Communication systems, servers, and devices
The communication system addresses the issue of increased processing and data load by performing challenge-response authentication before public key communication, thereby reducing the need for repeated authentication processes.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- TOPPAN HOLDINGS INC
- Filing Date
- 2024-12-09
- Publication Date
- 2026-06-19
AI Technical Summary
Existing communication systems require repeated generation and verification of signature information and authentication codes for each data transmission, leading to increased processing load and communication data volume.
A communication system that performs challenge-response authentication before public key communication, allowing devices to send authentication data to a server for verification, reducing the need for repeated signature and authentication code generation and verification.
Suppresses the increase in processing load and communication data volume by eliminating the need for repeated authentication processes during ongoing communication sessions.
Smart Images

Figure 2026100218000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to communication systems, servers, and devices.
Background Art
[0002] PKI (Public Key Infrastructure) is used to achieve secure communication. PKI is a security infrastructure that utilizes a public-key cryptosystem using a pair of public and private keys to securely exchange information over the Internet.
[0003] In the public-key cryptosystem, separate keys, the public key and the private key, are used when encrypting (decrypting) data. The public key is a key that can be obtained by anyone, but the private key is held only by the receiving side. If the management of the private key is strictly carried out, even if a malicious third party obtains the public key, as long as there is no private key, the encrypted data cannot be decrypted, so the content of the encrypted data will not leak.
[0004] In PKI, a certification authority (CA) generates a public-key certificate that proves the validity of the public key. FIG. 5 shows a procedure for generating a public-key certificate in the prior art.
[0005] Device 4 generates a pair of public and private keys (step S200), and generates a certificate signing request (CSR) including information necessary for generating a public-key certificate (step S205). Device 4 generates signature information (electronic signature) by encrypting the CSR and the public key with the private key (step S210), and transmits the CSR, the public key, and the signature information to server 5 (step S215).
[0006] Server 5 decrypts the signature information using the public key received from device 4 and obtains the CSR and public key. Server 5 verifies the signature information by comparing the decrypted CSR and public key with the CSR and public key received from device 4 (step S220). If it is confirmed that the signature information has not been tampered with, Server 5 generates a public key certificate (step S225) and sends the public key certificate to device 4 (step S230).
[0007] If the signature information (more precisely, the private key used to generate the signature information) and public key sent to Server 5 are tampered with, it becomes possible to issue a public key certificate for a fraudulent public key and private key pair.
[0008] Patent Document 1 discloses a system capable of verifying the legitimacy of a public key. In the system disclosed in Patent Document 1, an IoT (Internet of Things) device obtains a public key from a secure element, transmits the public key to a device management device, and the device management device applies to a CA for the issuance of a public key certificate. Figure 6 shows the procedure for generating a public key certificate in a system similar to the one disclosed in Patent Document 1.
[0009] Device 4 and server 5 share a code key in advance, which will be used to generate the authentication code described later (step S300).
[0010] Device 4 generates a public key and private key pair (step S305) and generates a CSR (step S310). Device 4 generates signature information by encrypting the CSR and public key with the private key (step S315). Device 4 also generates an authentication code by encrypting the public key with the code key (step S320) and sends the CSR, public key, signature information, and authentication code to Server 5 (step S325).
[0011] Server 5 decrypts the signature information with the public key received from device 4 and obtains the CSR and public key. Server 5 verifies the signature information by comparing the decrypted CSR and public key with the CSR and public key received from device 4 (step S330). Server 5 generates an authentication code by encrypting the public key received from device 4 with a code key it holds (step S340). Server 5 verifies the identity of the public key by comparing the authentication code it generated with the authentication code received from device 4 (step S340). If it is confirmed that the signature information has not been tampered with and the identity of the public key has been confirmed, Server 5 generates a public key certificate (step S345) and sends the public key certificate to device 4 (step S350).
