JP5391766B2 - Authentication method, authentication system, server device, and client device - Google Patents

Description

  The present invention relates to an authentication method, an authentication system, a server device, and a client device for authenticating a client device connected to a server device via a communication network.

  In recent years, with the spread of network infrastructure such as the Internet and LAN (Local Area Network), it has become possible to easily obtain necessary information at any location. For example, when a server device is installed at home, the user establishes communication with the server device at home from the outside using a client device, and documents, music, still images, and videos stored in the server device Can be read easily.

  At this time, the server device should recognize the client device only by a simple procedure in order to quickly respond to the communication request transmitted by the client device. However, since personal information is also stored in the server device, it is necessary to eliminate a communication request (access) transmitted by an unauthorized third party and reliably prevent leakage of personal information.

  As such an access restriction to the server device, for example, a user name and password are registered in the server device in advance, and a user name and password are input in response to a communication request transmitted by the client device, and authentication is performed. Widely used. Such access restriction makes it possible to prevent access by a third party to some extent, but for the safe operation thereof, it is compulsory to change the password regularly or set a complicated password. Such an authentication technique using a password has a technique of protecting against fraud such as impersonation of a third party when the password is leaked, and has a vulnerability.

  In order to limit the authentication time between the client device and the server device, a technology is known in which the server device is authenticated by simultaneously pressing the operation key of the server device and the operation key of the client device (for example, Patent Document 1). Also disclosed is a technique for performing authentication by displaying a random numerical value on the display of the server device, causing the client device to input the numerical value, and matching the input numerical value with the numerical value displayed on the display ( For example, Patent Document 2).

US Pat. No. 7,260,714 Special table 2008-537204 gazette

  Tightening restrictions on unauthorized access by a third party and improving user convenience tend to be in a trade-off relationship where if one is prioritized, the other is neglected. In recent years, it has been studied how much safety can be improved in a diversified client device while ensuring user convenience.

  For example, when the client device that reads the content of the server device is a portable AV (Audio / Video) device with very few operation keys, the authentication device that requires the user name and password described above is used for the server device. For each communication request, it is very inconvenient because a complicated password must be input using a combination of few operation keys.

  Further, in the technique of Patent Document 1 that authenticates by matching the timing of pressing an operation key, a simple operation such as pressing an operation key once instead of having to prepare a special operation key for each device. Since both devices are specified, there remains concern about safety. Furthermore, in the technique of Patent Document 2 that matches the numerical values displayed on the display, a server capable of providing various displays and various operation keys capable of inputting numerical values to the client device must be provided. In other words, the concealment effect was not realistic because it did not match the preparation cost.

  In view of such a problem, the present invention can reliably register with the server device with high confidentiality regardless of the number of operation keys and the calculation capability of the client device, and after registration, while ensuring the convenience of the user, An object of the present invention is to provide an authentication method, an authentication system, a server device, and a client device that can improve safety.

