Communication control system, terminal device, verification device, authenticity verification server, communication control method and program
The communication control system addresses the lack of zero-trust security in existing systems by replacing digital certificates with authenticity certificates to verify the communication infrastructure, ensuring secure application communication.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- NEC CORP
- Filing Date
- 2024-12-11
- Publication Date
- 2026-06-23
AI Technical Summary
Existing communication control systems using digital certificates based on PKI cannot achieve zero-trust security as they fail to verify the authenticity of the communication infrastructure, leading to unsecured application communication.
A communication control system that replaces digital certificates with authenticity certificates to verify the authenticity of the communication infrastructure, using a terminal device with a replacement unit and a verification device to confirm and verify the authenticity certificates.
Enables secure application communication over a verified communication infrastructure, achieving zero-trust security by confirming the authenticity of the communication infrastructure before allowing communication to proceed.
Smart Images

Figure 2026101761000001_ABST
Abstract
Description
Technical Field
[0001] The present disclosure relates to a communication control system, a terminal device, a verification device, an authenticity verification server, a communication control method, and a program.
Background Art
[0002] In recent years, technologies related to communication control of terminal devices based on authentication of digital certificates have been disclosed. For example, Patent Document 1 discloses a technology in which, when a user device communicates, a proxy having an approval module authenticates a digital certificate, thereby enabling the user device to communicate with a data network or a resource connected to the data network. Further, Patent Document 1 discloses a technology that includes a second proxy configured for communication with a resource, and the proxy authenticates a digital certificate to control communication through a communication channel between the data network and the resource. The digital certificate in Patent Document 1 refers to a certificate issued based on a Public Key Infrastructure (PKI).
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] However, the verification method using digital certificates described in Patent Document 1 cannot achieve zero-trust security. Unlike perimeter security, zero-trust security is an approach that verifies the authenticity of access from all devices and applications, including resources present in the internal network. Here, authenticity is also referred to as tamper-proof. The digital certificate used for verification in the technology described in Patent Document 1 is a certificate issued based on PKI. Therefore, the digital certificate described in Patent Document 1 cannot verify the authenticity of the communication infrastructure at the target terminal. Consequently, the technology described in Patent Document 1 cannot enable communication of applications on a communication infrastructure whose authenticity has been verified.
[0005] This disclosure is made to solve these problems and aims to provide a communication control system, terminal device, verification device, authenticity verification server, communication control method, and program that enable application communication using a communication infrastructure whose authenticity has been verified. [Means for solving the problem]
[0006] The communication control system relating to this disclosure comprises a terminal device having a replacement unit that replaces a predetermined digital certificate with an authenticity certificate that proves the authenticity of the communication infrastructure when a predetermined digital certificate is issued when the communication is made by the application and the authenticity of the communication infrastructure is confirmed, and a transmission unit that transmits the authenticity certificate to a predetermined server; a receiving unit that receives the authenticity certificate from the terminal device, and a verification unit that determines whether or not to permit the communication by the application to the server by verifying the authenticity certificate.
[0007] The communication control method relating to this disclosure involves a computer that, when a predetermined digital certificate has been issued for communication by an application on a terminal device and the authenticity of the communication infrastructure of the terminal device has been confirmed, replaces the digital certificate with an authenticity certificate that proves the authenticity, transmits the authenticity certificate to a predetermined server, receives the authenticity certificate from the terminal device, verifies the authenticity certificate, and determines whether or not to permit communication by the application to the server.
[0008] The program relating to this disclosure causes a computer to perform the following steps when a predetermined digital certificate is issued in connection with communication by an application on a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed: replace the digital certificate with an authenticity certificate that proves the authenticity; transmit the authenticity certificate to a predetermined server; receive the authenticity certificate from the terminal device; verify the authenticity certificate; and determine whether or not to permit communication by the application to the server.
[0009] The terminal device relating to this disclosure includes a replacement unit that replaces a predetermined digital certificate with an authenticity certificate that proves the authenticity of the communication infrastructure when a predetermined digital certificate has been issued for communication using its own application and the authenticity of its own communication infrastructure has been confirmed, and a transmission unit that transmits the authenticity certificate to a predetermined server.
[0010] The communication control method relating to this disclosure involves a computer that, when a predetermined digital certificate has been issued for communication by an application of a terminal device and the authenticity of the communication infrastructure of the terminal device has been confirmed, replaces the digital certificate with an authenticity certificate that proves the authenticity and transmits the authenticity certificate to a predetermined server.
[0011] The program relating to this disclosure causes a computer to perform the following steps when a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed: replace the digital certificate with an authenticity certificate that proves the authenticity; and transmit the authenticity certificate to a predetermined server.
[0012] The verification device relating to this disclosure includes a receiving unit that receives from a terminal device an authenticity certificate proving the authenticity of the terminal device, which is replaced with a predetermined digital certificate issued when an application communicates with a predetermined server, when the authenticity of the communication infrastructure of the terminal device has been confirmed, and a verification unit that verifies the authenticity certificate and determines whether or not to permit the application to communicate with the server.
[0013] The communication control method relating to this disclosure involves a computer, upon confirmation of the authenticity of the communication infrastructure of a terminal device, receiving an authenticity certificate from the terminal device which is a replacement for a predetermined digital certificate issued when an application communicates with a predetermined server, verifying the authenticity certificate, and determining whether or not to permit the application to communicate with the server.
[0014] The program relating to this disclosure causes a computer to perform the following steps when the authenticity of the communication infrastructure of a terminal device is confirmed: receive from the terminal device an authenticity certificate that proves the authenticity, which is replaced with a predetermined digital certificate issued when an application communicates with a predetermined server; verify the authenticity certificate; and determine whether or not to permit the application to communicate with the server.
[0015] The authenticity verification server relating to this disclosure comprises a verification unit that verifies the authenticity of the communication infrastructure of a terminal device that communicates with a predetermined server using an application, and a notification unit that, when the verification unit has verified the authenticity, transmits information to a verification device for verifying an authenticity certificate that proves the authenticity.
[0016] The communication control method relating to this disclosure involves a computer confirming the authenticity of the communication infrastructure of a terminal device that communicates with a predetermined server using an application, and, upon confirming the authenticity, transmitting information to a verification device for verifying an authenticity certificate that proves the authenticity.
[0017] The program relating to this disclosure causes a computer to perform the following steps: confirm the authenticity of the communication infrastructure of a terminal device that communicates with a predetermined server using an application; and, if the authenticity has been confirmed, transmit information to a verification device for verifying an authenticity certificate that proves the authenticity. [Effects of the Invention]
[0018] This disclosure provides a communication control system, terminal device, verification device, authenticity verification server, communication control method, and program that enable application communication over a communication infrastructure whose authenticity has been verified. [Brief explanation of the drawing]
[0019] [Figure 1] Figure 1 is a block diagram showing the configuration of the communication control system 1 according to this disclosure. [Figure 2] Figure 2 is a flowchart showing an example of the processing operation of the communication control system 1. [Figure 3] Figure 3 is a block diagram showing the configuration of the communication control system 10 according to this disclosure. [Figure 4] Figure 4 is a schematic diagram showing a specific example of the communication control system 10. [Figure 5] Figure 5 is a sequence diagram showing an example of the processing operation of the communication control system 10. [Figure 6] FIG. 6 is a diagram showing an example of the hardware configuration of the communication control system 70 according to the present disclosure.
