JP7036705B2 - Communication equipment, communication methods, and computer programs - Google Patents

Description

The present invention relates to communication devices, communication methods, and computer programs.

Conventionally, a public key cryptosystem is known as one of the techniques for concealing communication data. In a public key cryptosystem, a public key (public key certificate) is generally exchanged using PKI (Public Key Infrastructure) (see, for example, Non-Patent Document 1).

ITpro, "Introduction to Information Security --PKI (Part 2) --- Mechanism of X.509 Certificates and PKI", Internet <URL: http://itpro.nikkeibp.co.jp/article/COLUMN/20060725/244233/>

However, in the conventional exchange of public key (public key certificate) using PKI, the supply side of the public key (public key certificate) sends the public key to the certification authority (CA) of a third-party organization. It took time and effort to send it and have it issued a public key certificate.

The present invention has been made in consideration of such circumstances, and the subscriber identification information associated with the user identification information is used to verify the validity of the communication partner between the communication devices when the public key is distributed. It is an object of the present invention to provide a communication device, a communication method, and a computer program capable of providing a communication device, a communication method, and a computer program.

(1) One aspect of the present invention is the subscriber identification unit identification which is the subscriber identification unit issued by the communication operator to the user authenticated by the communication operator and is the identification information of the subscriber identification unit. The other communication device receives a verification target public key certificate received from a subscriber identification unit that stores information and a communication device other than the other communication device that stores the public key certificate in advance. The subscriber identification unit includes a communication unit that communicates with the other communication device to be verified by using the public key certificate stored in advance, and the subscriber identification unit is the public key certificate that the other communication device stores in advance. Using the key storage unit that stores the private key of the pair for the document in advance and the secret key stored in the key storage unit, "the subscriber identification unit identification information or the user identification information that is the user identification information" is used. A public key certificate generator that generates a "public key certificate including" and a private key storage unit that stores a pair of private keys for the public key certificate generated by the public key certificate generator. The communication unit is a communication device that transmits the public key certificate generated by the public key certificate generation unit to the other communication device , and the public key certificate generation unit generates a public key certificate. It is a communication device further provided with a storage authentication unit that causes an operator operating the self-communication device to input a predetermined password for authentication for generating a public key certificate .
(2) In one aspect of the present invention, the subscriber identification unit uses the secret key stored in the private key storage unit to provide information including the subscriber identification unit identification information or the user identification information. On the other hand, the communication device according to (1) above is further provided with a cryptographic processing unit that executes cryptographic processing of the public key cryptosystem.

(5) One aspect of the present invention is a wireless communication unit that communicates via a wireless communication network connected by using the subscriber identification unit, and a new public key certificate and secret shared with the other communication device. The communication device according to any one of (1) and (2) above, further comprising a key update unit that receives a key pair via the wireless communication network.

(6) One aspect of the present invention is the subscriber identification unit identification which is the subscriber identification unit issued by the communication operator to the user authenticated by the communication operator and is the identification information of the subscriber identification unit. The subscriber identification unit that stores the information and the other communication device that stores the public key certificate in advance, and the other communication device receives the verification target public key certificate received from the communication device other than the other communication device. In a communication method of a communication device including a communication unit that communicates with the other communication device to be verified by using the public key certificate stored in advance, the subscriber identification unit is used by the other communication device in advance. Using the key storage step for storing the pair of private keys for the public key certificate to be stored in advance and the private key stored by the subscriber identification unit in the key storage step, "the subscriber identification unit identification information". Alternatively, the public key certificate generation step for generating the "public key certificate including the user identification information which is the user identification information" and the public key certificate generated by the subscriber identification unit in the public key certificate generation step. It includes a secret key storage step for storing a pair of private keys for a document, and a transmission step in which the communication unit transmits the public key certificate generated in the public key certificate generation step to the other communication device. It is a communication method, and when the public key certificate is generated in the public key certificate generation step, a predetermined method for authenticating the generation of the public key certificate is performed for the operator operating the own communication device. It is a communication method including a memory authentication step for inputting a password of .

(7) One aspect of the present invention is the subscriber identification unit identification which is the subscriber identification unit issued by the communication operator to the user authenticated by the communication operator and is the identification information of the subscriber identification unit. Verification target public key certificate received from a communication device other than the other communication device that stores the public key certificate in advance in the computer of the self- communication device equipped with the subscriber identification unit that stores the information. The communication function for communicating with the other communication device is realized by using the public key certificate stored in advance by the other communication device, and the computer of the subscriber identification unit is used with the other communication device. Using the key storage function for pre-storing the private key of the pair for the public key certificate stored in advance and the private key stored by the key storage function, "the subscriber identification unit identification information or the user". A secret that stores the private key of the pair for the public key certificate generated by the public key certificate generation function and the public key certificate generation function that generates the "public key certificate including the user identification information that is the identification information of the user". The communication function is a computer program that realizes a key storage function and transmits the public key certificate generated by the public key certificate generation function to the other communication device, and is a computer of the own communication device. When the public key certificate generation function generates a public key certificate, the operator who is operating the self-communication device is input with a predetermined password for authentication for generating the public key certificate. It is a computer program that further realizes the memory authentication function .

According to the present invention, it is possible to obtain the effect that the validity of the communication partner can be verified between the communication devices when the public key is distributed by the subscriber identification information associated with the user identification information.