In order to solve the above problems, the present invention provides the following methods, systems, and apparatuses.
(1) An authentication method using a server device and a client device connected to the server device via a communication network, wherein the client device has key information indicating operation keys operable by an operation unit. Transmitted to the server device, the server device holds a plurality of voice information with different operation keys prompting the user to perform a predetermined operation, and selects the voice information based on the key information and outputs the voice information The client device generates operation information based on a user operation executed in response to the audio information output from the audio output unit without going through the communication network through the operation unit; The operation information is transmitted to the server device, the server device receives the operation information from the client device, and the operation indicated by the received operation information and the audio information are It is determined whether or not the predetermined operation corresponds correctly, and when the client device is not registered, the operation indicated by the received operation information and the predetermined operation indicated by the audio information An authentication method comprising: registering the client device when it is determined that the client device corresponds correctly.
(2) An authentication system including a server device and a client device connected to the server device via a communication network, wherein the server device prompts a user for a voice output unit and a predetermined operation. A server storage unit that holds audio information, an audio control unit that outputs the audio information to the audio output unit, an operation information reception unit that receives operation information from the client device, and an operation indicated by the received operation information And the operation information determination unit that determines whether or not the predetermined operation indicated by the audio information correctly corresponds to the operation information received by the operation information determination unit when the client device is not registered. And a server registration unit that registers the client device when it is determined that the predetermined operation indicated by the audio information corresponds correctly. The server storage unit further includes a key information acquisition unit that stores a plurality of audio information with different operation keys that prompt the user to perform operations, and acquires key information indicating operation keys that can be operated on the client device, The voice control unit selects voice information to be output to the voice output unit based on the acquired key information, and the client device passes through the communication network from the voice output unit through the operation unit and the operation unit. An operation acquisition unit that generates operation information based on a user operation executed in response to the voice information that is output, and key information indicating the operation information and operation keys that can be operated on the operation unit. And an operation information transmitting unit for transmitting to the authentication system.
(3) A server device connected to a client device via a communication network, a voice output unit, a server storage unit that holds voice information for prompting a user to perform a predetermined operation, and the voice information as the voice An audio control unit to be output to the output unit, an operation information receiving unit that receives operation information generated based on a user operation performed on the client device from the client device, and the received operation information An operation information determination unit that determines whether or not the indicated operation and the predetermined operation indicated by the audio information correspond correctly, and the operation indicated by the operation information determination unit when the client device is not registered A server registration unit that registers the client device when it is determined that the predetermined operation indicated by the audio information corresponds correctly. The storage unit further includes a key information acquisition unit that stores a plurality of audio information in which operation keys for prompting the user to operate are different, and acquires key information indicating operation keys that can be operated on the client device, and the audio control unit Selects voice information to be output to the voice output unit based on the acquired key information.
(4) The operation information determination unit determines the operation information based on one or more parameters selected from a group of operation key types, operation times, and operation times. Server device.
(5) The server registration unit measures an elapsed time after the voice control unit outputs voice information, and does not register the client device depending on operation information received after a predetermined time has elapsed. The server device according to (3) or (4).
(6) The sound control unit causes the sound information to be output to the sound output unit by changing the sound volume continuously or stepwise, and the operation information determination unit determines the sound volume when the sound information is output and the sound information. The server device according to any one of (3) to (5), wherein the operation information is determined based on a correspondence relationship with the operation information.
(7) The operation information determination unit determines the operation information based on a correspondence relationship between the operation information and audio information output at a volume that is equal to or less than a predetermined volume range based on a volume when the user uses the server device. The server device according to (6), wherein the determination is made.
(8) From the above (3), wherein the sound output unit is a headphone, and the sound control unit outputs the sound information to the headphone while connection with the headphone is detected. (7) The server apparatus in any one of.
(9) The server device according to any one of (3) to (8), wherein the voice output unit emits a beep sound.
(10) The server registration unit generates an electronic certificate using a client ID that can identify the client device transmitted from the registered client device, transmits the electronic certificate to the client device, and transmits the electronic certificate to the client The server device according to any one of (3) to (9), further comprising a server authentication unit that authenticates the client device through an electronic certificate transmitted from the client device after being transmitted to the device. .
(11) The electronic registration invalidation unit further comprising an electronic certificate invalidation unit that counts an elapsed time after the server registration unit transmits the electronic certificate and invalidates the electronic certificate when a predetermined valid period is exceeded. The server device according to (10).
(12) The server registration unit transmits a shared secret key and reference random number information that is a reference random number to the registered client device, and the server authentication unit is a random number different from the reference random number information. The random number information is transmitted to the client device, and the server device and the client device generate a new shared secret key based on a difference value between the reference random number information and the additional random number information. Or the server apparatus as described in (11).
(13) A client device connected to a server device via a communication network, the voice information output from the voice output unit of the server device through the operation unit and the operation unit without going through the communication network. An operation acquisition unit that generates operation information based on a user operation executed correspondingly, and an operation information transmission unit that transmits to the server device key information indicating the operation information and an operation key operable by the operation unit. , wherein the client device is the server device when the said server device in advance operations and defined corresponds correctly in the transmitted said server device indicated by the operation and the audio information indicated by the operation information is determined Registered in the client device.
(14) The client device according to (13), wherein the operation information transmission unit transmits time information capable of specifying an operation time included in the operation information together with the operation information.
(15) The operation information transmission unit transmits a client ID that can identify the client device together with the operation information, and receives the electronic certificate generated by the server device using the client ID. The client device according to (13) or (14), further comprising an electronic certificate transmission unit that transmits the electronic certificate to the server device when authenticating to the device.
(16) Each of the server device and the client device obtains a new shared secret key based on a difference value between a shared secret key and reference random number information that is a reference random number and additional random number information that is a random number different from the reference random number information. The client device according to (15), wherein the client device is generated.

  As described above, according to the present invention, regardless of the number of operation keys and the calculation capability of the client device, it can be reliably registered in the server device with high confidentiality, and after registration, safety is ensured while ensuring convenience for the user. Can be improved.

It is explanatory drawing which showed the schematic relationship of the authentication system. It is the functional block diagram which showed the electric constitution of the server apparatus. It is explanatory drawing which showed the structure of the electronic certificate. It is the functional block diagram which showed the electric constitution of the client apparatus. It is the sequence diagram which showed the flow of the process at the time of the registration of the authentication method in this embodiment especially. It is the sequence diagram which showed the flow of the process at the time of the authentication of the authentication method in this embodiment especially. It is explanatory drawing for demonstrating the combination of a shared secret key etc. which were agreed by the Diffie-Hellman key agreement system. It is explanatory drawing which showed the relationship of each element, such as a shared secret key, supplementarily.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The dimensions, materials, and other specific numerical values shown in the embodiments are merely examples for facilitating the understanding of the invention, and do not limit the present invention unless otherwise specified. In the present specification and drawings, elements having substantially the same function and configuration are denoted by the same reference numerals, and redundant description is omitted, and elements not directly related to the present invention are not illustrated. To do.

(Authentication system 100)
FIG. 1 is an explanatory diagram showing a schematic relationship of the authentication system 100. The authentication system 100 includes a server device 110, a communication network 120, an access point 130, and a client device 140.

  The server device 110 is installed in a place 112 where the user can directly listen to the sound (sound) output by the server device 110, such as the user's home or office, and includes documents, music, still images, videos, and the like. Has accumulated content.

  The communication network 120 includes the Internet, a LAN, a dedicated line, and the like. The access point 130 is connected to the communication network 120 and relays communication between the client device 140 and the server device 110 by establishing wireless or wired communication with the client device 140.

  The client device 140 is a portable AV device, a digital still camera, a digital video camera, a mobile phone, a notebook personal computer, a PDA (Personal Digital Assistant), a car navigation system, a portable TV, a game device, a DVD player, a remote controller, etc. The content stored in the server device 110 can be downloaded from the server device 110 through the home LAN 142 or the access point 130.

  Accordingly, the server device 110 must accept a communication request transmitted from outside the home by the client device 140 in order to provide content to the client device 140. However, unless communication is permitted only when the device that requested the communication is a reliable client device 140, unauthorized access by a third party is accepted and personal information is leaked. Therefore, in the authentication system 100 according to the present embodiment, the user registers in advance the client device 140 that is recognized as a connection target with the server device 110, and permits only the communication request transmitted by the registered client device 140, Do not accept communication requests sent by other devices.