Mode for Carrying Out the Invention
[0020] (Embodiment 1) Hereinafter, Embodiment 1 according to the present disclosure will be described with reference to the drawings. FIG. 1 is a block diagram showing the configuration of the communication control system 1 according to the present disclosure. The communication control system 1 includes a terminal device 2 and a verification device 3. It is assumed that PKI is constructed in the environment of the communication control system 1.
[0021] The terminal device 2 is a communication device that stores one or more applications. The terminal device 2 can perform data communication with a server or other terminal devices. That is, the terminal device 2 includes a communication infrastructure for performing data communication with a server or other terminal devices. For example, the terminal device 2 can perform data communication with the verification device 3. The terminal device 2 can perform data communication via an Internet line. That is, the terminal device 2 performs data communication via a network that can be accessed by a third party. Here, the terminal device 2 may be able to perform data communication via a closed network in addition to communication via an Internet line. Also, the terminal device 2 may be able to perform data communication either wirelessly or wired. For example, the terminal device 2 may be able to perform data communication via satellite communication, optical communication, or mobile communication. The terminal device 2 is, for example, a communication device mounted on a mobile body. Here, the mobile body may be an aircraft, a vehicle, or a ship.
[0022] The application stored in terminal device 2 encrypts data when communicating with a designated server. The application in terminal device 2 may encrypt the data using a symmetric-key cryptography scheme, a public-key cryptography scheme, or a hybrid cryptography scheme. A hybrid cryptography scheme is an encryption scheme that combines symmetric-key cryptography and public-key cryptography. Hereafter, the application program in terminal device 2 will be described assuming that it encrypts data using public-key cryptography.
[0023] When encrypting data, the application on terminal device 2 requests the issuance of a digital certificate from the Certificate Authority (CA) server. In PKI, this digital certificate is also called a public key certificate. The CA to which the application on terminal device 2 requests the issuance of the digital certificate may be a root CA, an intermediate CA, or a private CA. The CA verifies and examines the Certificate Signing Request (CSR) from the application. The CA then issues a digital certificate and signs it with its private key. The application on terminal device 2 transmits the digital certificate received from the CA's server to a designated server. In other words, the application on terminal device 2 presents the digital certificate to the designated server. The digital certificate issued by the CA may be a CSR with the CA's signature attached. Alternatively, the CA's signature may be obtained by encrypting the hash value of the CSR with the CA's private key. Here, the hash value refers to a string generated by a hash function.
[0024] The digital certificate according to this embodiment 1 is, for example, an SSL (Secure Sockets Layer) certificate. An SSL certificate is also called an SSL / TLS (Transport Layer Security) certificate. That is, the application of terminal device 2 may encrypt data using the SSL / TLS security protocol.
[0025] The application on terminal device 2 may perform data communication using the TCP (Transmission Control Protocol) communication protocol. Alternatively, the application on terminal device 2 may perform data communication using the UDP (User Datagram Protocol) communication protocol. In other words, the application on terminal device 2 may use the DTLS (Datagram Transport Layer Security) security protocol.
[0026] The digital certificate according to this embodiment 1 may be created using the X.509 protocol. The digital certificate may include CA information, terminal device 2 information, a public key, and a signature by the CA.
[0027] Terminal device 2 comprises a replacement unit 4 and a transmission unit 5. Terminal device 2 also includes a control unit (not shown) for executing applications. The control unit can be implemented, for example, by an integrated circuit, and executes applications using a CPU (Central Processing Unit) or MPU (Micro Processing Unit), etc.
[0028] The replacement unit 4 has a function to replace a predetermined digital certificate with an authenticity certificate that proves authenticity when a predetermined digital certificate has been issued during communication by an application of the terminal device 2 and the authenticity of the communication infrastructure in the terminal device 2 has been confirmed.
[0029] Here, we will explain authenticity and authenticity certificates. Authenticity is also referred to as non-tampering. In other words, verifying the authenticity of the communication infrastructure in terminal device 2 means confirming that the hardware configuration and software of the communication infrastructure in terminal device 2 are normal, or that either one of them is normal. Here, the hardware configuration may include the CPU, memory, and HDD (Hard Disk Drive). The software may include applications, OS (Operating System), boot loader, and BIOS (Basic Input / Output System).
[0030] The authenticity of the communication infrastructure in terminal device 2 is verified based on data stored in the TPM (Trusted Platform Module) embedded in the communication infrastructure of terminal device 2. The authenticity of the communication infrastructure in terminal device 2 may be verified by another server or by terminal device 2 itself. The TPM may have functions for generating private and public keys, performing digital signatures, and calculating hash values.
[0031] An authenticity certificate is a certificate issued when the authenticity of the communication infrastructure in terminal device 2 is confirmed. In other words, the authenticity certificate contains information indicating that the authenticity of the communication infrastructure in terminal device 2 has been confirmed. The authenticity certificate may be created using the same security protocol as the digital certificate issued when the application of terminal device 2 communicates. In other words, the authenticity certificate may be created using the X.509 protocol. The authenticity certificate may contain the same content as the said digital certificate. In other words, the authenticity certificate may contain information about the issuer of the authenticity certificate, information about terminal device 2, a signature by the issuer of the authenticity certificate, and a public key for verifying the signature.
[0032] The authenticity certificate may be issued by terminal device 2 or by another server. If another server verifies the authenticity of the communication infrastructure in terminal device 2 and terminal device 2 issues an authenticity certificate, the other server may send the result of the authenticity verification to terminal device 2. If terminal device 2 verifies the authenticity and another server issues an authenticity certificate, terminal device 2 may send the result of the authenticity verification to the other server.
[0033] Authenticity certificates are signed by the issuer of the certificate. When terminal device 2 signs an authenticity certificate, terminal device 2 may sign it using the private key generated by the TPM, or it may sign it using another private key. In this case, terminal device 2 may also send the public key corresponding to the private key to the other server sending the authenticity certificate.
[0034] Let's return to the explanation of replacement unit 4. Replacement unit 4 replaces the digital certificate with an authenticity certificate when the authenticity of the communication infrastructure in terminal device 2 is confirmed. In other words, if the authenticity of terminal device 2 is not confirmed, an authenticity certificate is not issued, and therefore replacement unit 4 does not replace the digital certificate with an authenticity certificate.
[0035] The replacement unit 4 may or may not replace the digital certificate with an authenticity certificate when the authenticity of the communication infrastructure in terminal device 2 is confirmed. In other words, the replacement unit 4 does not have to replace the digital certificate with an authenticity certificate even when the authenticity of the communication infrastructure in terminal device 2 is confirmed. For example, if the communication destination of the application in terminal device 2 is a predetermined server, the replacement unit 4 may perform the replacement. Here, "predetermined server" can also be expressed as "a server registered in terminal device 2 in advance." For example, if the communication destination is a server relayed by verification device 3, and that server is a predetermined server, the replacement unit 4 may perform the replacement.
[0036] The replacement unit 4 may replace the digital certificate with the authenticity certificate by decrypting the signature attached to the digital certificate using the CA's public key, rewriting the digital certificate with the contents of the authenticity certificate, and attaching a predetermined signature. Alternatively, the replacement unit 4 may perform the replacement by deleting the digital certificate and the signature by the CA, and using the authenticity certificate and the predetermined signature as new data for transmission.
[0037] The replacement unit 4 transmits the authenticity certificate to the transmission unit 5. If the replacement unit 4 does not replace the digital certificate with the authenticity certificate, the replacement unit 4 may transmit the digital certificate to the transmission unit 5.
