成する保守員認証用乱数生成手段と、
保守が実施されるときに、前記PKIトークンから送信された保守員証明書を前記発行サーバにより発行されたCA証明書で検証し、前記保守員認証用乱数生成手段により生成された乱数を前記PKIトークンが保守員秘密鍵で暗号化することによって得られた署名を検証済みの保守員証明書で検証することで保守員を認証する保守員認証処理手段と、
を有することを特徴とする認証システム。 - 前記発行手段は、CA証明書を前記保守対象装置に発行し、
前記保守対象装置は、前記保守員認証用乱数生成手段及び前記保守員認証処理手段を有することによって保守員の認証を行う、
ことを特徴とする請求項1に記載の認証システム。 - 前記発行手段は、CA証明書及びCA証明書の秘密鍵で署名した発行サーバ証明書を前記保守対象装置に、CA証明書を前記保守端末に、それぞれ発行し、
前記保守対象装置は、前記保守員認証用乱数生成手段及び前記保守員認証処理手段を有し、
前記保守端末は、
前記保守対象装置から乱数及び署名された発行サーバ証明書を取得すると、取得した発行サーバ証明書をCA証明書で検証し、取得した乱数及び自端末の端末識別情報を検証済みの発行サーバ証明書で暗号化することで暗号化情報を生成する暗号化情報生成手段を有し、
前記発行サーバは、
前記保守対象装置から取得した暗号化情報を自発行サーバの秘密鍵で復号する復号手段と、
前記復号手段により復号された乱数と、前記保守対象装置から取得した乱数と、を照合する乱数照合手段と、
を有し、
前記端末識別情報照合手段は、前記復号手段により復号された端末識別情報と、保守が実施される前に取得した前記保守端末の端末識別情報と、を照合する、
ことを特徴とする請求項1に記載の認証システム。 - 前記発行サーバは、保守が実施される前に前記保守対象装置の認証に用いる乱数を生成する保守対象装置認証用乱数生成手段を有し、
前記暗号化情報生成手段は、前記保守対象装置から前記保守対象装置認証用乱数生成手段により生成された乱数及び署名された発行サーバ証明書を取得すると、取得した発行サーバ証明書をCA証明書で検証し、取得した乱数及び自端末の端末識別情報を検証済みの発行サーバ証明書で暗号化することで暗号化情報を生成し、
前記乱数照合手段は、前記復号手段により復号された乱数と、前記保守対象装置認証用乱数生成手段により生成された乱数と、を照合する、
ことを特徴とする請求項3に記載の認証システム。 - 前記発行手段は、CA証明書を前記保守端末に発行し、
前記保守端末は、前記保守対象装置の代わりに前記保守員認証用乱数生成手段及び前記保守員認証処理手段を有することによって保守員の認証を行う、
ことを特徴とする請求項3又は4に記載の認証システム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201580081129.2A CN107710674A (zh) | 2015-06-26 | 2015-06-26 | 认证系统 |
JP2017524551A JP6223639B2 (ja) | 2015-06-26 | 2015-06-26 | 認証システム |
PCT/JP2015/068530 WO2016208068A1 (ja) | 2015-06-26 | 2015-06-26 | 認証システム |
KR1020187001361A KR20180019179A (ko) | 2015-06-26 | 2015-06-26 | 인증 시스템 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2015/068530 WO2016208068A1 (ja) | 2015-06-26 | 2015-06-26 | 認証システム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016208068A1 true WO2016208068A1 (ja) | 2016-12-29 |
Family
ID=57585210
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2015/068530 WO2016208068A1 (ja) | 2015-06-26 | 2015-06-26 | 認証システム |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP6223639B2 (ja) |
KR (1) | KR20180019179A (ja) |
CN (1) | CN107710674A (ja) |
WO (1) | WO2016208068A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110365488A (zh) * | 2019-07-23 | 2019-10-22 | 上海铂英飞信息技术有限公司 | 基于非可信环境下的认证方法、装置及系统 |
CN110912696A (zh) * | 2019-12-26 | 2020-03-24 | 成都三零瑞通移动通信有限公司 | 一种适用于即时群组的快速身份认证方法及系统 |