  In particular, in the present embodiment, the user himself / herself listens to the sound output from the server apparatus 110 and presses the operation key of the client apparatus 140 corresponding to the sound, thereby registering the client apparatus 140 in the server apparatus 110. In this way, by interposing the user in the registration process, the user himself / herself is confirmed that there is no unauthorized third party in the audible range of the sound output from the server device 110, while being isolated from the communication network 120. Information for registration can be safely transmitted through the user's auditory recognition and manual input, which are closed transmission means.

  Therefore, the client device 140 can be registered with the server device 110 with high efficiency and high confidentiality, and after registration, it is possible to improve safety while ensuring user convenience. Hereinafter, specific configurations of the server apparatus 110 and the client apparatus 140 will be described, and then detailed processing of the authentication method using the server apparatus 110 and the client apparatus 140 will be described.

(Server device 110)
FIG. 2 is a functional block diagram illustrating an electrical configuration of the server apparatus 110. The server device 110 includes an audio output unit 210, a server storage unit 212, a server communication unit 214, and a server control unit 216.

  The audio output unit 210 is configured by a speaker, for example, and converts audio information indicated by an audio control unit 252 described later into an audio signal and outputs the audio signal. In this embodiment, in a space where there is no sound leakage to the outside, the user 230 is directly listened to the audio information that is output from the audio output unit 210 and prompts the user 230 to perform a predetermined operation. By performing this operation, the client device 140 can be registered in the server device 110 efficiently and with high confidentiality without using a display (monitor) that requires various displays. Even if the user has a visual impairment, the authentication system 100 can be used as long as the client device 140 can be operated.

  The audio output unit 210 can also be configured with headphones or earphones connected to the server apparatus 110 main body. In this case, the audio control unit 252 transmits the audio information to the headphones or earphones while the connection with the headphones or earphones is detected, that is, while the plug of the headphones or earphones is inserted into the jack of the server apparatus 110 main body. Output. With this configuration, the audio audible range can be limited to only the user who wears the headphones, and the confidentiality of the audio information can be further enhanced.

  Moreover, the audio | voice output part 210 may be comprised with a buzzer etc., and audio | voice information may be output with the beep sound (or synthetic | combination sound) comprised with a single waveform. The beep sound can be output by a very simple electronic component provided in advance in most electronic devices such as a buzzer. Therefore, it is possible to perform the authentication method using various electronic devices as the server device 110 regardless of the level of the function. In addition, since it is not necessary to consider the sound pressure, pitch, and timbre of the sound, it is possible to form audio information only at a series of timings when sound is emitted, and it is possible to reduce processing load and power consumption. . A specific registration process of the client device 140 using such a beep will be described in detail later.

  The server storage unit 212 includes a storage medium such as a hard disk drive (HDD), a flash memory, and a RAM, and stores programs, content such as documents, music, still images, and videos used by the server control unit 216 described later. Hold. Note that the HDD is precisely an apparatus, but for the sake of convenience of explanation, it is treated as synonymous with a recording medium in this description. Also, the server storage unit 212 easily reads out a plurality of audio information that prompts the user 230 to perform a predetermined operation, a shared secret key, reference random number information, a client ID, an electronic certificate, and the like, which will be described later, to a third party. Keep it in a format that won't.

  The server communication unit 214 connects to the communication network 120 using a protocol such as TCP / IP (Transmission Control Protocol / Internet Protocol) and establishes communication with the client device 140 through the communication network 120.

  The server control unit 216 includes a semiconductor integrated circuit including a central processing unit (CPU), and manages and controls the entire server device 110 in cooperation with the server storage unit 212 and other electronic circuits. The server control unit 216 includes a key information acquisition unit 250, a voice control unit 252, an operation information reception unit 254, an operation information determination unit 256, a server registration unit 258, a server authentication unit 260, an electronic certificate invalidation unit 262, and a server key generation. It also functions as the unit 264.

  The key information acquisition unit 250 requests the client device 140 to acquire key information indicating an operation key that can be operated on the client device 140 via the server communication unit 214, and from the client device 140 that can respond to the acquisition request. Get key information. When the client device 140 also transmits its own vendor unique information (manufacturer unique information) at the time of a communication request, the key information acquisition unit 250 can operate the client device 140 corresponding to the key information based on the vendor unique information. You can also specify the key.

  The voice control unit 252 reads voice information stored in the server storage unit 212 in advance, and causes the voice output unit 210 to output voice (including a beep sound) indicated by the voice information.

  When the key information acquisition unit 250 acquires key information from the client device 140, the voice control unit 252 operates based on the key information, and is an operation key that prompts the user 230 to perform an operation that is held in the server storage unit 212. One audio information is selected from the plurality of audio information having different values and output to the audio output unit 210.

  As described above, the operation key operable by the client device 140 is acquired in advance, and the audio information corresponding to the operable key is output to the audio output unit 210. Regardless of the capability, for example, even a portable AV device with very few operation keys can be reliably registered in the server apparatus 110 with high confidentiality.

  In addition, since some client devices 140 have special operation keys that are not provided in general electronic devices, such special operation keys can be obtained by setting the type of the special operation key as an authentication determination target. It is also possible to eliminate the impersonation of the client device 140 that does not have.

  The operation information receiving unit 254 sends an operation information acquisition request based on a user operation in which the user 230 operates the client device 140 to the client device 140 via the server communication unit 214 according to the voice directly output from the voice output unit 210. And receiving operation information from the client device 140 that can respond to the acquisition request.

  The operation information determination unit 256 operates the operation information received by the operation information reception unit 254 through one or more parameters selected from, for example, the group of operation keys, the number of operations, and the operation time (operation time interval). It is determined whether or not the operation indicated by the information and the predetermined operation indicated by the audio information correspond correctly.