[0038] The transmitting unit 5 has the function of transmitting the authenticity certificate to a predetermined server. In other words, the transmitting unit 5 has the function of presenting the authenticity certificate to a predetermined server. If the server is a server relayed by the verification device 3, the transmitting unit 5 can transmit the authenticity certificate to the verification device 3.
[0039] The transmitting unit 5 can send an authenticity certificate to a predetermined server if the authenticity of the communication infrastructure is confirmed, and can send a digital certificate to the server if the authenticity of the communication infrastructure is not confirmed. For example, if the authenticity of the communication infrastructure in terminal device 2 is confirmed and the communication destination is a predetermined server, the replacement unit 4 replaces the digital certificate with an authenticity certificate. In this case, the transmitting unit 5 sends the authenticity certificate to the predetermined server. On the other hand, if the authenticity of the communication infrastructure in terminal device 2 is not confirmed, the replacement unit 4 does not replace the digital certificate with an authenticity certificate. In this case, the transmitting unit 5 may or may not send the unreplaced digital certificate to the server. That is, if the digital certificate has not been replaced with an authenticity certificate, the transmitting unit 5 may or may not allow communication by the application of terminal device 2.
[0040] Next, the verification device 3 will be described. The verification device 3 is a communication device that verifies whether or not to allow communication from a predetermined server to which the application of the terminal device 2 is the target of communication. The verification device 3 comprises a receiving unit 6 and a verification unit 7. The verification device 3 is typically a proxy server, but it does not have to be a proxy server as long as it has the functions of the receiving unit 6 and verification unit 7 described below. In other words, the verification device 3 may relay communication from the predetermined server to which the application of the terminal device 2 is the target of communication.
[0041] The receiving unit 6 has a function to receive an authenticity certificate. The receiving unit 6 may also have a function to receive a digital certificate. Furthermore, the receiving unit 6 may have a function to receive a verification key for verifying the signature attached to the authenticity certificate. The receiving unit 6 transmits the authenticity certificate or the digital certificate to the verification unit 7.
[0042] The verification unit 7 receives an authenticity certificate from the receiving unit 6 and verifies the authenticity certificate to determine whether or not to allow communication from the application of the terminal device 2 to the target server. In this case, the verification unit 7 may also receive a digital certificate from the receiving unit 6.
[0043] The verification unit 7 can verify whether the authenticity certificate is a valid authenticity certificate. For example, the verification unit 7 can verify whether the authenticity certificate received by the receiving unit 6 is the authenticity certificate sent by the transmitting unit 5. As an example, the verification unit 7 first obtains a hash value by decrypting the signature attached to the authenticity certificate received by the receiving unit 6. This signature may be a signature by another server or a signature by terminal device 2. Here, if the signature attached to the authenticity certificate is a signature by another server, the verification unit 7 is assumed to have received a verification key for decrypting the signature in advance from that other server. Also, if the signature attached to the authenticity certificate is a signature by terminal device 2, the verification unit 7 may have a verification key for decrypting the signature in advance, or may receive a verification key from terminal device 2 or another server. This verification key may be a public key issued by the TPM of terminal device 2.
[0044] Next, the verification unit 7 calculates the hash value of the authenticity certificate. Then, the verification unit 7 compares the hash value obtained by decrypting the signature attached to the authenticity certificate with the hash value of the authenticity certificate itself. Here, the verification unit 7 obtains the hash value of the authenticity certificate itself by calculating a hash function. If the two values are the same, the verification unit 7 can confirm that the authenticity certificate received by the receiving unit 6 is the authenticity certificate sent by the transmitting unit 5.
[0045] Furthermore, the verification unit 7 may verify whether the certificate confirms the authenticity of the communication infrastructure in terminal device 2 by verifying the contents of the certificate. If the verification result of the certificate confirms that it is correct, the verification unit 7 can authorize the application of terminal device 2 to communicate with the target server.
[0046] The verification unit 7 may also verify whether the digital certificate is a valid digital certificate. That is, when the receiving unit 6 receives a digital certificate, the verification unit 7 may verify whether the digital certificate is a valid digital certificate relating to the terminal device 2. First, the verification unit 7 obtains a hash value by decrypting the signature attached to the digital certificate received by the receiving unit 6. This is done using the public key of the CA that made the signature. Next, the verification unit 7 calculates the hash value of the digital certificate. After that, the verification unit 7 compares the hash value obtained by decrypting the signature attached to the digital certificate with the hash value of the digital certificate itself. If the two values are the same, the verification unit 7 can confirm that the digital certificate received by the receiving unit 6 is valid.
[0047] The verification unit 7 may permit communication by the application on terminal device 2 only if the verification result of the authenticity certificate is correct. In other words, even if the receiving unit 6 receives a digital certificate and confirms that the digital certificate is valid, the verification unit 7 does not have to permit communication by the application on terminal device 2. Conversely, if it confirms that the digital certificate is valid, the verification unit 7 may permit communication by the application on terminal device 2.
[0048] Next, the processing flow of the communication control system 1 will be explained. Figure 2 is a flowchart showing an example of the processing operation of the communication control system 1. First, the replacement unit 4 of the terminal device 2 replaces the digital certificate issued when the application of the terminal device 2 communicates with an authenticity certificate (S101). Next, the transmission unit 5 of the terminal device 2 transmits the authenticity certificate to a predetermined server (S102). Here, the predetermined server may be a server to which the verification device 3 relays the communication. Next, the receiving unit 6 of the verification device 3 receives the authenticity certificate from the terminal device 2 (S103). After that, the verification unit 7 of the verification device 3 verifies the authenticity certificate (S104). Finally, the verification unit 7 of the verification device 3 determines whether or not to allow the application of the terminal device 2 to communicate with the server (S105). The communication control system 1 may execute the above flow each time the application of the terminal device 2 communicates.
[0049] Thus, the communication control system 1 according to this embodiment 1 replaces the digital certificate issued during application communication with an authenticity certificate and verifies it, thereby enabling application communication on a communication infrastructure whose authenticity has been verified. In the technology described in Patent Document 1, the digital certificate is a certificate issued based on PKI, such as an SSL / TLS certificate, and therefore cannot verify the authenticity of the communication infrastructure on the user device. For this reason, zero-trust security cannot be achieved in the technology described in Patent Document 1. This is because the digital certificate based on PKI only authenticates the communication path and does not authenticate the communication infrastructure of the terminal device where the application is stored.
[0050] In the communication control system 1 according to this embodiment 1, the terminal device 2 replaces the digital certificate issued when the application communicates with an authenticity certificate and sends it to the target server. The verification device 3 receives the authenticity certificate and verifies it to determine whether or not to allow communication by the application on the terminal device 2. This allows the authenticity of the communication infrastructure on the terminal device to be confirmed, and thus zero-trust security can be achieved by the communication control system 1.
[0051] One possible method for application communication on a verified communication infrastructure is to initiate communication using a certificate verifying authenticity, and then perform authentication linkage with the opposing server. In this case, the application side needs to perform authentication linkage regarding the certificate. However, there are cases where it is difficult to achieve authentication linkage on the application side, such as when the application manufacturer is different from the communication infrastructure manufacturer. In such cases, achieving zero-trust security becomes difficult.
[0052] According to the communication control system 1, zero-trust security can be achieved without modifying the application program by replacing the digital certificate transmitted by the application with an authenticity certificate.