[0012] If the public key and signature information sent from device 4 to server 5 are tampered with, the authentication code generated by server 5 will not match the authentication code received from device 4. This mechanism allows server 5 to verify the legitimacy of the public key received from device 4. [Prior art documents] [Patent Documents]
[0013] [Patent Document 1] Japanese Patent Publication No. 2021-100227 [Overview of the Initiative] [Problems that the invention aims to solve]
[0014] In the system disclosed in Patent Document 1, an authentication code is used to ensure the reliability of the public key. However, if it is necessary to send data other than the public key from device 4 to server 5, signature information and an authentication code for that data are also required to ensure the reliability of that data. Therefore, after the communication shown in Figure 6 is performed, device 4 generates signature information and an authentication code to send new data and sends the signature information and authentication code to server 5. Server 5 verifies the signature information and authentication code. Thus, each time device 4 sends data, it is necessary to generate and send signature information and an authentication code in device 4, and to verify the signature information and authentication code in server 5, which increases the processing load and the amount of communication data.
[0015] The present invention aims to provide a communication system, server, and device that can suppress increases in processing load and communication data volume. [Means for solving the problem]
[0016] The present invention relates to a communication system comprising a device and a server, wherein the device comprises: an authentication data generation unit that generates authentication data used for authentication processing performed by the server; a first communication unit that transmits the authentication data to the server, receives an authentication result indicating that the authentication of the device was successful in the authentication processing, transmits the public key of the device to the server if the authentication result is received, and receives a public key certificate generated by the server; and the server comprises: a second communication unit that receives the authentication data and the public key, and transmits the authentication result and the public key certificate; an authentication processing unit that performs the authentication processing based on the authentication data and generates the authentication result if the authentication of the device is successful; and a certificate generation unit that generates the public key certificate including the public key.
[0017] The present invention relates to a server that has a communication unit that receives the authentication data and the public key of the device from a device that generates authentication data used for authentication processing, an authentication processing unit that executes the authentication processing based on the authentication data and generates an authentication result when the authentication of the device is successful, and a certificate generation unit that generates a public key certificate including the public key. After transmitting the authentication result to the device, the communication unit receives the public key from the device and transmits the public key certificate to the device.
[0018] The present invention relates to a device that has an authentication data generation unit that generates authentication data used for authentication processing executed by a server, a communication unit that transmits the authentication data to the server, receives an authentication result indicating that the authentication of the device has been successful in the authentication processing, transmits the public key of the device to the server when the authentication result is received, and receives a public key certificate generated by the server.
Advantages of the Invention
[0019] According to the present invention, a communication system, a server, and a device can suppress an increase in processing load and communication data volume.
Brief Description of the Drawings
[0020] [Figure 1] It is a diagram showing an example of the configuration of a communication system according to an embodiment of the present invention. [Figure 2] It is a block diagram showing an example of the configuration of a device according to an embodiment of the present invention. [Figure 3] It is a block diagram showing an example of the configuration of a server according to an embodiment of the present invention. [Figure 4] It is a sequence diagram showing an example of the procedure of processing executed by a communication system according to an embodiment of the present invention. [Figure 5] It is a sequence diagram showing a procedure for generating a public key certificate in the prior art. [Figure 6] It is a sequence diagram showing a procedure for generating a public key certificate in the prior art.
Best Mode for Carrying Out the Invention
[0021] Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 shows an example of the configuration of a communication system 1 according to an embodiment of the present invention.
[0022] The communication system 1 shown in FIG. 1 includes a device 2 and a server 3. The device 2 may be, for example, an IC card or a security element having tamper resistance. The device 2 and the server 3 communicate with each other.
[0023] FIG. 2 shows an example of the configuration of the device 2. The device 2 includes a communication unit 20, a storage unit 21, and a control unit 22. The communication unit 20 has a communication circuit and communicates with the server 3. The storage unit 21 is a non-volatile memory such as an EPROM (Erasable Programmable Read-Only Memory), an EEPROM (Electrically Programmable Read-Only Memory), or a flash memory. The storage unit 21 stores data processed by the control unit 22.