  Here, the type of operation key refers to a specific type of operation key, such as play key, stop key, skip key, numeric key, alphabet key, function key, up / down / left / right key of cross key, up / down key of joystick Say etc. Further, the types of operation keys include GUIs (Graphical User Interfaces) of the monitor superimposed on the touch panel when the touch panel functions as operation keys.

  The number of operations indicates the number of times such an operation key is pressed. The operation time indicates an absolute time when the operation key is pressed or a relative time from a reference time (for example, a time when the operation key is first pressed), and a count clock of the time. When such an operation time is adopted in the authentication determination, the operation information determination unit 256 determines whether or not the relative time is included in a predetermined allowable range time. Here, instead of the operation time, a press time interval that is a press time interval of the operation key may be used.

  As described above, the operation information determination unit 256 determines the parameters such as the type of operation key, the number of operations, and the operation time in a complex manner, so that an unauthorized third person who has not actually listened to the sound output from the sound output unit 210. The person cannot grasp which operation key is pressed, how many times it is operated, and at what time interval, and can prevent impersonation by an unauthorized third party.

  Further, the operation information determination unit 256 may determine the operation information based on a correspondence relationship between the sound volume when the sound information is output and the operation information. Here, first, the audio control unit 252 causes the audio output unit 210 to output audio information while changing (gradually decreasing) the volume continuously or stepwise. Even if the sound volume falls outside the audible range of the user 230 and the operation information still corresponds to the audio information, the operation information determination unit 256 may illegally identify the client device that is transmitting the operation information. Do not register as a device.

  In the present embodiment, the authorized user 230 operates the client device 140 based on the sound grasped through his / her ear. However, the user 230 cannot cope with the sound below the audible range, and the operation indicated by the operation information should not correspond to the predetermined operation indicated by the sound information. On the other hand, if an unauthorized third party electrically intercepts the sound generated by the server device 110 by some means, it may be possible to send operation information that correctly corresponds to the sound information without noticing the change in volume. . Here, it is possible to improve safety by using the limitation of the human audible range in reverse and not registering the client device that issued the operation information corresponding to the audio information outside the audible range. Become.

  Furthermore, the operation information determination unit 256 stores the sound volume when the user 230 uses the server device 110 in the server storage unit 212, and the sound information output at a sound volume within a predetermined sound volume range based on the sound volume. The operation information may be determined based on the correspondence between the operation information and the operation information.

  The registration act by the user 230 is expected to be performed at a random place, that is, a place that the user 230 normally uses. Therefore, when the operation information corresponds to audio information having a volume below the predetermined volume range from the volume normally used by the user 230, the client device is not registered as described above. With this configuration, it is possible to limit the threshold value for registration availability to the normal audible range of the user 230, and it is possible to increase the exclusion accuracy of client devices by unauthorized third parties.

  When the client device 140 has not yet been registered in the server storage unit 212, the server registration unit 258 causes the operation information determination unit 256 to correctly correspond to an operation indicated by the operation information and a predetermined operation indicated by the audio information. If it is determined that the client device 140 exists, the client device 140 is registered in the server storage unit 212.

  At this time, the server registration unit 258 measures the elapsed time after the audio control unit 252 outputs the audio information using an RTC (Real Time Clock) or the like, and receives it after a predetermined time, for example, 5 minutes elapses. The client device is not registered depending on the operation information.

  In the present embodiment, an operation input corresponding to the sound output from the sound output unit 210 in real time is performed via the user 230. Therefore, when the output of the voice information is completed, the generation of the operation information is completed almost simultaneously, so that the generated operation information should be able to be transmitted to the server device 110 immediately. Here, after the output of the audio information is completed, the operation information that has not been received even after a predetermined time has passed is regarded as invalid operation information and ignored, and communication is performed by not registering the client device that transmitted the operation information. Has increased safety.

  When the server registration unit 258 registers the client device 140 and then receives a communication request from the same client device 140, the server authentication unit 260 executes authentication processing of the client device 140. Such authentication processing may use an electronic certificate. For example, when the server registration unit 258 receives a client ID that can identify the client device 140 together with the operation information from the client device 140, the server registration unit 258 also sends the client ID to the server storage unit 212 when the client device 140 is registered. The electronic certificate is generated using the stored client ID. Then, the server registration unit 258 transmits the generated electronic certificate to the client device 140 so as to be used for subsequent authentication.

  Therefore, the client device 140 can perform subsequent communication establishment using the electronic certificate transmitted from the server registration unit 258. The server authentication unit 260 authenticates the client device 140 through the electronic certificate transmitted from the client device 140.

  As described above, the electronic certificate issued by the server apparatus 110 is held in the client apparatus 140 while the highly reliable communication at the time of registration is established, and the communication is established using only the electronic certificate at the time of authentication. Accordingly, the user 230 can avoid troublesome input of the user name and password, and the convenience can be remarkably improved.

  The electronic certificate invalidation unit 262 counts the elapsed time after the server registration unit 258 transmits the electronic certificate using an RTC or the like, and invalidates the electronic certificate when a predetermined valid period, for example, one month is exceeded. . Such a predetermined effective period can be arbitrarily set by the user 230. With the configuration in which the server authentication unit 260 authenticates the client device 140 with the electronic certificate, the user 230 can freely establish communication with the server device 110 after obtaining the electronic certificate once. However, if such an electronic certificate is leaked, there is a risk that it will continue to receive fraud such as impersonation by a third party while the electronic certificate is valid. Therefore, the electronic certificate invalidation unit 262 obtains the electronic certificate up to a predetermined validity period regardless of whether the client device that requested the communication is from the authorized user 230 or an unauthorized third party. By disabling it, it becomes possible to prevent unauthorized spoofing from being continuously spoofed.