[0053] Furthermore, the communication control system 1 can only permit communication by the application on terminal device 2 if the verification device 3 verifies the authenticity certificate correctly. If the authenticity of the communication infrastructure on terminal device 2 cannot be confirmed, terminal device 2 will not replace the authenticity certificate. Therefore, the verification device 3 cannot verify the authenticity certificate. By not permitting communication to the verification device 3 server in such cases, more reliable zero-trust security-based application communication can be achieved.
[0054] Furthermore, the communication control system 1 can send an authenticity certificate to the server if the authenticity of the communication infrastructure in the terminal device 2 is confirmed, and can send a digital certificate to the server if the authenticity cannot be confirmed. In other words, instead of not allowing any communication at all when authenticity cannot be confirmed, it sends a digital certificate, which allows exceptional communication by the application even when zero-trust security is not implemented. This is effective, for example, when modifying an application program.
[0055] Furthermore, the communication control system 1 allows terminal device 2 to replace the digital certificate with an authenticity certificate if the target server for communication by terminal device 2 is a predetermined server. This prevents terminal device 2 from accessing servers that are not predetermined using an authenticity certificate.
[0056] (Embodiment 2) Next, Embodiment 2 of the present disclosure will be described with reference to the drawings. Figure 3 is a block diagram showing the configuration of the communication control system 10 according to the present disclosure. The communication control system 10 comprises a terminal device 20, a terminal-side communication device 30, an authenticity verification server 40, a server-side communication device 50, and a server 60. The communication control system 10 is a configuration for specifically realizing the communication control system 1 according to Embodiment 1.
[0057] In the communication control system 10, the terminal device 20 is capable of data communication with the terminal-side communication device 30. Furthermore, the terminal-side communication device 30 is capable of data communication with the terminal device 20, the authenticity verification server 40, and the server-side communication device 50. In addition, the authenticity verification server 40 is capable of data communication with the terminal-side communication device 30 and the server-side communication device 50. Furthermore, the server-side communication device 50 is capable of data communication with the authenticity verification server 40 and the server 60.
[0058] Here, data communication between the terminal-side communication device 30 and the server-side communication device 50 is performed via an internet connection. Between the terminal device 20 and the terminal-side communication device 30, data communication may be performed via an internet connection or via a closed network. The same applies between the terminal-side communication device 30 and the authenticity verification server 40, between the server-side communication device 50 and the server 60, and between the authenticity verification server 40 and the server-side communication device 50. Furthermore, each communication may be conducted using either a wireless or wired communication method. Each communication may also be able to transmit data via, for example, satellite communication, optical communication, or mobile communication.
[0059] Data communication between the terminal-side communication device 30 and the server-side communication device 50 is performed based on a predetermined security protocol. The predetermined security protocol is, for example, SSL, TLS, or DTLS. Data communication between the terminal device 20 and the terminal-side communication device 30 may also be performed based on a predetermined security protocol. The same applies to data communication between the terminal-side communication device 30 and the authenticity verification server 40, between the authenticity verification server 40 and the server-side communication device 50, and between the server-side communication device 50 and the server 60.
[0060] When data communication occurs between the terminal-side communication device 30 and the authenticity verification server 40, and between the authenticity verification server 40 and the server-side communication device 50, the authenticity of the communication infrastructure between these devices is assumed to be verified. In other words, zero-trust security is ensured when data is communicated between these devices. To put it another way, data communication between these devices is performed based on a protocol that realizes zero-trust security.
[0061] For example, when data communication is performed between the terminal-side communication device 30 and the authenticity verification server 40, it shall be confirmed that the hardware configuration and software of the terminal-side communication device 30, the authenticity verification server 40, and the communication path between these devices are normal. Similarly, when data communication is performed between the authenticity verification server 40 and the server-side communication device 50, it shall be confirmed that the hardware configuration and software of the communication path between the authenticity verification server 40 and the server-side communication device 50 are normal.
[0062] The terminal device 20 is any device that stores one or more applications. The terminal device 20 includes a control unit (not shown) that executes the applications. The terminal device 20 is a terminal device mounted on a mobile body. The mobile body may be an aircraft, a vehicle, or a ship.
[0063] The application stored in the terminal device 20 performs encrypted data communication with the server 60 or another server during application execution. The encryption method is the same as that of the application in terminal device 2 according to Embodiment 1. When encrypting data, the application in terminal device 20 requests the issuance of a digital certificate from the CA server. Here, the CA may be a root CA, intermediate CA, or private CA (not shown in Figure 3), or it may be the authenticity verification server 40. In this case, the digital certificate is also called a client certificate. The details of the digital certificate issued during data communication by the application in terminal device 20 are the same as those of the digital certificate related to data communication by the application in terminal device 2 according to Embodiment 1, so the explanation is omitted.
[0064] Data communication by the application on terminal device 20 is relayed through the terminal-side communication device 30. That is, the application on terminal device 20 encrypts the data, for example, with the terminal-side communication device 30 as the data communication partner. In this case, terminal device 20 sends a digital certificate from the CA and a public key issued by terminal device 20 to the terminal-side communication device 30. This public key is a verification key used to verify the signature attached to the communication data from the application on terminal device 20. On the other hand, the communication data from the application on terminal device 20 may be encrypted using a public key generated by the terminal-side communication device 30.
[0065] The terminal-side communication device 30 is a communication infrastructure for transmitting application data from the terminal device 20 to a predetermined server. The terminal-side communication device 30 has the same configuration as the communication infrastructure in the terminal device 2 according to Embodiment 1. The terminal-side communication device 30 is assumed to have a TPM embedded to verify the authenticity of the terminal-side communication device 30. The terminal-side communication device 30 is, for example, a communication device mounted on a mobile device. The terminal-side communication device 30 also relays data communication by the application of the terminal device 20. In other words, the terminal-side communication device 30 may be a forward proxy. The terminal-side communication device 30 includes a ZTS (Zero Trust Security) function 31, an authentication cooperation proxy control unit 32, a terminal proxy function 33, and a communication unit 34.
[0066] The ZTS function 31 is a function that determines the authenticity of the terminal-side communication device 30 when the terminal device 20 is performing data communication. The ZTS function 31 may determine the authenticity of the terminal-side communication device 30 each time the terminal device 20 performs data communication, or it may not. When confirming the authenticity of the terminal-side communication device 30, the ZTS function 31 can send a request to the authenticity verification server 40 to confirm the authenticity of the terminal-side communication device 30. The ZTS function 31 can also receive the confirmation result regarding the authenticity of the terminal-side communication device 30 from the authenticity verification server 40 via the communication unit 34.
[0067] When the ZTS function 31 receives confirmation from the authenticity verification server 40 via the communication unit 34 that the authenticity of the terminal-side communication device 30 has been verified, the ZTS function 31 can issue an authenticity certificate. The authenticity certificate may include information about the terminal-side communication device 30, a signature by the ZTS function 31, and a public key for verifying the signature. The ZTS function 31 may sign the authenticity certificate using a private key issued by the TPM, or any other private key. Other features of the authenticity certificate are the same as those of the authenticity certificate according to Embodiment 1. The ZTS function 31 transmits the authenticity certificate and the signature by the ZTS function 31 to the authentication cooperation proxy control unit 32. Here, the ZTS function 31 may also transmit the authenticity verification result to the authentication cooperation proxy control unit 32. The ZTS function 31 may also transmit a public key for verifying the signature to the authenticity verification server 40 via the communication unit 34. This public key may be issued by the TPM. Furthermore, the ZTS function 31 may send the contents of the authenticity certificate to the authenticity verification server 40.