It is a block diagram which shows the communication system 1 which concerns on 1st Embodiment. It is explanatory drawing of the communication method which concerns on 1st Embodiment. It is a block diagram which shows the communication system 1 which concerns on 2nd Embodiment. It is a block diagram which shows the communication system 1 which concerns on 3rd Embodiment. It is explanatory drawing which shows the communication system 1 which concerns on Example 1 of 3rd Embodiment. It is explanatory drawing which shows the communication system 1 which concerns on Example 2 of 3rd Embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 is a configuration diagram showing a communication system 1 according to the first embodiment. In FIG. 1, the communication system 1 includes a communication device 3-1 and a communication device 3-2. The communication device 3-1 includes a SIM (Subscriber Identity Module) 100-1, a communication unit 130, and a control unit 140. SIM100-1 stores SIM identification information simid1. The SIM identification information simid1 is identification information unique to SIM100-1. SIM100-1 includes a key generation unit 101, a public key certificate generation unit 102, a verification unit 103, a cryptographic processing unit 104, a certificate authority key storage unit 105, and a secret key storage unit 106.

The communication device 3-2 has the same configuration as the communication device 3-1. In the communication device 3-2 shown in FIG. 1, the parts corresponding to the respective parts of the communication device 3-1 are designated by the same reference numerals. In the following description, when the communication device 3-1 and the communication device 3-2 are not particularly distinguished, they are referred to as "communication device 3". Note that one communication device 3 may include a plurality of SIMs. For example, the communication device 3 may be a communication device having a plurality of SIM slots and capable of switching the connection destination to any communication network from the communication networks corresponding to the SIM inserted in each SIM slot. ..

The communication device 3-2 includes SIM100-2. SIM100-2 stores SIM identification information simid2. The SIM identification information simid2 is identification information unique to SIM100-2.

SIM100-1 is a SIM issued to a user authenticated by a telecommunications carrier. The SIM identification information simid1 of SIM100-1 is stored in the telecommunications carrier database 10 in association with the user identification information of the user authenticated by the telecommunications carrier. Similar to SIM100-1, SIM100-2 is also a SIM issued to a user authenticated by a telecommunications carrier. The SIM identification information simid2 of SIM100-2 is stored in the telecommunications carrier database 10 in association with the user identification information of the user authenticated by the telecommunications carrier. In the following description, when SIM100-1 and SIM100-2 are not particularly distinguished, they are referred to as "SIM100". The SIM 100 may be a SIM issued to a user authenticated by a virtual network operator.

As the SIM identification information, for example, IMSI (International Mobile Subscriber Identity) or ICCID (Integrated Circuit Card ID) may be used. Further, the telephone number associated with the SIM 100 may be used for the SIM identification information of the SIM 100.

The communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 communicate with each other. The communication between the communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 may be wireless communication or wired communication. For example, the communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 may communicate with each other via a wireless communication network such as a wireless LAN or a mobile phone network. Alternatively, the communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 may directly transmit and receive signals by short-range wireless communication technology to perform communication. Alternatively, the communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 may communicate with each other via a communication network such as the Internet, a fixed telephone network, or a wired LAN. Alternatively, the communication unit 130 of the communication device 3-1 and the communication unit 130 of the communication device 3-2 may be connected by a communication cable to perform communication.

In the communication device 3, the control unit 140 includes a CPU (Central Processing Unit) and a memory, and controls each unit included in the communication device 3. The control unit 140 includes an application 150 as its functional unit.

The SIM 100 is a kind of computer, and realizes a desired function by a computer program. In the SIM 100, the certificate authority key storage unit 105 stores a pair of the certificate authority public key certificate C_Krp and the certificate authority private key Krs. The certificate authority public key certificate C_Krp is a public key certificate of the certificate authority public key of the pair of the certificate authority private key Krs. The certificate authority public key certificate C_Krp and the certificate authority private key Krs are safely stored in the SIM 100, for example, when the SIM 100 is manufactured. Certificate authority public key certificate C_Krp and certificate authority private key Krs stored in SIM100-1 of communication device 3-1 and certificate authority public key certificate C_Krp and authentication stored in SIM100-2 of communication device 3-2. It is the same as the station secret key Krs.

The certificate authority key storage unit 105 is provided in a non-volatile storage area of the storage area in the SIM 100 that cannot be accessed from the outside of the SIM 100. Therefore, the certificate authority public key certificate C_Krp and the certificate authority private key Krs stored in the certificate authority key storage unit 105 are not accessed from the outside of the SIM 100. In addition, SIM100 has tamper resistance. Therefore, the certificate authority public key certificate C_Krp and the certificate authority private key Krs stored in the certificate authority key storage unit 105 are protected from attacks on the SIM 100.

The key generation unit 101 generates a pair of a public key and a private key. The public key certificate generation unit 102 generates a public key certificate by using the pair of the certificate authority public key certificate C_Krp and the certificate authority private key Krs stored in the certificate authority key storage unit 105. The private key storage unit 106 stores the private key paired with the public key certificate generated by the public key certificate generation unit 102. Similar to the certificate authority key storage unit 105, the private key storage unit 106 is provided in the non-volatile storage area of the storage area in the SIM 100 that cannot be accessed from the outside of the SIM 100. Therefore, the private key stored in the private key storage unit 106 is not accessed from the outside of the SIM 100. Further, since the SIM 100 has tamper resistance, the secret key stored in the secret key storage unit 106 is protected from an attack on the SIM 100.