  FIG. 3 is an explanatory diagram showing the configuration of the electronic certificate 280. As shown in FIG. 3, the electronic certificate 280 includes a message area 282 and a message digest area 284. Here, the message area 282 is formed including the client ID of the client device 140, and the message digest area 284 is, for example, MD5 (R. Rivest, “The MD5 Message-Digest Algorithm”, RFC1321, April 1992). Generated using the message digest method. Since the electronic certificate 280 is not easily intercepted, the server registration unit 258 and the server authentication unit 260 encrypt the message digest area 284 of the electronic certificate 280 as shown in FIG. 3 using the shared secret key. .

  In an electronic authentication method such as the authentication system 100, a public key encryption method is widely used. However, the public key encryption method has a high calculation processing load, and when the public key encryption method is adopted for the client device 140 having a limited calculation capability, it takes a long time to obtain the calculation result. Therefore, in the present embodiment, in order to quickly establish communication with the server apparatus 110 even if the client apparatus 140 has such a limited calculation capability, a shared secret key is used, and leakage of the shared secret key is performed. Strengthen prevention.

  For example, in the encryption (signature) of the message digest area 284 of the electronic certificate 280, Diffie-Hellman key agreement method (E. Rescorla, "Diffie-Hellman Key Agreement Method", RFC2631) that is difficult to decipher by combining various calculations. , June 1999) and the like, it is possible to avoid interception in the communication network 120 by using various existing technologies, and to securely share the shared secret key agreed between the server apparatus 110 and the client apparatus 140. Furthermore, the security of the shared secret key is enhanced by the server key generation unit 264 described below.

  The server key generation unit 264 newly generates a shared secret key for encrypting the electronic certificate 280 every time in order to ensure the reliability of the electronic certificate 280 even if the shared secret key is leaked. Specifically, the server registration unit 258 encrypts reference random number information, which is a reference random number, with the shared secret key and transmits it to the registered client device 140, and the server authentication unit 260 is uniquely determined at the time of authentication. The additional random number information, which is a random number different from the reference random number information, is transmitted to the client device 140.

  Then, the server key generation unit 264 and a client key generation unit 356 described later encrypt the existing shared secret key using the difference value between the reference random number information and the additional random number information as a seed, and generate a new shared secret key. This utilizes the property that the same result can be obtained if the same seed (difference value) is given to the same pseudorandom number generation algorithm. Accordingly, the two common secret keys have the same value although they are generated independently by the server apparatus 110 and the client apparatus 140. Here, as the reference random number information and the additional random number information, any numerical value having randomness, for example, a value obtained by applying a hash function or the like to information such as temperature, humidity, stock price, currency exchange, voice input by the user 230 or the like can be used. However, in this embodiment, the time is generated using the time of the server device 110 as will be described later.

  With this configuration, even if an unauthorized third party acquires the additional random number information at the time of authentication, the same shared secret key as that of the server apparatus 110 can be generated if the third party does not have the reference random number information to be acquired at the time of registration. Since this is not possible, it is possible to prevent impersonation by such an unauthorized third party. Even if both the reference random number information and the additional random number information are intercepted, fraud cannot be performed unless a new shared secret key generation algorithm is grasped.

(Client device 140)
FIG. 4 is a functional block diagram showing an electrical configuration of the client device 140. The client device 140 includes an operation unit 310, a client storage unit 312, a client communication unit 314, and a client control unit 316.

  The operation unit 310 includes one or a plurality of operation keys such as a keyboard, a pointing device, a cross key, a joystick, and a touch panel whose reaction area is indicated by a GUI, and receives an operation input from the user 230. At the time of registration of the client device 140 in the present embodiment, various authentication parameters can be formed by combining the sound output from the sound output unit 210 and the operation keys of the operation unit 310.

  Further, as shown in the description of the server authentication unit 260, in this embodiment, since the electronic certificate 280 is used for authentication of the client device 140, complex characters such as numerical values and alphabets can be input as the operation unit 310. Various operation keys are not required.

  The client storage unit 312 includes a storage medium such as an HDD, a flash memory, and a RAM. Hold. Further, the client storage unit 312 has a format in which an encrypted shared secret key, encrypted reference random number information, client ID, encrypted electronic certificate 280, and the like are not easily read by a third party. Hold.

  The client communication unit 314 is connected to the access point 130 via a wireless LAN represented by Bluetooth (registered trademark), ZigBee, WiFi, WiMAX, and the like, and establishes communication with the server apparatus 110 through the access point 130.

  The client control unit 316 includes a semiconductor integrated circuit including a central processing unit (CPU), and manages and controls the entire client device 140 in cooperation with the client storage unit 312 and other electronic circuits. The client control unit 316 also functions as an operation acquisition unit 350, an operation information transmission unit 352, an electronic certificate transmission unit 354, and a client key generation unit 356.

  The operation acquisition unit 350 generates operation information based on a user operation executed in response to the audio information output from the audio output unit 210 via the operation unit 310 without going through the communication network 120.

  The operation information transmission unit 352 receives the operation information generated by the operation acquisition unit 350, in particular, one or more parameters selected from the group of operation keys, the number of operations, and the operation time, via the client communication unit 314. To device 110. When there is a key information acquisition request from the key information acquisition unit 250 of the server apparatus 110, the key information of itself is also transmitted.

  When the operation time of such operation information is transmitted to the server apparatus 110, the operation time can be accurately determined when the time between the server apparatus 110 and the client apparatus 140 is asynchronous or the time count clocks are different. Can not. Therefore, the operation information transmission unit 352 transmits time information that can specify the operation time together with the operation information (operation time). As described above, the time information includes the absolute time when the operation key is pressed or the relative time from the reference time (for example, the time when the operation key is first pressed) and the frequency of the count clock of the time.