[0068] The authentication linkage proxy control unit 32 issues an instruction to the terminal proxy function 33 to replace the digital certificate received during communication by the application of the terminal device 20 with an authenticity certificate. The authentication linkage proxy control unit 32 determines whether or not to instruct the replacement by receiving the authenticity certificate of the terminal-side communication device 30 from the ZTS function 31. The authentication linkage proxy control unit 32 may also determine whether or not to instruct the replacement by receiving the authenticity verification result from the ZTS function 31. The authentication linkage proxy control unit 32 corresponds to the control function of the replacement unit 4 of the terminal device 2 according to Embodiment 1. The authentication linkage proxy control unit 32 transmits the authenticity certificate to the terminal proxy function 33.
[0069] The authentication cooperation proxy control unit 32 may instruct that the digital certificate be replaced with an authenticity certificate if the authenticity of the terminal-side communication device 30 has been confirmed, or it may not instruct that it be replaced with an authenticity certificate even if its authenticity has been confirmed. Furthermore, the authentication cooperation proxy control unit 32 may instruct that the digital certificate be replaced with an authenticity certificate only if the authenticity of the terminal-side communication device 30 has been confirmed and the server 60 is a predetermined server. In other words, if the server 60 is not a predetermined server, the authentication cooperation proxy control unit 32 may not instruct that it be replaced with an authenticity certificate even if the authenticity of the terminal-side communication device 30 has been confirmed.
[0070] The terminal proxy function 33 functions as a proxy for communication by the application of the terminal device 20. That is, the terminal proxy function 33 has the function of relaying data communication by the application of the terminal device 20. The terminal proxy function 33 can receive a digital certificate and a public key issued by the terminal device 20 from the terminal device 20 via the communication unit 34. The terminal proxy function 33 may verify the validity of the digital certificate by comparing the hash value obtained by decrypting the signature by the CA with the hash value obtained by hashing the digital certificate.
[0071] Furthermore, the terminal proxy function 33 may transmit a public key for encrypting communication data from the application of the terminal device 20 to the terminal device 20 via the communication unit 34. In this case, the terminal proxy function 33 may transmit a digital certificate along with the public key. The digital certificate may be signed by a CA or by the terminal proxy function 33. In this case, the digital certificate is also referred to as a server certificate.
[0072] Furthermore, the terminal proxy function 33 may receive a public key for encrypting the communication data from the server-side communication device 50 via the communication unit 34 during data communication by the application of the terminal device 20. In this case, the terminal proxy function 33 may decrypt the communication data received from the terminal device 20 using a private key generated by the TPM of the terminal device 20 and encrypt it using the public key received from the server-side communication device 50.
[0073] Based on instructions from the authentication cooperation proxy control unit 32, the terminal proxy function 33 replaces the received digital certificate with an authenticity certificate. The terminal proxy function 33 receives the authenticity certificate and the signature attached by the ZTS function 31 from the authentication cooperation proxy control unit 32. The terminal proxy function 33 replaces the digital certificate with an authenticity certificate and transmits the authenticity certificate and the signature attached by the ZTS function 31 to the server-side communication device 50. If the digital certificate is not replaced with an authenticity certificate, the terminal proxy function 33 may transmit the digital certificate and the signature attached by the CA to the server-side communication device 50.
[0074] The terminal proxy function 33 may replace the digital certificate with the authenticity certificate by decrypting the signature attached to the digital certificate using the CA's public key, rewriting it with the contents of the authenticity certificate, and attaching a signature by the ZTS function 31. Alternatively, the terminal proxy function 33 may perform the replacement by deleting the digital certificate and the signature by the CA, and using the authenticity certificate and the signature by the ZTS function 31 as new data for transmission. In other words, the authentication cooperation proxy control unit 32 has the replacement function of the replacement unit 4 of the terminal device 2 according to Embodiment 1.
[0075] The communication unit 34 can send and receive predetermined data with the terminal device 20, the authenticity verification server 40, and the server-side communication device 50. The communication unit 34 has a configuration corresponding to the transmission unit 5 of the terminal device 2 according to Embodiment 1.
[0076] The authenticity verification server 40 is a server for verifying the authenticity of the terminal-side communication device 30. In other words, in Embodiment 1, the authenticity verification server 40 corresponds to the other server that performs the authenticity verification, in cases where the authenticity verification is performed by a server other than the terminal device 2. The authenticity verification server 40 may be a server under the control of the server-side communication device 50, or it may be the same server as the server-side communication device 50. The authenticity verification server 40 includes a verification unit 41 and a notification unit 42.
[0077] The verification unit 41 verifies the authenticity of the terminal-side communication device 30. The verification unit 41 may also verify the authenticity of the terminal-side communication device 30 using a remote attestation station. A remote attestation station is a method for verifying the authenticity of the terminal-side communication device 30 by comparing information on the hardware configuration and software stored in the TPM of the terminal-side communication device 30 with information held by the verification unit 41. Here, the information held by the verification unit 41 is the same information as that in the TPM of the terminal-side communication device 30, and is the factory default information of the terminal-side communication device 30. In other words, when verifying authenticity, the verification unit 41 receives information on the hardware configuration and software stored in the TPM from the terminal-side communication device 30.
[0078] Furthermore, when the verification unit 41 confirms authenticity, the notification unit 42 transmits information for verifying the authenticity certificate to the server-side communication device 50. The information for verifying the authenticity certificate may be, for example, a verification key. Specifically, this information may be the public key corresponding to the private key used by the ZTS function 31 when signing the authenticity certificate. That is, this information may be the public key issued by the TPM of the terminal-side communication device 30. Alternatively, this information may be the contents of the authenticity certificate.
[0079] The transmitting unit 43 transmits the authenticity verification result from the verification unit 41 to the terminal-side communication device 30. That is, if the verification unit 41 has confirmed authenticity, the transmitting unit 43 may transmit a message to that effect to the terminal-side communication device 30. Alternatively, if the verification unit 41 has failed to confirm authenticity, the transmitting unit 43 may transmit a message to that effect to the terminal-side communication device 30.
[0080] The server-side communication device 50 is a communication infrastructure that relays application data transmitted and received by the server 60. In other words, the server-side communication device 50 is a reverse proxy. The server-side communication device 50 also corresponds to the verification device 3 according to Embodiment 1. The server-side communication device 50 may be a server above the authenticity verification server 40, or it may be the same server as the authenticity verification server 40. If the terminal device 20 and the terminal-side communication device 30 are devices mounted on a mobile device, the server-side communication device 50 may be a device located on the ground. The server-side communication device 50 includes an authentication cooperation proxy verification unit 51, a reverse proxy function 52, and a communication unit 53.
[0081] The Authentication Linkage Proxy Verification Unit 51 verifies the authenticity certificate received from the terminal proxy function 33 via the communication unit 53. In this verification, the Authentication Linkage Proxy Verification Unit 51 uses the information for verifying the authenticity certificate received from the notification unit 42 via the communication unit 53. The Authentication Linkage Proxy Verification Unit 51 may, for example, verify the authenticity certificate by comparing the hash values of the authenticity certificate and the signature using the public key received from the notification unit 42. The public key may be one generated by the ZTS function 31. Alternatively, the Authentication Linkage Proxy Verification Unit 51 may verify the authenticity certificate by comparing the contents of the authenticity certificate received from the notification unit 42 with the contents of the authenticity certificate received from the terminal proxy function 33.