The verification unit 103 verifies the public key certificate received by the communication unit 130 from the other communication device 3 by using the certificate authority public key certificate C_Krp stored in the certificate authority key storage unit 105. The encryption processing unit 104 executes the encryption processing of the public key cryptosystem by using the private key stored in the private key storage unit 106.

Next, the operation of the communication system 1 shown in FIG. 1 will be described with reference to FIG. FIG. 2 is an explanatory diagram of a communication method according to the present embodiment. FIG. 2 shows a case where information is transmitted from the communication device 3-1 to the communication device 3-2. Here, a case where information is transmitted from the communication device 3-1 to the communication device 3-2 will be described as an example, but conversely, a case where information is transmitted from the communication device 3-2 to the communication device 3-1 is also described. Is. The same applies to the case where information is transmitted / received from the communication device 3-1 to another communication device other than the communication device 3-2. That is, the same applies to the case where information is transmitted / received between a plurality of communication devices of three or more.

The SIM100-1 of the communication device 3-1 and the SIM100-2 of the communication device 3-2 store the same certificate authority public key certificate C_Krp and the certificate authority private key Krs in each certificate authority key storage unit 105. .. In FIG. 2, the certificate authority public key certificate C_Krp and the certificate authority private key Krs are stored in a secure ROM (Secure ROM) in the SIM 100. The secure ROM in the SIM 100 is a non-volatile storage area that cannot be accessed from the outside of the SIM 100.

The control unit 140 of the communication device 3-1 includes a public key / private key issuing application and a signature generation application as the application 150. The processing of these applications is performed in the flash memory (Flash memory) in the control unit 140 of the communication device 3-1. The control unit 140 of the communication device 3-2 includes a public key certificate management application and a signature verification application as the application 150. The processing of these applications is performed in the flash memory in the control unit 140 of the communication device 3-2.

[Procedure for sending public key certificate]
First, steps S1 to S6 of the procedure for sending the public key certificate will be described.

(Step S1) In the communication device 3-1 the public key / private key issuing application instructs SIM100-1 to generate a public key / private key pair. The key generation unit 101 of SIM100-1 generates the public key K1p and the private key K1s in response to the instruction. The generation of the public key K1p and the private key K1s is performed in the secure RAM (Secure RAM) in the SIM100-1. The secure RAM in SIM100-1 is a volatile storage area that cannot be accessed from the outside of SIM100-1. Therefore, the processing performed in the secure RAM in SIM100-1 is concealed from the outside of SIM100-1.

(Step S2) In SIM100-1, the secret key storage unit 106 stores the secret key K1s generated by the key generation unit 101. In FIG. 2, the private key K1s is stored in the secure ROM in SIM100-1.

(Step S3) In SIM100-1, the public key certificate generation unit 102 generates the public key certificate C_K1p of the public key K1p generated by the key generation unit 101. The generation of this public key certificate C_K1p is performed in the secure RAM in SIM100-1. The public key certificate C_K1p includes a public key K1p, SIM identification information simid1, and an electronic signature of the public key K1p. The electronic signature of the public key K1p is the encrypted data obtained by encrypting the digest of the data including the public key K1p and the SIM identification information simid1 with the certificate authority private key Krs. Here, a hash value is used as an example of the digest. Further, as an example of the public key certificate format, the public key certificate format of the "X.509" standard defined by ITU-T (International Telecommunication Union-Telecommunication) or the like is used. The public key K1p is stored in a predetermined position in the public key certificate format of the "X.509" standard. Further, the SIM identification information simid1 is stored in the position of "subject parameter: name of the subject" in the public key certificate format of the "X.509" standard.

The method of generating the public key certificate C_K1p in SIM100-1 will be specifically described. In SIM100-1, the public key certificate generation unit 102 uses a hash value hash (K1p, simid1) of data in the public key certificate format of the "X.509" standard that stores the public key K1p and the SIM identification information simid1. calculate. Next, the public key certificate generation unit 102 encrypts the hash value hash (K1p, simid1) with the certificate authority secret key Krs stored in the certificate authority key storage unit 105 of SIM100-1. The encrypted data Krs (hash (K1p, simid1)) is an electronic signature of the public key K1p. Next, the public key certificate generation unit 102 public key certificate of the "X.509" standard including the public key K1p, the SIM identification information simid1, and the electronic signature Krs (hash (K1p, simid1)) of the public key K1p. It constitutes a public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" in a calligraphy format.

SIM100-1 passes the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" generated by the public key certificate generation unit 102 to the public key / private key issuing application.

(Step S4) In the communication device 3-1 the public key / private key issuing application uses the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" received from SIM100-1 in the communication unit 130. Output to. The communication unit 130 transmits the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" to the communication device 3-2.

In the communication device 3-2, the communication unit 130 receives the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" from the communication device 3-1. The communication unit 130 passes the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" to the public key certificate management application.