JP2020088836A (ja) * | 2018-11-15 | 2020-06-04 | Kddi株式会社 | 車両メンテナンスシステム、メンテナンスサーバ装置、管理サーバ装置、車載装置、メンテナンスツール、コンピュータプログラム及び車両メンテナンス方法 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109257391A (zh) * | 2018-11-30 | 2019-01-22 | 北京锐安科技有限公司 | 一种访问权限开放方法、装置、服务器及存储介质 |
CN112311738B (zh) * | 2019-07-31 | 2023-05-26 | 中兴通讯股份有限公司 | 一种维护操作的执行方法及装置 |
CN110505224B (zh) * | 2019-08-20 | 2022-05-20 | 佛山市禅信通科技有限公司 | 一种楼宇通信系统及其通信方法 |
CN111049660B (zh) * | 2020-03-16 | 2020-06-09 | 杭州海康威视数字技术股份有限公司 | 证书分发方法、系统、装置及设备、存储介质 |
CN111600870B (zh) * | 2020-05-13 | 2021-08-03 | 山东大学 | 一种双向通信认证方法及系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06321451A (ja) * | 1993-03-17 | 1994-11-22 | Kone Oy | エレベータ制御データの供給、蓄積および表示方法 |
JP2003085364A (ja) * | 2001-09-11 | 2003-03-20 | Hitachi Ltd | Atm用メンテナンス端末およびその制御方法 |
JP2004126754A (ja) * | 2002-09-30 | 2004-04-22 | Hitachi Ltd | 制御機器、保守装置、情報処理装置および保守サービス提供方法 |
JP2004303215A (ja) * | 2003-03-20 | 2004-10-28 | Ricoh Co Ltd | 電子機器、機器管理装置、機器保守システム、機器保守方法、プログラム、及び記憶媒体 |
WO2008095866A2 (de) * | 2007-02-05 | 2008-08-14 | Siemens Aktiengesellschaft | Verfahren zur autorisierung des zugriffs auf mindestens eine automatisierungskomponente einer technischen anlage |
JP2009140275A (ja) * | 2007-12-07 | 2009-06-25 | Hitachi Ltd | 非接触icカード認証システム |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4698481B2 (ja) * | 2006-05-26 | 2011-06-08 | Necフィールディング株式会社 | 作業者管理方法、これに用いる情報処理装置及び作業者端末、プログラム |
CN100555339C (zh) * | 2006-07-10 | 2009-10-28 | 北京飞天诚信科技有限公司 | 基于金融规范的ic卡在门禁系统中的应用方法 |
US20090300365A1 (en) * | 2008-05-30 | 2009-12-03 | Robert Karmes | Vehicle Diagnostic System Security with Memory Card |
JP5760493B2 (ja) * | 2011-02-18 | 2015-08-12 | 村田機械株式会社 | 中継通信システム |
JP5990433B2 (ja) * | 2012-08-31 | 2016-09-14 | 株式会社富士通エフサス | ネットワーク接続方法および電子機器 |
-
2015
- 2015-06-26 JP JP2017524551A patent/JP6223639B2/ja active Active
- 2015-06-26 KR KR1020187001361A patent/KR20180019179A/ko active IP Right Grant
- 2015-06-26 CN CN201580081129.2A patent/CN107710674A/zh active Pending
- 2015-06-26 WO PCT/JP2015/068530 patent/WO2016208068A1/ja active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06321451A (ja) * | 1993-03-17 | 1994-11-22 | Kone Oy | エレベータ制御データの供給、蓄積および表示方法 |
JP2003085364A (ja) * | 2001-09-11 | 2003-03-20 | Hitachi Ltd | Atm用メンテナンス端末およびその制御方法 |
JP2004126754A (ja) * | 2002-09-30 | 2004-04-22 | Hitachi Ltd | 制御機器、保守装置、情報処理装置および保守サービス提供方法 |
JP2004303215A (ja) * | 2003-03-20 | 2004-10-28 | Ricoh Co Ltd | 電子機器、機器管理装置、機器保守システム、機器保守方法、プログラム、及び記憶媒体 |