[0082] The authentication federation proxy verification unit 51 may permit communication by the application on the terminal device 20 only if the verification result of the authenticity certificate is correct. In other words, if the communication unit 53 receives a digital certificate instead of an authenticity certificate, the authentication federation proxy verification unit 51 does not have to permit communication by the application on the terminal device 20. Furthermore, even if the reverse proxy function 52 receives a digital certificate, the authentication federation proxy verification unit 51 may permit communication by the application on the terminal device 20 if it can confirm the validity of the digital certificate.
[0083] The reverse proxy function 52 functions as a proxy for data communication by the server 60. That is, the reverse proxy function 52 has the function of relaying data communication by the server 60. When the communication unit 53 receives an authenticity certificate and the authentication cooperation proxy verification unit 51 permits communication by the application of the terminal device 20, the reverse proxy function 52 permits the communication. In this case, the reverse proxy function 52 may replace the received authenticity certificate with a digital certificate. Specifically, the reverse proxy function 52 may request the CA to issue a signed digital certificate and replace the authenticity certificate with the digital certificate received from the CA. Here, the method of replacement with a digital certificate may be the same as the method used by the terminal proxy function 33 to replace the digital certificate with the authenticity certificate. Alternatively, the reverse proxy function 52 may simply delete the authenticity certificate. That is, the reverse proxy function 52 does not have to send the certificate to the server 60.
[0084] If the communication unit 53 receives a digital certificate and the authentication cooperation proxy verification unit 51 permits communication by the application of the terminal device 20, the reverse proxy function 52 may send the digital certificate to the server 60 as is.
[0085] The reverse proxy function 52 may, via the communication unit 53, transmit a public key for encrypting communication data from the application of the terminal device 20 to the terminal-side communication device 30. In this case, the reverse proxy function 52 may transmit a digital certificate along with the public key. The digital certificate may be signed by a CA or by the reverse proxy function 52. The digital certificate is also referred to as a server certificate.
[0086] Furthermore, the reverse proxy function 52 may receive a public key from the server 60 via the communication unit 53 for encrypting the communication data during data communication by the application of the terminal device 20. In this case, the reverse proxy function 52 may decrypt the communication data received from the terminal-side communication device 30 using a secret key generated by the reverse proxy function 52 and encrypt it using the public key received from the server 60.
[0087] The reverse proxy function 52 does not need to receive a public key from the server 60 via the communication unit 53 to encrypt communication data from the application of the terminal device 20. In this case, the reverse proxy function 52 may decrypt the communication data received from the terminal-side communication device 30 using a secret key generated by the reverse proxy function 52 and send the communication data to the server 60 in plain text.
[0088] The communication unit 53 can send and receive predetermined data with the terminal-side communication device 30, the authenticity verification server 40, and the server 60. The communication unit 53 has a configuration corresponding to the receiving unit 6 according to Embodiment 1.
[0089] Server 60 is the server with which the application of the terminal device 20 communicates. Server 60 may be an application server or a web server. Server 60 may send a public key for encrypting the communication data from the application of the terminal device 20 to the server-side communication device 50. In this case, Server 60 may also send a digital certificate along with the public key. The digital certificate may be signed by a CA. That is, Server 60 may send a server certificate to the server-side communication device 50.
[0090] Next, a specific example of the communication control system 10 will be described. Figure 4 is a schematic diagram showing a specific example of the communication control system 10. Note that the authenticity verification server 40 is omitted in Figure 4. In Figure 4, the terminal device 20, the terminal-side communication device 30, the server-side communication device 50, and the server 60 communicate based on the TLS and DTLS security protocols. Communication between the terminal device 20 and the terminal-side communication device 30 is performed using a certificate that the terminal device 20 has requested from the CA, i.e., a digital certificate. On the other hand, communication between the terminal-side communication device 30 and the server-side communication device 50 is performed using an authenticity certificate issued by the ZTS function 31 of the terminal-side communication device 30. And communication between the server-side communication device 50 and the server 60 is performed using a digital certificate that the server-side communication device 50 has requested from the CA. Here, the server-side communication device 50 may send the data decrypted with its own private key directly to the server 60 without requesting the issuance of a digital certificate.
[0091] Next, the processing flow of the communication control system 10 will be explained. Figure 5 is a sequence diagram showing an example of the processing operation of the communication control system 10. First, when the application of the terminal device 20 communicates, the terminal-side communication device 30 is powered on (S201). The terminal-side communication device 30 connects to the authenticity verification server 40 (S202). Next, the terminal-side communication device 30 requests the authenticity verification server 40 to verify the authenticity of the terminal-side communication device 30 (S203). In other words, the terminal-side communication device 30 requests the authenticity verification server 40 to verify the authenticity of the terminal-side communication device 30.
[0092] Subsequently, the authenticity verification server 40 verifies the authenticity of the terminal-side communication device 30 (S204). If the authenticity of the terminal-side communication device 30 is verified, the authenticity verification server 40 communicates information to the server-side communication device 50 for verifying the authenticity certificate (S205). Subsequently, the authenticity verification server 40 sends the result of the authenticity verification to the terminal-side communication device 30 (S206). Here, the authenticity verification server 40 does not have to perform step S205 at this stage. Also, the authenticity verification server 40 may perform steps S205 and S206 simultaneously, or step S206 may be performed before step S205.
[0093] Subsequently, the terminal-side communication device 30 notifies the terminal device 20 that the authenticity verification is complete (S207). At this point, the terminal-side communication device 30 may send a public key to the terminal device 20 for encrypting the communication data. After that, the terminal device 20 starts communication by the application (S208). The terminal device 20 sends communication data to the terminal-side communication device 30 (S209). At this point, the terminal device 20 may send only the digital certificate to the terminal-side communication device 30, or it may send encrypted communication data together with the digital certificate. After that, the terminal-side communication device 30 replaces the digital certificate with the authenticity certificate (S210).
[0094] Subsequently, the terminal-side communication device 30 transmits communication data to the server-side communication device 50 (S211). Here, the terminal-side communication device 30 may transmit only the authenticity certificate to the server-side communication device 50, or only the digital certificate to the server-side communication device 50. Alternatively, the terminal-side communication device 30 may transmit encrypted communication data along with either certificate. Subsequently, the server-side communication device 50 verifies the received authenticity certificate (S212). The authenticity verification server 40 may notify the server-side communication device 50 of the verification information related to step S205 at the time the server-side communication device 50 verifies the authenticity certificate.
[0095] As described above, the communication control system 10 according to this second embodiment includes an authenticity verification server 40, and the authenticity verification server 40 has a verification unit 41 that verifies the authenticity of the terminal-side communication device 30, thereby enabling the server-side communication device 50 to reliably perform verification of the authenticity certificate. Furthermore, the authenticity verification server 40 includes a notification unit 42 that transmits information for verifying the authenticity certificate to the server-side communication device 50, so that the server-side communication device 50 can verify the authenticity certificate based on the verification information at the time of authenticity verification. In addition, the authenticity verification server 40 includes a transmission unit 43 that transmits the authenticity verification result to the terminal-side communication device 30, so that the terminal-side communication device 30 can decide whether or not to issue an authenticity certificate based on the verification result.
[0096] Furthermore, the server-side communication device 50 of the communication control system 10 corresponds to the verification device 3 of the communication control system 1 according to Embodiment 1. The server-side communication device 50 is a reverse proxy. On the receiving side of the system, the server-side communication device 50, which is a reverse proxy, decides whether or not to allow communication by the application, thereby enabling the server-side communication device 50 to relay communication to the server 60. As a result, the system configuration of the communication control system 10 can be simplified.