(Step S5) In the communication device 3-2, the public key certificate management application applies the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" received from the communication device 3-1 to SIM100-. Pass it to 2 and instruct the verification of the public key certificate C_K1p. In SIM100-2, the verification unit 103 uses the certificate authority public key certificate C_Krp stored in the certificate authority key storage unit 105 of SIM100-2 to use the public key certificate C_K1p "K1p, simid1, Krs (hash)". (K1p, simid1)) ”is verified. Verification of this public key certificate C_K1p is performed in the secure RAM in SIM100-2. The secure RAM in the SIM100-2 is a volatile storage area that cannot be accessed from the outside of the SIM100-2. Therefore, the processing performed in the secure RAM in the SIM100-2 is concealed from the outside of the SIM100-2.

The verification method of the public key certificate C_K1p in SIM100-2 will be specifically described. In SIM100-2, the verification unit 103 acquires the public key K1p and the SIM identification information simid1 from the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))", and the acquired public key K1p. The verification data in which the SIM identification information simid1 is stored in the public key certificate format of the "X.509" standard is generated. In the verification data, the public key K1p is stored in a predetermined position in the public key certificate format of the "X.509" standard. In the verification data, the SIM identification information simid1 is stored in the position of "subject parameter: subject name" in the public key certificate format of the "X.509" standard. Next, the verification unit 103 calculates a verification hash value hash'(K1p, simid1), which is a hash value of the verification data. Next, the verification unit 103 acquires the electronic signature Krs (hash (K1p, simid1)) from the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))", and the acquired electronic signature Krs (hash). (K1p, simid1)) is decrypted with the certificate authority public key Krp of the certificate authority public key certificate C_Krp stored in the certificate authority key storage unit 105 of SIM100-2. Decoding data "Krp · Krs (hash (K1p, simid1))" is obtained by this decoding. Next, the verification unit 103 determines whether the verification hash value hash'(K1p, simid1) and the decoded data "Krp · Krs (hash (K1p, simid1))" match. As a result of this determination, if they match, the verification of the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" is passed, and if they do not match, the public key certificate C_K1p "K1p," The verification of "simid1, Krs (hash (K1p, simid1))" fails.

In the communication device 3-2, the SIM100-2 notifies the public key certificate management application of the verification result of the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))".

(Step S6) In the communication device 3-2, the public key certificate management application is the result of verification of the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" notified from SIM100-2. If is passed, the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" is stored. In the storage of this public key certificate C_K1p, the SIM identification information stored in the position of "subject parameter: subject name" of the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))". The flash memory in the control unit 140 of the communication device 3-2 is obtained by acquiring simid1 and associating the acquired SIM identification information simid1 with the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))". Store in.

On the other hand, if the public key certificate management application fails the verification result of the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" notified from SIM100-2, The public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" is destroyed. Further, a predetermined error processing may be executed.

[Procedure for sending information]
Next, steps S7 to S12 of the information sending procedure will be described.

(Step S7) In the communication device 3-1 the signature generation application calculates a digest of information to be transmitted to the communication device 3-2. Here, a hash value is used as an example of the digest. The signature generation application passes the calculated hash value hash (information) to SIM100-1, and instructs SIM100-1 to generate a signature.

(Step S8) The encryption processing unit 104 of SIM100-1 calculates a hash value hash (hash (information), simid1) of data including the hash value hash (information) received from the signature generation application and the SIM identification information simid1. do. Further, the encryption processing unit 104 encrypts the calculated hash value hash (hash (information), simid1) with the secret key K1s stored in the secret key storage unit 106 of the SIM100-1. The encrypted data K1s (hash (hash (information), simid1)) is an electronic signature of information to be transmitted to the communication device 3-2. The generation of the digital signature K1s (hash (hash (information), simid1)) is performed in the secure RAM in the SIM100-1.

(Step S9) SIM100-1 passes the electronic signature K1s (hash (hash (information), simid1)) generated by the encryption processing unit 104 to the signature generation application.

(Step S10) In the communication device 3-1 the signature generation application outputs the electronic signature K1s (hash (hash (information), simid1)) received from the SIM100-1 to the communication unit 130. The communication unit 130 transmits the electronic signature K1s (hash (hash (information), simid1)), the information to be transmitted to the communication device 3-2, and the SIM identification information simid1 to the communication device 3-2.

In the communication device 3-2, the communication unit 130 receives the electronic signature K1s (hash (hash (information), simid1)), the information, and the SIM identification information simid1 from the communication device 3-1. The communication unit 130 passes the received electronic signature K1s (hash (hash (information), simid1)), information, and SIM identification information simid1 to the signature verification application.

(Step S11) In the communication device 3-2, the signature verification application calculates a verification hash value hash'(information) which is a hash value of the information received from the communication device 3-1. Further, the signature verification application has a verification hash value hash'(information) which is a hash value of data including the verification hash value hash'(information) and the SIM identification information simid1 received from the communication device 3-1. , Simid1) is calculated.