[0024] The control unit 22 includes a key generation unit 220, a CSR processing unit 221, an authentication processing unit 222, and a communication control unit 223. The key generation unit 220 generates a pair of a public key and a secret key of the device 2. The CSR processing unit 221 generates a CSR including information necessary for generating a public key certificate. The authentication processing unit 222 performs challenge-response authentication with the server 3. The communication control unit 223 controls the communication executed by the communication unit 20.
[0025] The control unit 22 may be implemented by a processor such as a CPU (Central Processing Unit) executing a program recorded on a computer-readable recording medium. The control unit 22 may be implemented by hardware (circuits) such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field-Programmable Gate Array). The control unit 22 may be implemented by a combination of software and hardware.
[0026] Computer-readable recording media include portable media such as flexible disks, magneto-optical disks, ROMs, or CD-ROMs, or storage units such as hard disks built into computer systems. The program described above may also be a differential file (differential program). The functions of the control unit 22 may be realized by a combination of a program already recorded in the computer and a differential program.
[0027] Figure 3 shows an example of the configuration of server 3. Server 3 has a communication unit 30, a storage unit 31, and a control unit 32. The communication unit 30 has a communication circuit and communicates with device 2. The storage unit 31 is a non-volatile memory such as EPROM, EEPROM, or flash memory. The storage unit 31 stores data that is processed by the control unit 32.
[0028] The control unit 32 includes an authentication processing unit 320, a certificate generation unit 321, and a communication control unit 322. The authentication processing unit 320 performs challenge-response authentication with device 2. The certificate generation unit 321 generates a public key certificate. The communication control unit 322 controls the communication performed by the communication unit 30.
[0029] The control unit 32 may be implemented by the processor executing a program recorded on a computer-readable recording medium. The control unit 32 may be implemented by hardware (circuits) such as an ASIC or FPGA. The control unit 32 may be implemented by a combination of software and hardware. The functions of the control unit 32 may be implemented by a combination of a program already recorded in the computer and a differential program.
[0030] Figure 4 shows an example of the procedure performed by communication system 1. Referring to Figure 4, the processes performed by device 2 and server 3 will be described.
[0031] (Step S100) The key generation unit 220 of device 2 generates a public key and a private key pair for device 2. The generated public key and private key are stored in the storage unit 21.
[0032] (Step S105) The CSR processing unit 221 of device 2 generates a CSR that includes the domain information of device 2. The CSR may also include the public key of device 2.
[0033] (Step S110) The communication unit 20 of device 2 sends a public key certificate issuance request to server 3. The communication unit 30 of server 3 receives the issuance request and outputs the issuance request to the control unit 32.
[0034] (Step S115) The authentication processing unit 320 of server 3 generates data called a challenge based on a random number. The data that makes up the challenge is different each time. The authentication processing unit 320 outputs the generated challenge to the communication unit 30.
[0035] (Step S120) The communication unit 30 sends the challenge to device 2. The communication unit 20 of device 2 receives the challenge and outputs the challenge to the control unit 22.
[0036] (Step S125) The authentication processing unit 222 of device 2 inputs the combination of the password entered by the user and the challenge received from server 3 into a hash function and generates a response as a hash value. The storage unit 21 of device 2 stores the password entered by the user, and the authentication processing unit 222 uses that password when generating the response. The authentication processing unit 222 outputs the generated response to the communication unit 20.
[0037] (Step S130) The communication unit 20 sends a response to the server 3. The communication unit 30 of the server 3 receives the response and outputs it to the control unit 32.
[0038] (Step S135) The storage unit 31 of server 3 stores the password in advance. The authentication processing unit 320 of server 3 inputs the combination of the password and the challenge generated in step S115 into a hash function and generates verification data as a hash value.
[0039] (Step S140) The authentication processing unit 320 compares the response received from device 2 with the verification data generated in step S135. If the response is the same as the verification data, the authentication processing unit 320 determines that the password for device 2 is valid. In this case, authentication for device 2 is successful. If the response is different from the verification data, the authentication processing unit 320 determines that the password for device 2 is invalid. In this case, authentication for device 2 fails. If the password for device 2 is valid, the authentication processing unit 320 outputs an authentication result to the communication unit 30 indicating that authentication for device 2 was successful.