  The electronic certificate transmission unit 354 transmits the received electronic certificate 280 to the server device 110 when authenticating the server device 110 after receiving the electronic certificate 280 from the server device 110. With the configuration in which communication is established using only the electronic certificate 280 at the time of such authentication, the user 230 can avoid troublesome input of a user name and password, and the convenience of the user 230 can be greatly improved.

  Even when the shared secret key for encrypting the message digest area 284 of the electronic certificate 280 is leaked, the client key generation unit 356 acquires the electronic certificate 280 in order to ensure the reliability of the electronic certificate 280. Generate a new shared secret key for encryption each time. Specifically, the client key generation unit 356 is held in the client storage unit 312 using a difference value obtained by subtracting the additional random number information received from the server authentication unit 260 from the reference random number information received from the server registration unit 258 as a seed. The shared secret key is encrypted, and a new shared secret key is generated. Such reference random number information can be obtained by decrypting the encrypted reference random number information held in the client storage unit 312 with the existing shared secret key.

  With this configuration, even if an unauthorized third party acquires the additional random number information at the time of authentication, the same shared secret key as that of the server apparatus 110 can be generated if the third party does not have the reference random number information to be acquired at the time of registration. Since this is not possible, it is possible to prevent impersonation by such an unauthorized third party.

  As described above, the authentication system 100 according to the present embodiment can reliably register with the server apparatus 110 with high confidentiality regardless of the number of operation keys and the calculation capability of the client apparatus 140. It is possible to improve safety while ensuring convenience.

(Authentication method)
Next, a detailed processing flow of the authentication method using the server device 110 and the client device 140 described above will be described.

  FIG. 5 is a sequence diagram showing a flow of processing particularly during registration of the authentication method according to the present embodiment, and FIG. 6 is a sequence diagram showing a flow of processing particularly during authentication of the authentication method according to the present embodiment. is there. Hereinafter, the authentication method will be described roughly at two points in FIG. 5 and FIG.

(At the time of registration)
When a user 230 attempts to register (initial registration) an arbitrary client device 140 with the server device 110, in order to eliminate an unauthorized third party communication request and allow only a reliable client device 140 communication request In this case, it is necessary for the server apparatus 110 to recognize in advance that the partner who has requested communication is the reliable client apparatus 140. Therefore, information (client ID) that can identify the reliable client device 140 is registered in the server device 110, and an access right (electronic certificate 280) to the server device 110 is transmitted to the client device 140 as a response. Thus, registration of the client device 140 is completed.

  However, simply registering the client device 140 that has requested communication via the communication network 120 cannot distinguish whether the client device 140 is a legitimate client device 140 or an unauthorized third-party client device. . Therefore, in the authentication method, the server device 110 outputs a voice prompting the user 230 to perform a predetermined operation, and the user 230 listens to it and operates the client device 140 within a predetermined time according to the guidance. As a result, the reliability of the client device 140 is established.

  That is, the server device 110 communicates with the client device 140 via the communication network 120, while directly transmitting information that the server device 110 can have only to the client device 140 via the user 230, and the client device with its consistency. 140 is recognized as a regular client device 140 and registered.

  Therefore, as shown in FIG. 5, first, the server apparatus 110 that has received a communication request (registration request) from the client apparatus 140 (S400) returns an ACK response indicating that the communication request has been received (S402). The client device 140 receives the ACK response, starts registration preparation, and notifies the server device 110 to that effect when an operation input to the client device 140 becomes possible (S404).

  The key information acquisition unit 250 of the server device 110 requests the client device 140 to acquire key information indicating operation keys that can be operated on the client device 140 via the server communication unit 214 (S406). The operation information transmission unit 352 of the client device 140 transmits key information in response to the acquisition request (S408), and the key information acquisition unit 250 acquires the key information (S410).

  Based on the key information, the voice control unit 252 of the server device 110 selects one piece of voice information from a plurality of pieces of voice information that are held in the server storage unit 212 and have different operation keys that prompt the user 230 to perform an operation. Then, the audio output unit 210 is made to output (S412). This voice is a guide that presses any operation key in random order, such as “Press 1 (1 of the number key)” or “Press 5”, or “Press play”. . ”And“ Press stop. ”The guidance is like pressing an operation key unique to the AV device. In addition, the sound forming the sound may be reproduced as previously recorded for each type of operation key, or may be synthesized by some kind of voice synthesis algorithm.

  Further, the sound output from the sound output unit 210 may be a beep sound composed of a single waveform. In this case, for example, the operation key “1” is pressed when a sound “beep” is heard from the audio output unit 210, the operation key “3” for the sound “beep”, and the operation “5” for the sound “beep”. The relationship between the sound and the operation key may be defined in advance such as pressing a key, and the server device 110 may randomly output a beep sound to cause the client device 140 to generate operation information.

  The operation acquisition unit 350 of the client device 140 describes parameters such as the type of operation key, the number of operations, and the operation time based on the user operation executed in response to the audio information output from the audio output unit 210 through the operation unit 310. The generated operation information is generated (S414). When the voice control unit 252 of the server device 110 completes the output of the voice information, this is transmitted to the client device 140 (S416), and the operation information transmission unit 352 of the client device 140 displays the generated operation information and the client ID. It transmits to the server apparatus 110 (S418).

  The operation information receiving unit 254 of the server device 110 receives the operation information from the client device 140, and the operation information determining unit 256 correctly corresponds to the operation indicated by the received operation information and the predetermined operation indicated by the audio information. It is determined whether or not (S420). When the server registration unit 258 determines that the operation indicated by the received operation information and the predetermined operation indicated by the audio information correspond correctly when the client device 140 is not registered, the server registration unit 258 uses the client ID to If the client device 140 is registered and does not correspond correctly, the client device is regarded as an unauthorized device and ignored (S422). When the client device 140 is registered, the server registration unit 258 performs a key agreement with the client device 140 using the Diffie-Hellman key agreement method (S424). FIG. 7 illustrates a combination of a shared secret key and the like agreed by the Diffie-Hellman key agreement method.