(Step S12) In the communication device 3-2, the signature verification application notifies the public key certificate management application of the SIM identification information simid1 received from the communication device 3-1 and requests the public key certificate. The public key certificate management application is a signature verification application for the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" stored in association with the SIM identification information simid1 notified from the signature verification application. Pass to. The signature verification application acquires the public key K1p from the public key certificate C_K1p "K1p, simid1, Krs (hash (K1p, simid1))" received from the public key certificate management application. The signature verification application decodes the electronic signature K1s (hash (hash (information), simid1)) received from the communication device 3-1 with the acquired public key K1p. Decoding data "K1p · K1s (hash (hash (information), simid1))" is obtained by this decoding. The signature verification application determines whether the verification hash value hash'(hash' (information), simid1) and the decryption data "K1p · K1s (hash (hash (information), simid1))" match. If the results of this determination match, the verification of the validity of the information received from the communication device 3-1 is passed. On the other hand, if they do not match, the verification of the validity of the information received from the communication device 3-1 fails. If it fails, the information received from the communication device 3-1 is discarded. Further, a predetermined error processing may be executed. For example, it may notify that the information received from the communication device 3-1 has been tampered with, or that the transmitting side of the information is a fake (spoofing or the like).

According to this embodiment, the communication device 3 functions as a certificate authority (CA) and generates a public key certificate. Therefore, the supply side of the public key (public key certificate) does not have to send the public key to the certificate authority of a third-party organization to have the public key certificate issued. This has the effect of reducing the time and effort required to exchange the public key (public key certificate). In addition, the burden of costs and application procedures can be reduced as compared with the case of using the conventional PKI.

In the present embodiment, the SIM 100 included in the communication device 3 is a SIM whose user has been authenticated by the communication carrier. This can make the communication device 3 the basis of trust as a certificate authority.

In the present embodiment, the encryption processing unit 104 of the SIM 100 is an example of the first encryption processing unit. The signature verification application, which is one of the applications 150 of the control unit 140 of the communication device 3, is an example of the second encryption processing unit. The public key certificate management application, which is one of the applications 150 of the control unit 140 of the communication device 3, is an example of the public key certificate management unit. SIM100 is an example of a subscriber identification unit.

The person operating the communication device 3 may be bound (associated) with the communication device 3. For example, memory authentication is added to input a predetermined password for the operation or information to be authenticated. Specifically, for example, when the communication device 3 generates a public key or a public key certificate, a person operating the communication device 3 may be made to enter a predetermined password. Further, when digitally signing with the private key in the SIM 100 of the communication device 3, a person operating the communication device 3 may be made to enter a predetermined password.

Further, on condition that the consent of the owner of the communication device 3 is obtained, the operation history of the communication device 3 (position information at the time of operation, application execution history, etc.) is associated with the public key certificate or the public key certificate. It may be electronically signed by filling in the form of the attached attribute certificate.

Further, subject to the consent of the owner of the communication device 3, the information of the owner possessed by the communication carrier is described in the public key certificate or the form of the attribute certificate associated with the public key certificate. May be digitally signed.

Further, SIM is a general term for communication modules that store unique identification information associated with user identification information, and is not limited to communication modules used in a specific communication system system. For example, UIM (User Identity Module), USIM (Universal Subscriber Identity Module), eSIM (Embedded Subscriber Identity Module) and the like may be used.

The communication device 3 on the sending side of the public key certificate does not have to have the function of verifying the public key certificate and the function of storing the public key certificate. Specifically, the communication device 3 on the sending side of the public key certificate does not have to include the verification unit 103 and the public key certificate management application.

Further, the communication device 3 on the receiving side of the public key certificate does not have to have the function of generating the public key certificate. Specifically, the communication device 3 on the receiving side of the public key certificate does not have to include the public key certificate generation unit 102 and the private key storage unit 106.

Further, the SIM 100 may store a pair of a public key and a private key in advance. For example, at the time of manufacturing the SIM 100, a pair of a public key and a private key may be stored in the SIM 100. If the SIM 100 stores a public key / private key pair in advance, the SIM 100 does not have to include the key generation unit 101.
Further, the SIM 100 may have a plurality of public key (public key certificate) and private key pairs generated or stored. In this case, for example, the communication device 3 may use a pair of a public key (public key certificate) and a private key properly according to the communication partner. Further, the communication device 3 may switch to another pair when a certain public key (public key certificate) and private key pair is leaked.

The user identification information associated with the SIM identification information may be included in the public key certificate. When the user identification information is included in the public key certificate, the SIM identification information may not be included in the public key certificate. When the user identification information is included in the public key certificate, the public key certificate management unit may store the public key certificate in association with the user identification information.

Further, the user identification information associated with the SIM identification information may be included in the electronic signature of the information to be transmitted. In this case, when the information is transmitted, the user identification information and the electronic signature are transmitted together.

[Second Embodiment]
The second embodiment is a modification of the first embodiment described above. FIG. 3 is a configuration diagram showing a communication system 1 according to the second embodiment. In FIG. 3, the parts corresponding to the parts of FIG. 1 are designated by the same reference numerals, and the description thereof will be omitted. The communication device 3 according to the second embodiment shown in FIG. 3 further includes a wireless communication unit 160 and a certificate authority key update unit 170 with respect to the communication device 3 of the first embodiment shown in FIG. 1 described above. Hereinafter, the difference from the above-described first embodiment will be mainly described.

In the communication device 3, the wireless communication unit 160 communicates via the wireless communication network 40 connected by using the SIM 100. The SIM 100 stores information for using the wireless communication network 40. The wireless communication unit 160 can use the wireless communication network 40 by using the SIM 100. The wireless communication unit 160 connects to the wireless communication network 40 by a wireless communication line established by using the SIM 100.