[0040] In challenge-response authentication, plaintext passwords are not sent or received between device 2 and server 3. Therefore, an attacker cannot eavesdrop on the password during communication. Even if an attacker were to eavesdrop on the challenge and response, the properties of cryptographic hash functions make it extremely difficult for the attacker to deduce the password. If the challenge and response are long enough, it is virtually impossible for an attacker to deduce the password.
[0041] (Step S145) The communication unit 30 transmits the authentication result to device 2. The communication unit 20 of device 2 receives the authentication result and outputs the authentication result to the control unit 22.
[0042] (Step S150) The CSR processing unit 221 of device 2 outputs the CSR and public key to the communication unit 20. The CSR processing unit 221 does not need to generate signature information by encrypting the CSR and public key with the private key. The communication unit 20 sends the CSR and public key to server 3. The communication unit 30 of server 3 receives the CSR and public key and outputs the CSR and public key to the control unit 32.
[0043] (Step S155) The certificate generation unit 321 of server 3 generates a public key certificate based on the CSR and public key received from device 2, and outputs the public key certificate to the communication unit 30. The public key certificate includes the public key of device 2 and signature information generated by encrypting the public key of device 2 and other information with the private key of server 3.
[0044] (Step S160) The communication unit 30 sends the public key certificate to device 2. The communication unit 20 of device 2 receives the public key certificate and outputs it to the control unit 22. The control unit 22 stores the public key certificate in the storage unit 21.
[0045] In the procedure shown in Figure 4, device 2 and server 3 perform challenge-response authentication before public key communication takes place. If device 2's authentication is successful, server 3 trusts device 2 as its communication partner. Therefore, even if the CSR and public key sent from device 2 do not have signature information attached, server 3 determines that the CSR and public key have not been tampered with and generates a public key certificate.
[0046] Before challenge-response authentication begins, the communication control unit 223 of device 2 and the communication control unit 322 of server 3 establish a communication session. While the communication session is ongoing, the communication unit 20 of device 2 and the communication unit 30 of server 3 perform the communications in steps S110, S120, S130, S145, S150, and S160.
[0047] After the public key certificate communication is performed, while the above communication session continues, the communication unit 20 of device 2 can send new data to the server 3, and the communication unit 30 of server 3 can receive that data. While the communication session continues, device 2 and server 3 do not need to perform challenge-response authentication again. Therefore, compared to the system described in Patent Document 1, where communication of data other than the public key certificate is required, the increase in processing load and the amount of communication data can be suppressed.
[0048] In the system disclosed in Patent Document 1, device 4 needs to retain the CSR, public key, signature information, and authentication code in memory such as RAM (Random Access Memory) until the public key certificate communication is completed. On the other hand, in communication system 1, device 2 does not need to retain the challenge and response after the challenge-response authentication is completed, and only needs to retain the CSR and public key. Therefore, in communication system 1, the memory capacity of device 2 can be reduced.
[0049] If the communication session is terminated after the public key certificate communication has been performed, device 2 and server 3 will perform challenge-response authentication again, similar to steps S115 to S130. The authentication performed by device 2 and server 3 is not limited to challenge-response authentication. Device 2 and server 3 may also perform authentication using their own cryptographic schemes or authentication using certificates, etc.
[0050] The communication unit 20 of device 2 may send only the public key to server 3 in step S150 without sending a CSR. In that case, device 2 and server 3 share the information necessary for generating the public key certificate in advance.