[0097] Furthermore, by having communication devices equipped with proxy functions, such as the terminal-side communication device 30 and the server-side communication device 50, verify authenticity, zero-trust security can be achieved without modifying the application program. In other words, the communication control system 10 can avoid application-dependent vulnerabilities.
[0098] The communication control system 10 is effective when applications installed on IoT (Internet of Things) devices such as aircraft, automobiles, and ships communicate with servers on the ground. In other words, in such IoT devices, the manufacturer of the installed application and the manufacturer of the communication infrastructure may be different. In such cases, it is difficult to achieve zero-trust security by having an arbitrary server verify the authenticity of the communication infrastructure and the application side, which is not the manufacturer of the communication infrastructure, perform authentication cooperation. With the communication control system 10, the verification of the authenticity of the communication infrastructure and the verification of the authenticity certificate can be completed between the proxies that constitute the communication infrastructure, so zero-trust security can be achieved without making any changes to the application program installed on the IoT device.
[0099] (Example hardware configuration) Figure 6 shows an example of the hardware configuration of a communication control system 70 according to this disclosure. In Figure 6, the communication control system 70 includes a processor 71 and a memory 72. The processor 71 may be, for example, a microprocessor, an MPU, or a CPU. The processor 71 may include multiple processors. The memory 72 is composed of a combination of volatile memory and non-volatile memory. The memory 72 may include storage located away from the processor 71. In this case, the processor 71 may access the memory 72 via an I / O (Input / Output) interface, which is not shown.
[0100] In the above example, the program can be stored and provided to the computer using various types of non-transitory computer-readable medium. Non-transitory computer-readable medium includes various types of tangible storage medium. Examples of non-transitory computer-readable medium include magnetic storage media (e.g., magneto-optical disks), CD-ROMs, CD-Rs, CD-R / Ws, and semiconductor memory (e.g., mask ROMs, PROMs (Programmable ROMs), EPROMs (Erasable PROMs), flash ROMs, RAMs). Alternatively, the program may be provided to the computer using various types of transient computer-readable medium. Examples of transient computer-readable medium include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable medium can supply the program to the computer via wired communication channels such as electric wires and optical fibers, or via wireless communication channels. Computers include various information processing devices such as PCs, servers, CPUs, MPUs, FPGAs (Field Programmable Gate Arrays), and ASICs (Application Specific Integrated Circuits).
[0101] Although the present disclosure has been described above with reference to embodiments, the present disclosure is not limited to the embodiments described above. Various modifications to the structure and details of the present disclosure can be made as can be understood by those skilled in the art within the scope of the present disclosure. Furthermore, each embodiment can be combined with other embodiments as appropriate.
[0102] Each drawing is merely illustrative to illustrate one or more embodiments. Each drawing may be associated with one or more other embodiments rather than with only one specific embodiment. As those skilled in the art will understand, various features or steps described with reference to any one drawing can be combined with features or steps shown in one or more other drawings, for example, to create embodiments not explicitly shown or described. Not all features or steps shown in any one drawing to illustrate an exemplary embodiment are necessarily required, and some features or steps may be omitted. The order of steps shown in any of the drawings may be changed as appropriate.
[0103] Some or all of the above embodiments may also be described as follows, but are not limited to the following: (Note 1) A terminal device comprising: a replacement unit that replaces a predetermined digital certificate with an authenticity certificate that proves the authenticity of the communication infrastructure when a predetermined digital certificate has been issued for communication by the device's own application, and a transmission unit that transmits the authenticity certificate to a predetermined server, The verification device comprises: a receiving unit that receives the authenticity certificate from the terminal device; and a verification unit that verifies the authenticity certificate and determines whether or not to permit communication by the application to the server. Communication control system. (Note 2) A verification unit for verifying the authenticity of the communication infrastructure of the terminal device, The authenticity verification server further comprises a notification unit that, when the verification unit has confirmed the authenticity, notifies the verification device of information for verifying the authenticity certificate, The communication control system described in Appendix 1. (Note 3) The verification unit of the verification device permits communication by the application only if the verification result of the authenticity certificate is correct. A communication control system as described in Appendix 1 or 2. (Note 4) The transmitting unit of the terminal device transmits the authenticity certificate to the server if the authenticity is confirmed, and transmits the digital certificate to the server if the authenticity is not confirmed. A communication control system as described in any one of the items 1 to 3 in the appendix. (Note 5) The replacement unit of the terminal device replaces the digital certificate with the authenticity certificate when the server is a predetermined server. A communication control system as described in any one of the items 1 to 4 of the appendix. (Note 6) The verification device is a proxy server. A communication control system as described in any one of the items 1 to 5 of the appendix. (Note 7) The authenticity verification server further includes a transmission unit that transmits the authenticity verification result to the terminal device. A communication control system as described in any one of the items 2 to 6 of the appendix. (Note 8) Computers When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity. The aforementioned authenticity certificate is sent to a designated server, The terminal device receives the certificate of authenticity, The aforementioned certificate of authenticity is verified, Determine whether or not to allow communication by the aforementioned application to the server. Communication control method. (Note 9) When a predetermined digital certificate is issued in connection with communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity; The steps include sending the aforementioned authenticity certificate to a predetermined server, The steps include receiving the certificate of authenticity from the terminal device, The steps include verifying the aforementioned certificate of authenticity, The steps include determining whether or not to allow communication by the application to the server, A program that causes a computer to execute something. (Note 10) When a predetermined digital certificate is issued for communication by the application itself, and the authenticity of the communication infrastructure is confirmed, a replacement unit replaces the digital certificate with an authenticity certificate that proves the authenticity, The system includes a transmission unit that transmits the aforementioned authenticity certificate to a predetermined server. Terminal device. (Note 11) The transmitting unit transmits the authenticity certificate to the server if the authenticity is confirmed, and transmits the digital certificate to the server if the authenticity is not confirmed. The terminal device described in Appendix 10. (Note 12) The replacement unit replaces the digital certificate with the authenticity certificate when the server is a predetermined server. The terminal device described in Appendix 10 or 11. (Note 13) Computers When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity. The aforementioned authenticity certificate is sent to a designated server. Communication control method. (Note 14) When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity; The steps include sending the aforementioned authenticity certificate to a predetermined server, A program that causes a computer to execute something. (Note 15) When the authenticity of the communication infrastructure of the terminal device is confirmed, a receiving unit receives from the terminal device an authenticity certificate that proves the authenticity, which is a replacement for a predetermined digital certificate issued when an application communicates with a predetermined server. The system includes a verification unit that determines whether or not to permit communication by the application to the server by verifying the authenticity certificate. Verification device. (Note 16) The verification unit permits communication by the application only if the verification result of the authenticity certificate is correct. The verification device described in Appendix 15. (Note 17) The verification device is a proxy server. Verification device as described in Appendix 15 or 16. (Note 18) Computers When the authenticity of the communication infrastructure of the terminal device is confirmed, the terminal device receives an authenticity certificate that proves the authenticity, which is a replacement for a predetermined digital certificate issued when an application communicates with a predetermined server. The aforementioned certificate of authenticity is verified, Determine whether or not to allow communication by the aforementioned application to the server. Communication control method. (Note 19) When the authenticity of the communication infrastructure of the terminal device is confirmed, the terminal device receives an authenticity certificate that proves the authenticity, which is replaced with a predetermined digital certificate issued when an application communicates with a predetermined server. The steps include verifying the aforementioned certificate of authenticity, The steps include determining whether or not to allow communication by the application to the server, A program that causes a computer to execute something. (Note 20) A verification unit that verifies the authenticity of the communication infrastructure of a terminal device that communicates with a designated server using an application, The system includes a notification unit that, when the verification unit has confirmed the authenticity, transmits information to a verification device for verifying the authenticity certificate that proves the authenticity. Authenticity verification server. (Note 21) The system further includes a transmitting unit that transmits the authenticity verification result to the terminal device. Authenticity verification server as described in Appendix 20. (Note 22) Computers The authenticity of the communication infrastructure of a terminal device that communicates with a designated server via an application is verified. When the authenticity is confirmed, information for verifying the authenticity certificate proving the authenticity is transmitted to the verification device. Communication control method. (Note 23) A step to verify the authenticity of the communication infrastructure of a terminal device that communicates with a designated server using an application, When the authenticity has been confirmed, the step of transmitting information for verifying the authenticity certificate proving the authenticity to the verification device, A program that causes a computer to execute something.