  Then, the server registration unit 258 of the server device 110 transmits the encrypted reference random number information obtained by encrypting the reference random number information to the client device 140 using the shared secret key agreed by the Diffie-Hellman key agreement method. (S426). At this time, the reference random number information may be a time stamp or a time when the client device 140 is registered. The time stamp here is a unique value that increases monotonously as if some clock is counted on the server device 110 side, and the time is a time that is generally used such as what year what month what day what hour what minute what second. Show.

  The server device 110 transmits the encryption reference random number information (time) to the client device 140 and stores the time in association with the client ID in the server storage unit 212 (S428). Subsequently, the server registration unit 258 of the server apparatus 110 generates an electronic certificate 280 (S430), encrypts (signs) the message digest area 284 with the shared secret key, and transmits the encrypted message digest area 284 to the client apparatus (S432).

  At this time, as illustrated in FIG. 7, the server storage unit 212 of the server device 110 holds the shared secret key, the reference random number information, the client ID, and the electronic certificate 280, and the client storage unit 312 of the client device 140 stores the shared secret key. Correspondingly, a shared secret key, encrypted reference random number information, a client ID, and an encrypted electronic certificate 280 are held.

(At the time of authentication)
Next, with reference to FIG. 6, a description will be given of the authentication time after registration of the client device 140. FIG. Further, FIG. 8 supplementarily shows the relationship between each element such as a shared secret key. When the user 230 attempts to establish communication with the server apparatus 110 using the client apparatus 140 (S500), the server authentication unit 260 of the server apparatus 110 that has received the communication request from the client apparatus 140 transmits to the client apparatus 140, Additional random number information, which is a uniquely determined random number, is transmitted (S502). Here, the additional random number information uses the time as in the case of the reference random number information, and here, the additional random number information is arbitrarily based on the time when the client device 140 requests communication.

  As shown in FIG. 8, the client key generation unit 356 of the client device 140 decrypts the encrypted reference random number information received at the time of registration with the shared secret key, and derives the registration time Tr that is the reference random number information (S504). ). Then, the client key generation unit 356 derives the elapsed time Td by subtracting the authentication time Ta, which is the additional random number information transmitted from the server device 110, from the derived registration time (Tr-Ta), and A random number R is generated by a pseudo random number generation algorithm using the derived elapsed time Td as a seed, and a new shared secret key Kn from the shared secret key Ks at the time of registration is generated using a function f that can generate a unique value from the random number R. (Kn = f (Ks, R) is obtained (S506).

  The client key generation unit 356 once decrypts the message digest area 284 of the electronic certificate 280 transmitted from the server apparatus 110 at the time of registration with the shared secret key Ks, and then encrypts again with the newly generated shared secret key Kn. (S508), and sends the encrypted electronic certificate 280 to the server apparatus 110 (S510).

  The server key generation unit 264 of the server apparatus 110 that has received the electronic certificate 280 reads the client ID described in the message area 282 of the electronic certificate 280 and confirms that the client apparatus 140 is already registered. (S512) The shared secret key Ks associated with the client ID and the registration time Tr that is the reference random number information are read from the server storage unit 212, and the authentication time Ta that is the additional random number information transmitted to the client device 140 is used. Similar to the client key generation unit 356, a new shared secret key Kn is generated (S514).

  Then, the server authentication unit 260 decrypts the message digest area 284 of the electronic certificate 280 received from the client device 140 with the new shared secret key Kn to generate a message digest (S516), and in parallel, the client device 140, the message digest of the message area 282 of the electronic certificate 280 received from 140 is generated by the same algorithm as at the time of registration (518), and the generated message digest is compared with the message digest decrypted with the shared secret key Kn. For example, the client device 140 that has transmitted the electronic certificate 280 is authenticated as a regular client device 140 (S520). Thus, communication between the server device 110 and the client device 140 is established (S522).

  Thus, even if an unauthorized third party acquires additional random number information at the time of authentication, the reference random number to be acquired at the time of registration is obtained by using the new shared secret key Kn based on the reference random number information and the additional random number information. Without the information, the same shared secret key Kn as that of the server apparatus 110 cannot be generated, so that it is possible to prevent impersonation by such an unauthorized third party.

  Further, even when the reference random number information and the additional random number information are expressed in time as described above, both the server device 110 and the client device 140 refer to only the time of the server device 110, so that the server device 110 Strict time synchronization with the client device 140 becomes unnecessary, and the authentication method can be used even when the client device 140 does not have a clock. Further, when the client device 140 has a clock, the client device 140 can confirm the validity of the time without strictly synchronizing with the server device 110, so that the safety can be improved.

  As described above, even with the authentication method described above, regardless of the number of operation keys and the computing capability of the client device 140, it can be reliably registered in the server device with high confidentiality, and after registration, the user's convenience is ensured and the security is ensured. It is possible to improve the performance.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to this embodiment. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

  Note that each step in the authentication method of the present specification does not necessarily have to be processed in time series in the order described as a sequence diagram, and may include processing in parallel or by a subroutine.

  The present invention can be used for an authentication method, an authentication system, a server device, and a client device that authenticate a client device connected to a server device via a communication network.

