JP2009123154A - Method and device for managing attribute certificates - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To properly manage attribute certificates so as not to present an attribute certificate to an unintended party without implementing special software for handling attribute certificates in a user's device. <P>SOLUTION: In a method and a device for managing attribute certificates, a user's attribute certificate is kept in a device for managing the attribute certificates. Using only a function that can be used in a standard personal computer environment of the user, a user's device accesses the device for managing the attribute certificates in response to the request of a service providing device. An attribute certificate to be disclosed or a pointer of the attribute certificate is presented to the service provider from the device for managing the attribute certificates through the user's device. Thus, the attribute certificate can be prevented from being submitted to an unintended party without making a service user side introduce a special program. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an attribute certificate management technique suitable for improving the convenience of a person who uses a service using an attribute certificate.

  With the spread of IT in recent years, various information has been digitized and exchanged via a network. Such exchange of information via a network can be performed easily and at high speed even with a distant person, but there is also a threat that a communication partner impersonates another person. As one method for preventing spoofing of a communication partner, there is an authentication method using a public key certificate. In addition, there is a method of using an attribute certificate as a method of confirming the qualification and authority as well as confirming the identity of the communication partner (for example, see Non-Patent Document 1).

  Here, the public key certificate is data in which a value of a certain public key is associated with an owner of a private key corresponding to the public key. The certificate authority gives an electronic signature to this data so that the contents are guaranteed.

  On the other hand, an attribute certificate is a pointer for specifying a public key certificate (for example, the issuer name and serial number of the public key certificate) and attribute information (for example, the owner of the public key certificate). , Date of birth, gender, address, title, affiliation, etc.). The attribute certificate authority gives an electronic signature to this data to ensure the contents.

Since the attribute information used in a service varies, the more services that use an attribute certificate, the more types of attribute certificates may exist. In that case, the service user manages a plurality of attribute certificates. However, the attribute information included in the attribute certificate often includes personal information that is not desired to be disclosed except by a specific party. Therefore, it is desired to be able to control the attribute certificate to be presented according to the provider of the service to be used. Patent Document 1 and Patent Document 2 exist as methods for sending an appropriate attribute certificate to a service provider without disclosing personal information more than necessary by the service user.
JP 2003-345930 A JP 2006-268790 A "Information technology-Open systems interconnection-The Directory: Public-key and attribute certificate frameworks (ITU-T Recommendation X.509)" by International Telecommunication Union, (Switzerland), International Telecommunication Union, March 31, 2000, p. 1-129

  As described above, there are the methods disclosed in Patent Document 1 and Patent Document 2 for managing such that an attribute certificate is not presented to an unintended partner. However, both of these methods require a special program on the service user side. It is considered that some service users do not have high information literacy. In such a case, a mechanism for introducing a special program is not desirable. In addition, in order to obtain a special program, it is possible that the user must bear the cost of the program. Therefore, a mechanism that requires a special program on the service user side is an impediment to the spread of services that use attribute certificates, so it is necessary to further improve the convenience of service users. . The present invention solves the above problems.

  According to the present invention, in a Web service system that determines whether or not a service can be used by using an attribute certificate, the attribute certificate necessary for using the service is stored in the attribute certificate management system. Thus, when the service is used, the service user can present it to the service provider via a Web browser that can be generally used from the time of purchasing the personal computer. In addition, by setting the attribute certificate access right for each service provider in the attribute certificate management system, the service providing apparatus directly requests the attribute certificate of the service from the attribute certificate management system. However, only appropriate attribute certificates can be disclosed. With the above-described apparatus and method, it is possible to manage the attribute certificate so as not to present the attribute certificate to an unintended partner without introducing a special program on the service user side.

  According to the present invention, since it is not necessary to introduce a special program on the service user side, the burden on the service user can be reduced. As a result, the service system that uses the attribute certificate can be easily introduced.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings. In the drawings described below, the same number represents the same component / element. Moreover, this does not limit the present invention.

  FIG. 1 is a diagram showing a system configuration for applying the present embodiment. A certificate authority device 110 that issues a public key certificate to a certain entity (a user who uses the user device 140 in the example of the present embodiment), and the entity in the public key certificate issued by the certificate authority device 110 An attribute certificate authority device 120 that issues an attribute certificate to which the attribute information is assigned, an attribute certificate management device 130 that manages an attribute certificate of the entity issued by the attribute certificate authority device 120, and a service user A user device 140, which is a device to be used, and a service providing device 150, which is a device that provides a service with qualification authentication, are connected via a network 160.

  FIG. 2 is a diagram illustrating a hardware configuration of each device. The certificate authority device 110, the attribute certificate authority device 120, the attribute certificate management device 130, the user device 140, and the service providing device 150 are the input device 210, the display device 220, the CPU 230, the memory 240, and the storage device 250. The communication device 260 and a bus 270 connecting them are configured.