[0104] Some or all of the elements (e.g., configuration and function) described in Appendices 2 to 7 that are dependent on Appendice 1 may also be dependent on Appendices 8 and 9 in the same way as those described in Appendices 2 to 7. Similarly, some or all of the elements described in Appendices 11 to 12 that are dependent on Appendice 10 may also be dependent on Appendices 13 and 14 in the same way as those described in Appendices 11 to 12. Furthermore, some or all of the elements described in Appendices 16 to 17 that are dependent on Appendice 15 may also be dependent on Appendices 18 and 19 in the same way as those described in Appendices 16 to 17. Furthermore, some or all of the elements described in Appendice 21 that are dependent on Appendice 20 may also be dependent on Appendices 22 and 23 in the same way as those described in Appendice 21. Some or all of the elements described in any appendice may be applicable to various hardware, software, recording means, systems, and methods for recording software. [Explanation of symbols]
[0105] 1. Communication control system 2 Terminal devices 3. Verification device 4 Replacement part 5. Transmitter 6. Receiving Unit 7. Verification Department 10. Communication control system 20 Terminal devices 30 Terminal-side communication device 31 ZTS function 32 Authentication Linkage Proxy Control Unit 33. Terminal proxy function 34 Communications Department 40 Authenticity Verification Server 41 Verification Section 42 Notification Department 43 Transmitter 50 Server-side communication device 51 Authentication Integration Proxy Verification Department 52. Reverse proxy function 53 Communications Department 60 servers 70 Communication control system 71 processors 72 memory
Claims
1. A terminal device comprising: a replacement unit that replaces a predetermined digital certificate with an authenticity certificate that proves the authenticity of the communication infrastructure when a predetermined digital certificate has been issued for communication by the device's own application, and a transmission unit that transmits the authenticity certificate to a predetermined server, The verification device comprises: a receiving unit that receives the authenticity certificate from the terminal device; and a verification unit that verifies the authenticity certificate and determines whether or not to permit communication by the application to the server. Communication control system.
2. A verification unit for verifying the authenticity of the communication infrastructure of the terminal device, The authenticity verification server further comprises a notification unit that, when the verification unit has confirmed the authenticity, notifies the verification device of information for verifying the authenticity certificate, The communication control system according to claim 1.
3. The verification unit of the verification device permits communication by the application only if the verification result of the authenticity certificate is correct. A communication control system according to claim 1 or 2.
4. The transmitting unit of the terminal device transmits the authenticity certificate to the server if the authenticity is confirmed, and transmits the digital certificate to the server if the authenticity is not confirmed. A communication control system according to claim 1 or 2.
5. The replacement unit of the terminal device replaces the digital certificate with the authenticity certificate when the server is a predetermined server. A communication control system according to claim 1 or 2.
6. The verification device is a proxy server. A communication control system according to claim 1 or 2.
7. The authenticity verification server further includes a transmission unit that transmits the authenticity verification result to the terminal device. The communication control system according to claim 2.
8. Computers When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity. The aforementioned authenticity certificate is sent to a designated server, The terminal device receives the certificate of authenticity, The aforementioned certificate of authenticity is verified, Determine whether or not to allow communication by the aforementioned application to the server. Communication control method.
9. When a predetermined digital certificate is issued in connection with communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity; The steps include sending the aforementioned authenticity certificate to a predetermined server, The steps include receiving the certificate of authenticity from the terminal device, The steps include verifying the aforementioned certificate of authenticity, The steps include determining whether or not to allow communication by the application to the server, A program that causes a computer to execute something.
10. When a predetermined digital certificate is issued for communication by the application itself, and the authenticity of the communication infrastructure is confirmed, a replacement unit replaces the digital certificate with an authenticity certificate that proves the authenticity, The system includes a transmission unit that transmits the aforementioned authenticity certificate to a predetermined server. Terminal device.
11. The transmitting unit transmits the authenticity certificate to the server if the authenticity is confirmed, and transmits the digital certificate to the server if the authenticity is not confirmed. The terminal device according to claim 10.
12. The replacement unit replaces the digital certificate with the authenticity certificate when the server is a predetermined server. The terminal device according to claim 10 or 11.
13. Computers When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity. The certificate of authenticity is sent to a designated server. Communication control method.
14. When a predetermined digital certificate is issued during communication by an application of a terminal device, and the authenticity of the communication infrastructure of the terminal device is confirmed, the digital certificate is replaced with an authenticity certificate that proves the authenticity; The steps include sending the aforementioned authenticity certificate to a predetermined server, A program that causes a computer to execute something.
15. When the authenticity of the communication infrastructure of the terminal device is confirmed, a receiving unit receives from the terminal device an authenticity certificate that proves the authenticity, which is a replacement for a predetermined digital certificate issued when an application communicates with a predetermined server. The system includes a verification unit that determines whether or not to permit communication by the application to the server by verifying the authenticity certificate. Verification device.
16. The verification unit permits communication by the application only if the verification result of the authenticity certificate is correct. The verification apparatus according to claim 15.
17. The verification device is a proxy server. The verification device according to claim 15 or 16.
18. Computers When the authenticity of the communication infrastructure of the terminal device is confirmed, the terminal device receives an authenticity certificate that proves the authenticity, which is a replacement for a predetermined digital certificate issued when an application communicates with a predetermined server. The aforementioned certificate of authenticity is verified, Determine whether or not to allow communication by the aforementioned application to the server. Communication control method.
19. When the authenticity of the communication infrastructure of the terminal device is confirmed, the terminal device receives an authenticity certificate that proves the authenticity, which is replaced with a predetermined digital certificate issued when an application communicates with a predetermined server. The steps include verifying the aforementioned certificate of authenticity, The steps include determining whether or not to allow communication by the application to the server, A program that causes a computer to execute something.
20. A verification unit that verifies the authenticity of the communication infrastructure of a terminal device that communicates with a designated server using an application, The system includes a notification unit that, when the verification unit has confirmed the authenticity, transmits information to a verification device for verifying the authenticity certificate that proves the authenticity. Authenticity verification server.
21. The system further includes a transmitting unit that transmits the authenticity verification result to the terminal device. The authenticity verification server according to claim 20.
22. Computers The authenticity of the communication infrastructure of a terminal device that communicates with a designated server via an application is verified. When the authenticity is confirmed, information for verifying the authenticity certificate proving the authenticity is transmitted to the verification device. Communication control method.
23. A step to verify the authenticity of the communication infrastructure of a terminal device that communicates with a designated server using an application, When the authenticity has been confirmed, the step of transmitting information for verifying the authenticity certificate proving the authenticity to the verification device, A program that causes a computer to execute something.