The certificate authority key update unit 170 receives a pair of a new certificate authority public key certificate and a certificate authority private key shared with the SIM 100 of another communication device 3 from the management server device 30 via the wireless communication network 40. The management server device 30 manages a pair of a certificate authority public key certificate and a certificate authority private key. The management server device 30 transmits a new certificate authority public key certificate and a certificate authority private key pair to be shared by the SIM 100s of the plurality of communication devices 3 to the plurality of communication devices 3 via the wireless communication network 40. The certificate authority key update unit 170 passes the pair of the certificate authority public key certificate and the certificate authority private key received from the management server device 30 via the wireless communication network 40 to the SIM 100, and the certificate authority public key certificate and the certificate authority Instruct to update the private key pair. The SIM 100 stores the pair of the certificate authority public key certificate and the certificate authority private key received from the certificate authority key updater 170 in the certificate authority key storage unit 105 as the latest certificate authority public key certificate and the certificate authority private key pair. do. As a result, the pair of the certificate authority public key certificate and the certificate authority private key shared in the SIM 100 of the plurality of communication devices 3 is updated with the new certificate authority public key certificate and the certificate authority private key pair.

According to the present embodiment, when the pair of the certificate authority public key certificate and the certificate authority private key held by the SIM 100 is updated to a new one, the new certificate authority public key certificate and the certificate authority private key are used. The pair can be supplied to each SIM 100 by wireless communication. Therefore, there is no need to replace the SIM100 in order to update the pair of the certificate authority public key certificate and the certificate authority private key to a new one. This has the effect of reducing the burden of updating the pair of the certificate authority public key certificate and the certificate authority private key to a new one.

[Third Embodiment]
The third embodiment is an application example of the first embodiment or the second embodiment described above. FIG. 4 is a configuration diagram showing a communication system 1 according to a third embodiment. The communication system 1 shown in FIG. 4 includes a communication terminal 3-3 and a communication terminal 3-4. The communication terminal 3-3 and the communication terminal 3-4 have the same configuration as the communication device 3 of the first embodiment or the second embodiment described above. The communication terminal 3-3 and the communication terminal 3-4 may be, for example, a mobile communication terminal device such as a smartphone or a tablet-type computer (tablet PC), or a stationary communication terminal device (for example, stationary). It may be a stationary personal computer, a server computer, a home gateway, etc.).

The communication terminal 3-3 includes SIM100-3. The communication terminal 3-4 includes SIM100-4. SIM100-3 and SIM100-4 have the same configuration as SIM100 of the first embodiment or the second embodiment described above. As a result, SIM100-3 and SIM100-4 are provided with a certificate authority (CA) 210 as a functional unit thereof. Therefore, the communication terminal 3-3 and the communication terminal 3-4 function as a certificate authority (CA). The certificate authority 210 of SIM100-3 and the certificate authority 210 of SIM100-4 have the same certificate authority public key certificate and certificate authority private key pair.

SIM100-3 and SIM100-4 include a client 220 as a functional unit thereof. In SIM100-3, the client 220 passes its public key to the certificate authority 210 to generate a public key certificate (client public key certificate) of the public key. Similarly, in SIM 100-4, the client 220 passes its public key to the certificate authority 210 to generate a public key certificate (client public key certificate) of the public key.

The communication terminal 3-3 and the communication terminal 3-4 include an application 240. The processing of the application 240 is performed in the memory 230 in the self-communication terminal. Application 240 performs authentication processing and signature processing.

As shown in FIG. 4, in the communication system 1 according to the third embodiment, the communication terminal 3-3 and the communication terminal 3-4 transmit their own client public key certificate to the communication partner. Each of the communication terminal 3-3 and the communication terminal 3-4 verifies the validity of the received client public key certificate by its own certificate authority 210. The communication terminal 3-3 and the communication terminal 3-4 use the client public key certificate of the communication partner after confirming the validity by its own authentication authority 210. The client public key certificate is used for mutual authentication between communication terminals and digital signatures of information exchanged between communication terminals. Examples of the mutual authentication method include a challenge-response authentication method.

Next, an embodiment according to the third embodiment will be described.

(Example 1)
The first embodiment according to the third embodiment will be described with reference to FIG. FIG. 5 is an explanatory diagram showing a communication system 1 according to a first embodiment of the third embodiment. The communication system 1 shown in FIG. 5 is applied to an online banking service system. In FIG. 5, the communication terminal 3-3 includes an application 310 of an online banking service system. The communication terminal 3-4 includes a service site 320 of an online banking service system. Hereinafter, the communication method according to the communication system 1 shown in FIG. 5 will be described.

(Step S101) In the communication terminal 3-3, the application 310 performs an input process of a user ID (identification information) and a password (Password) as a login process to the service site 320. The application 310 transmits the ID and password input by the user to the service site 320 of the communication terminal 3-4. In the communication terminal 3-4, the service site 320 verifies the validity of the ID and the password received from the application 310 of the communication terminal 3-3 as a login process. If the result of this verification is acceptable, the process proceeds to the subsequent processing. On the other hand, if the verification of the ID and password fails, the process ends. If the verification of the ID and the password fails, a predetermined error processing may be executed.

(Step S102) In the communication terminal 3-3, the application 310 transmits the client public key certificate of the own communication terminal to the service site 320 of the communication terminal 3-4.