DESCRIPTION OF SYMBOLS 100 ... Authentication system 110 ... Server apparatus 120 ... Communication network 140 ... Client apparatus 210 ... Voice output part 212 ... Server memory | storage part 250 ... Key information acquisition part 252 ... Voice control part 254 ... Operation information reception part 256 ... Operation information determination part 258 ... server registration part 260 ... server authentication part 262 ... electronic certificate invalidation part 264 ... server key generation part 310 ... operation part 350 ... operation acquisition part 352 ... operation information transmission part 354 ... electronic certificate transmission part 356 ... client key generation part

Claims (16)

An authentication method using a server device and a client device connected to the server device via a communication network,
The client device is
Key information indicating operation keys operable by the operation unit is transmitted to the server device;
The server device
Holding a plurality of voice information with different operation keys for prompting the user to perform a predetermined operation, selecting the voice information based on the key information and outputting it to the voice output unit;
The client device is
Through the operation unit, generate operation information based on a user operation executed in response to the audio information output from the audio output unit without going through the communication network,
Sending the operation information to the server device;
The server device
Receiving the operation information from the client device;
Determining whether or not the operation indicated by the received operation information correctly corresponds to the predetermined operation indicated by the audio information;
When it is determined that the operation indicated by the received operation information and the predetermined operation indicated by the audio information correspond correctly when the client device is not registered, the client device is registered. Authentication method. An authentication system including a server device and a client device connected to the server device via a communication network,
The server device
An audio output unit;
A server storage unit that holds audio information that prompts the user to perform a predetermined operation;
A voice control unit that causes the voice output unit to output the voice information;
An operation information receiving unit for receiving operation information from the client device;
An operation information determination unit that determines whether or not the operation indicated by the received operation information correctly corresponds to the predetermined operation indicated by the audio information;
When the operation information determination unit determines that the operation indicated by the received operation information and the predetermined operation indicated by the audio information correspond correctly when the client device is not registered, the client device A server registration unit for registering
With
The server storage unit holds a plurality of audio information with different operation keys for prompting the user to operate,
A key information acquisition unit that acquires key information indicating operation keys operable on the client device;
The voice control unit selects voice information to be output to the voice output unit based on the acquired key information,
The client device is
An operation unit;
An operation acquisition unit that generates operation information based on a user operation executed in response to the audio information output from the audio output unit without passing through the communication network through the operation unit;
An operation information transmitting unit for transmitting the operation information and key information indicating an operation key operable on the operation unit to the server device;
An authentication system comprising: A server device connected to a client device via a communication network,
An audio output unit;
A server storage unit that holds audio information that prompts the user to perform a predetermined operation;
A voice control unit that causes the voice output unit to output the voice information;
An operation information receiving unit that receives operation information generated based on a user operation performed on the client device from the client device;
An operation information determination unit that determines whether or not the operation indicated by the received operation information correctly corresponds to the predetermined operation indicated by the audio information;
A server registration unit for registering the client device when it is determined that the operation indicated by the operation information determination unit and the predetermined operation indicated by the audio information correspond correctly when the client device is not registered; ,
With
The server storage unit holds a plurality of audio information with different operation keys for prompting the user to operate,
A key information acquisition unit that acquires key information indicating operation keys operable on the client device;
The voice control unit selects voice information to be output to the voice output unit based on the acquired key information.   The server apparatus according to claim 3, wherein the operation information determination unit determines the operation information based on one or more parameters selected from a group of operation key types, operation frequency, and operation time. The server registration unit measures an elapsed time after the voice control unit outputs voice information, and does not register the client device according to operation information received after a predetermined time has elapsed. The server device according to 3 or 4. The sound control unit causes the sound output unit to output the sound information by changing the volume continuously or stepwise,
6. The server according to claim 3, wherein the operation information determination unit determines the operation information based on a correspondence relationship between a volume when the audio information is output and the operation information. apparatus.   The operation information determination unit determines the operation information based on a correspondence relationship between audio information output at a volume within a predetermined volume range based on a volume when the user uses the server device and the operation information. The server device according to claim 6. The audio output unit is headphones.
The server device according to claim 3, wherein the voice control unit causes the headphone to output the voice information while the connection with the headphone is detected.   The server apparatus according to claim 3, wherein the voice output unit emits a beep sound. The server registration unit generates an electronic certificate using a client ID that can identify the client device, transmitted from the registered client device, and transmits the electronic certificate to the client device.
The server authentication unit according to claim 3, further comprising: a server authentication unit that authenticates the client device through the electronic certificate transmitted from the client device after transmitting the electronic certificate to the client device. The server device described in 1.   11. The electronic certificate invalidating unit according to claim 10, further comprising an electronic certificate invalidating unit that counts an elapsed time after the server registration unit transmits the electronic certificate and invalidates the electronic certificate when a predetermined valid period is exceeded. The server apparatus of description. The server registration unit transmits a shared secret key and reference random number information that is a reference random number to the registered client device,
The server authentication unit transmits additional random number information that is a random number different from the reference random number information to the client device,
The server apparatus according to claim 10 or 11, wherein the server apparatus and the client apparatus generate a new shared secret key based on a difference value between the reference random number information and the additional random number information. A client device connected to a server device via a communication network,
An operation unit;
An operation acquisition unit configured to generate operation information based on a user operation executed in response to audio information output from the audio output unit of the server device without passing through the communication network through the operation unit;
An operation information transmitting unit for transmitting the operation information and key information indicating an operation key operable on the operation unit to the server device;
With
The client device is registered to the server device when the a predetermined operation at the server device indicating the transmitted operations and the audio information indicated by the operation information is determined correctly corresponds to that with the server device A client device.   The client device according to claim 13, wherein the operation information transmission unit transmits time information that can specify an operation time included in the operation information together with the operation information. The operation information transmission unit transmits a client ID that can identify the client device together with the operation information,
It further comprises an electronic certificate transmission unit that transmits the electronic certificate to the server device upon authentication to the server device after receiving the electronic certificate generated by the server device using the client ID. The client device according to claim 13 or 14.   The server device and the client device generate a new shared secret key based on a difference value between a shared random key and reference random number information that is a reference random number and additional random number information that is a random number different from the reference random number information. The client device according to claim 15.

Images