WO2008095866A2 (de) * | 2007-02-05 | 2008-08-14 | Siemens Aktiengesellschaft | Verfahren zur autorisierung des zugriffs auf mindestens eine automatisierungskomponente einer technischen anlage |
JP2009140275A (ja) * | 2007-12-07 | 2009-06-25 | Hitachi Ltd | 非接触icカード認証システム |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020088836A (ja) * | 2018-11-15 | 2020-06-04 | Kddi株式会社 | 車両メンテナンスシステム、メンテナンスサーバ装置、管理サーバ装置、車載装置、メンテナンスツール、コンピュータプログラム及び車両メンテナンス方法 |
CN110365488A (zh) * | 2019-07-23 | 2019-10-22 | 上海铂英飞信息技术有限公司 | 基于非可信环境下的认证方法、装置及系统 |
CN110912696A (zh) * | 2019-12-26 | 2020-03-24 | 成都三零瑞通移动通信有限公司 | 一种适用于即时群组的快速身份认证方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN107710674A (zh) | 2018-02-16 |
JPWO2016208068A1 (ja) | 2017-08-17 |
KR20180019179A (ko) | 2018-02-23 |
JP6223639B2 (ja) | 2017-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6223639B2 (ja) | 認証システム | |
US11330432B2 (en) | Maintenance system and maintenance method | |
CN105162797B (zh) | 一种基于视频监控系统的双向认证方法 | |
JP6911122B2 (ja) | 端末の攻撃警告メッセージログを取得する権限付与方法およびシステム | |
CN105427099A (zh) | 安全电子交易的网络认证方法 | |
CN106850207B (zh) | 无ca的身份认证方法和系统 | |
CN109335906B (zh) | 校验方法、电梯控制设备以及电梯外围设备 | |
CN108323230B (zh) | 一种传输密钥的方法、接收终端和分发终端 | |
CN102946314A (zh) | 一种基于浏览器插件的客户端用户身份认证方法 | |
EP3862899A1 (en) | Information communication apparatus, authentication program for information communication apparatus, and authentication method | |
TW201426383A (zh) | 身份驗證系統及方法 | |
CN102457373A (zh) | 手持设备双向验证系统及方法 | |
CN103916363A (zh) | 加密机的通讯安全管理方法和系统 | |
CN110351265A (zh) | 一种基于jwt的认证鉴权方法、计算机可读介质及系统 | |
CN108885658A (zh) | 借助凭证对设备真实性的证明 | |
CN103929308A (zh) | 应用于rfid卡的信息验证方法 | |
CN111431840A (zh) | 安全处理方法和装置 | |
JP2009272737A (ja) | 秘匿認証システム | |
KR101206854B1 (ko) | 고유식별자 기반 인증시스템 및 방법 | |
JP5295999B2 (ja) | 端末の初期設定方法および初期設定装置 | |
CN102571341B (zh) | 一种基于动态图像的认证系统及认证方法 | |
CN103281188A (zh) | 一种备份电子签名令牌中私钥的方法和系统 | |
CN110855442A (zh) | 一种基于pki技术的设备间证书验证方法 | |
JP2018022941A (ja) | 管理システム、管理サーバ及び管理プログラム | |
CN103248490B (zh) | 一种备份电子签名令牌中信息的方法和系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15896386 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017524551 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20187001361 Country of ref document: KR Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15896386 Country of ref document: EP Kind code of ref document: A1 |