(Step S103) In the communication terminal 3-4, the service site 320 verifies the validity of the client public key certificate received from the application 310 of the communication terminal 3-3 by the certificate authority 210 of the own communication terminal. If the result of this verification is acceptable, the process proceeds to the subsequent processing. On the other hand, if the verification of the client public key certificate fails, the process ends. If the verification of the client public key certificate fails, the predetermined error processing may be executed.

(Step S104) In the communication terminal 3-4, the service site 320 generates a random number, and the generated random number is used as a challenge value. The service site 320 transmits the challenge value (random number) to the application 310 of the communication terminal 3-3.

(Step S105) In the communication terminal 3-3, the application 310 uses the challenge value (random number) received from the service site 320 of the communication terminal 3-4 as a secret pair with the public key of the client public key certificate of the own communication terminal. Encrypt with the key Ks. The encryption of the challenge value (random number) is performed in the secure RAM in the SIM100-3 of the communication terminal 3-3. The application 310 transmits the encrypted data Ks (random number), which is the result of encryption of the challenge value (random number), as a response value to the service site 320 of the communication terminal 3-4.

(Step S106) In the communication terminal 3-4, the service site 320 verifies the validity of the response value Ks (random number) received from the application 310 of the communication terminal 3-3 of the client public key certificate of the communication terminal 3-3. Validate using the public key. For example, if the result of decoding the response value Ks (random number) with the public key matches the challenge value (random number), the verification is passed, while if it does not match the challenge value (random number), the verification is rejected. do. If the result of the verification of the response value Ks (random number) is passed, the login to the service site 320 is successful. On the other hand, if the verification of the response value Ks (random number) fails, the login to the service site 320 fails. If the verification of the response value Ks (random number) fails, a predetermined error process may be executed.

According to the first embodiment, in the user authentication, in addition to the ID / password authentication, the challenge / response authentication can be further performed. As a result, user authentication can be performed by two authentication elements, ID / password authentication and challenge / response authentication, so that the reliability of user authentication is improved. For this reason, in the past, in order to improve the reliability of ID / password authentication, tools such as a random number table for updating passwords and a time-synchronized one-time password generation application have been used. This makes it possible to avoid using those tools.

Further, since the service site 320 stores the client public key certificate of the communication terminal 3-3, if the communication terminal 3-3 is lost, the user cannot use the client public key certificate of the communication terminal 3-3. In that case, the user authentication of the user fails in the challenge-response authentication. This functions as a remote lock for logging in to the service site 320 by the user's ID when the communication terminal 3-3 is lost.

(Example 2)
The second embodiment according to the third embodiment will be described with reference to FIG. FIG. 6 is an explanatory diagram showing a communication system 1 according to a second embodiment of the third embodiment. The communication system 1 shown in FIG. 6 is applied to an online shopping service system. In FIG. 6, the communication terminal 3-3 includes an application 410 of an online shopping service system. The communication terminal 3-4 includes a service site 420 of an online shopping service system. Hereinafter, the communication method according to the communication system 1 shown in FIG. 6 will be described. In FIG. 6, the parts corresponding to each step in FIG. 5 are designated by the same reference numerals, and the description thereof will be omitted.

In FIG. 6, as a result of executing the processes from steps S101 to S106, the user authentication passed, and the login to the service site 420 with the user's ID was successful. After that, the user executes an online shopping purchasing operation with the ID at the service site 420.

(Step S201) In the communication terminal 3-3, the application 410 digitally signs the purchase operation information indicating the purchase operation performed by the user by using the public key of the client public key certificate of the own communication terminal and the paired private key Ks. Generate. The generation of this electronic signature is performed in the secure RAM in the SIM100-3 of the communication terminal 3-3. The application 410 transmits the purchase operation information and the electronic signature of the purchase operation information to the service site 320 of the communication terminal 3-4.

(Step S202) In the communication terminal 3-4, the service site 420 verifies the validity of the electronic signature of the purchase operation information received from the application 410 of the communication terminal 3-3 of the client public key certificate of the communication terminal 3-3. Validate using the public key. If the result of the verification of the electronic signature of the purchase operation information is passed, the service site 420 accepts the purchase operation indicated by the purchase operation information received from the application 410 of the communication terminal 3-3. As a result, the purchasing operation performed by the user is executed at the service site 420. On the other hand, if the verification of the electronic signature of the purchase operation information fails, the service site 420 does not accept the purchase operation indicated by the purchase operation information received from the application 410 of the communication terminal 3-3. As a result, the purchasing operation performed by the user is not executed at the service site 420. If the verification of the electronic signature of the purchase operation information fails, the predetermined error processing may be executed.

According to the second embodiment, as in the first embodiment, the user authentication can be performed by the two authentication elements of ID / password authentication and challenge / response authentication, so that the reliability of the user authentication is improved. do.

Further, according to the second embodiment, when accepting a purchase operation, the validity of the purchase operation can be confirmed by verifying the validity of the electronic signature of the purchase operation information. For this reason, in the past, identity verification by telephone was performed to confirm the validity of the purchasing operation, but according to the second embodiment, it is possible to avoid performing identity verification by telephone. ..

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to this embodiment, and includes design changes and the like within a range that does not deviate from the gist of the present invention.