[0051] As described above, the authentication processing unit 222 (authentication data generation unit) of device 2 generates a response (authentication data) used for the authentication process executed by server 3. The communication unit 20 (first communication unit) of device 2 sends the response to server 3, receives an authentication result indicating that authentication of device 2 was successful in the authentication process, and if an authentication result is received, sends the public key of device 2 to server 3 and receives the public key certificate generated by server 3. The communication unit 30 (second communication unit) of server 3 receives the response. The authentication processing unit 320 of server 3 executes the authentication process based on the response received from device 2 and generates an authentication result indicating that authentication of device 2 was successful if authentication of device 2 is successful. The certificate generation unit 321 of server 3 generates a public key certificate including the public key of device 2. After sending the authentication result indicating that authentication of device 2 was successful to device 2, the communication unit 30 of server 3 receives the public key from device 2 and sends the public key certificate to device 2.
[0052] If an authentication result indicating that authentication of device 2 was successful is received, the communication unit 20 of device 2 sends a CSR (Certificate Signing Request) to server 3 that includes the public key but does not include signature information encrypted with the public key and the corresponding private key.
[0053] A communication session is established between device 2 and server 3 before the response communication is performed. The communication unit 20 of device 2 and the communication unit 30 of server 3 perform the response communication, authentication result communication, public key communication, and public key certificate communication while the communication session is ongoing.
[0054] The communication unit 30 of server 3 sends a challenge in challenge-response authentication to device 2. The communication unit 20 of device 2 receives the challenge and sends the response in challenge-response authentication to server 3 as authentication data. The authentication processing unit 320 of server 3 performs authentication processing based on the challenge and response.
[0055] In the communication system 1 configured as described above, the increase in processing load and communication data volume can be suppressed.
[0056] While embodiments of the present invention have been described in detail above with reference to the drawings, the specific configuration is not limited to the embodiments described above, and may include design changes and the like that do not depart from the spirit of the present invention. [Explanation of symbols]
[0057] 1 Communication system, 2,4 Devices, 3,5 Servers, 20,30 Communication unit, 21,31 Storage unit, 22,32 Control unit, 220 Key generation unit, 221 CSR processing unit, 222,320 Authentication processing unit, 223,322 Communication control unit, 321 Certificate generation unit
Claims
1. Having devices and servers, The device described above, An authentication data generation unit that generates authentication data used for the authentication process performed by the server, A first communication unit that transmits the authentication data to the server, receives an authentication result indicating that the authentication of the device was successful in the authentication process, transmits the public key of the device to the server if the authentication result is received, and receives a public key certificate generated by the server, It has, The aforementioned server, A second communication unit that receives the authentication data and the public key, and transmits the authentication result and the public key certificate, An authentication processing unit that executes the authentication process based on the authentication data and generates the authentication result if the authentication of the device is successful, A certificate generation unit that generates the public key certificate including the public key, A communication system having
2. If the authentication result is received, the first communication unit sends a certificate signing request to the server that includes the public key but does not include signature information encrypted with the private key corresponding to the public key. The communication system according to claim 1.
3. A communication session is established between the device and the server before the transmission of the authentication data is performed. The first and second communication units perform the following actions while the communication session is ongoing: communication of the authentication data, communication of the authentication result, communication of the public key, and communication of the public key certificate. The communication system according to claim 1 or claim 2.
4. The second communication unit transmits the challenge in challenge-response authentication to the device. The first communication unit receives the challenge and transmits the response in the challenge response authentication to the server as authentication data. The authentication processing unit executes the authentication process based on the challenge and the response. The communication system according to claim 1 or claim 2.
5. A communication unit that receives authentication data and the public key of a device that generates authentication data used for authentication processing, An authentication processing unit that executes the authentication process based on the authentication data and generates an authentication result if the authentication of the device is successful, A certificate generation unit that generates a public key certificate including the aforementioned public key, It has, After transmitting the authentication result to the device, the communication unit receives the public key from the device and transmits the public key certificate to the device. server.
6. It is a device, An authentication data generation unit that generates authentication data used for the authentication process performed by the server, A communication unit that transmits the authentication data to the server, receives an authentication result indicating that the authentication of the device was successful in the authentication process, transmits the public key of the device to the server if the authentication result is received, and receives a public key certificate generated by the server. A device having.