A computer program for realizing the functions of the communication device or the communication terminal according to the above-described embodiment is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into the computer system and executed. You may try to do it. The "computer system" here may include hardware such as an OS and peripheral devices.
The "computer-readable recording medium" is a flexible disk, a magneto-optical disk, a ROM, a writable non-volatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Furthermore, the "computer-readable recording medium" is a volatile memory inside a computer system that serves as a server or client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line (for example, DRAM (Dynamic)). It also includes those that hold the program for a certain period of time, such as Random Access Memory)).
Further, the program may be transmitted from a computer system in which this program is stored in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
Further, the above program may be for realizing a part of the above-mentioned functions. Further, a so-called difference file (difference program) may be used, which can realize the above-mentioned function in combination with a program already recorded in the computer system.

1 ... Communication system, 3-1, 3-2 ... Communication device, 3-3, 3-4 ... Communication terminal, 10 ... Communication operator database, 30 ... Management server device, 40 ... Wireless communication network, 100-1 ~ 4 ... SIM, 101 ... key generation unit, 102 ... public key certificate generation unit, 103 ... verification unit, 104 ... encryption processing unit, 105 ... certificate authority key storage unit, 106 ... secret key storage unit, 130 ... communication unit, 140 ... control unit, 160 ... wireless communication unit, 170 ... certificate authority key update unit, 210 ... certificate authority

Claims (5)

A subscriber identification unit that stores the subscriber identification unit identification information, which is the subscriber identification unit issued by the telecommunications carrier to the user authenticated by the telecommunications carrier and is the identification information of the subscriber identification unit, and the subscriber identification unit.
Use the public key certificate that is another communication device that stores the public key certificate in advance and that the other communication device stores in advance the public key certificate to be verified received from the communication device other than the other communication device. It is equipped with a communication unit that communicates with the other communication device to be verified.
The subscriber identification unit
A key storage unit that stores in advance the private key of the pair for the public key certificate that is stored in advance by the other communication device, and
Public key certificate generation to generate "public key certificate including the subscriber identification unit identification information or the user identification information which is the user identification information" using the private key stored in the key storage unit. Department and
A private key storage unit that stores a pair of private keys for the public key certificate generated by the public key certificate generation unit is provided.
The communication unit is a communication device that transmits the public key certificate generated by the public key certificate generation unit to the other communication device.
When the public key certificate generator generates a public key certificate, a storage that causes an operator operating the own communication device to input a predetermined password for authentication for generating a public key certificate. Further equipped with a certification unit
Communication device. The subscriber identification unit uses the secret key stored in the secret key storage unit to perform encryption processing of the public key encryption method for the subscriber identification unit identification information or the information including the user identification information. Further equipped with a cryptographic processing unit that executes
The communication device according to claim 1. A wireless communication unit that communicates via a wireless communication network connected using the subscriber identification unit, and a wireless communication unit.
A key updater that receives a new public key certificate and private key pair shared with the other communication device via the wireless communication network.
The communication device according to any one of claims 1 or 2, further comprising. A subscriber identification unit that stores the subscriber identification unit identification information, which is the subscriber identification unit issued by the telecommunications carrier to the user authenticated by the telecommunications carrier and is the identification information of the subscriber identification unit, and the subscriber identification unit.
Use the public key certificate that is another communication device that stores the public key certificate in advance and that the other communication device stores in advance the public key certificate to be verified received from the communication device other than the other communication device. In a communication method of a communication device including a communication unit that communicates with the other communication device.
A key storage step in which the subscriber identification unit stores in advance the private key of the pair for the public key certificate stored in advance by the other communication device.
The subscriber identification unit uses the private key stored in the key storage step to generate "a public key certificate including the subscriber identification unit identification information or the user identification information which is the user identification information". Public key certificate generation step and
A secret key storage step in which the subscriber identification unit stores a pair of private keys for the public key certificate generated in the public key certificate generation step.
A communication method including a transmission step in which the communication unit transmits the public key certificate generated in the public key certificate generation step to the other communication device.
Memory for having the operator operating the self-communication device enter a predetermined password for authentication for generating the public key certificate when the public key certificate is generated in the public key certificate generation step. Including additional authentication steps,
Communication method. It is provided with a subscriber identification unit that stores the subscriber identification unit identification information, which is the subscriber identification unit issued by the telecommunications carrier and is the identification information of the subscriber identification unit, for the user authenticated by the telecommunications carrier. To the computer of the self-communication device
Use the public key certificate that is another communication device that stores the public key certificate in advance and that the other communication device stores in advance the public key certificate to be verified received from the communication device other than the other communication device. To realize a communication function that communicates with the other communication device
To the computer of the subscriber identification unit
A key storage function that stores in advance the private key of the pair for the public key certificate that is stored in advance by the other communication device, and
Public key certificate generation to generate "public key certificate including the subscriber identification unit identification information or the user identification information which is the user identification information" using the private key stored by the key storage function. Functions and
A private key storage function for storing a pair of private keys for the public key certificate generated by the public key certificate generation function is realized.
The communication function is a computer program that transmits the public key certificate generated by the public key certificate generation function to the other communication device.
To the computer of the self-communication device
When the public key certificate generation function generates a public key certificate, a storage that causes an operator operating the own communication device to input a predetermined password for authentication for generating a public key certificate. Further realize the authentication function,
Computer program.

Images