  The input device 210 is operated by a person using the device to input data, commands, and the like, and includes a keyboard, a mouse, a biometric information input device, and other devices necessary for authentication.

  The display device 220 is used to display a message or the like to a person who uses the device, and includes a CRT, a liquid crystal display, or the like.

  The CPU 230 executes the programs stored in the memory 240 and the storage device 250, thereby controlling each component of the device and performing various arithmetic processes to realize various processes described below. .

  The memory 240 temporarily stores programs such as those shown in FIGS. 3 to 7 and data necessary for processing, and is often composed of a volatile storage medium such as a RAM.

  The storage device 250 is used for permanently storing programs and data used in the device, and includes a nonvolatile storage medium such as a hard disk.

  The communication device 260 is a physical interface necessary for transmitting / receiving data to / from other devices via the network 160, and is configured by a LAN board, a wireless LAN card, or the like.

  FIG. 3 is a diagram illustrating a configuration of the certificate authority device 110. The memory 240 of the certificate authority device 110 is an area in which the operating system 310, the public key certificate issuing program 320, and the revocation information issuing program 330 are loaded. These programs are executed by the CPU 230 as necessary to realize the functions described later.

  Further, the storage device 250 of the certificate authority device 110 includes a secret key 350 owned by the certificate authority, a public key certificate 360 of the certificate authority corresponding to the secret key, and a public key certificate issued by the certificate authority. Revocation information 370 and data such as a public key certificate 380 issued to each user by the certificate authority are stored.

  Next, the function of each program will be described. Each program is read in the device in which each program is stored and executed by the CPU 230 to realize its function. For convenience of explanation, each program will be described as an execution subject.

  In FIG. 3, an operating system 310 is a program for realizing functions such as file management, process management, and device management in order to control the entire apparatus.

  The public key certificate issuance program 320 associates a user's identification name with the public key owned by the user and applies an electronic signature to the associated information using the private key 350 of the certificate authority. This program issues a public key certificate. In this embodiment, the program uses the public key certificate 360 of the certificate authority that becomes the root certificate, the public key certificate 460 of the attribute certificate authority that operates the attribute certificate authority apparatus 120, and the user apparatus 140. Issue a public key certificate 380 of the user.

  The revocation information issuance program 330 is a revocation information obtained by applying an electronic signature to the list of revoked public key certificate information using the private key 350 of the certification authority, with respect to the public key certificate issued by the certification authority. 370 is a program for generating 370. Revocation information 370 generated by the program is stored in the storage device 250.

  The private key 350 of the certificate authority is an encryption key used when an electronic signature of the certificate authority is given when issuing a public key certificate. The secret key 350 is secret key information owned by the certificate authority, and is assumed to be safely managed in the certificate authority. In the present embodiment, management is performed inside the storage device 250 of the certificate authority device, but management may also be performed using a hardware security module or the like.

  The certificate authority public key certificate 360 is a self-signed public key certificate issued by the certificate authority to itself. The public key described in the public key certificate and the secret key 350 form a pair of keys.

  The revocation information 370 is information used to confirm whether the public key certificate has been revoked. For example, a certificate revocation list (CRL) is applicable.

  The user public key certificate 380 is a user public key certificate issued by the public key certificate issuing program 320.

  FIG. 4 is a diagram illustrating a configuration of the attribute authority apparatus 120 related to the present embodiment.

  An operating system 410, an attribute certificate issuance program 420, and an attribute certificate revocation information issuance program 430 are loaded in the memory 240 of the attribute authority apparatus 120. These programs are executed by the CPU 230 as necessary to realize the functions described later.

  Further, the storage device 250 of the attribute certification authority device 120 has a secret key 450 owned by the attribute certification authority, a public key certificate 460 of the attribute certification authority corresponding to the secret key, and an attribute issued by the attribute certification authority. Data such as certificate revocation information 470 and attribute certificate 480 issued by the attribute authority to each user are stored.

  Next, the function of each program will be described. Each program is read in the device in which each program is stored and executed by the CPU 230 to realize its function. For convenience of explanation, each program will be described as an execution subject.

  In FIG. 4, an operating system 410 is a program for realizing functions such as file management, process management, and device management in order to control the entire apparatus.

  The public key certificate issuance program 320 associates a user's identification name with the public key owned by the user and applies an electronic signature to the associated information using the private key 350 of the certificate authority. Issue public key certificate.

  The attribute certificate issuance program 420 associates the public key certificate information of the user and the attribute information of the user with respect to a certain user who owns the public key certificate, and assigns an attribute to the associated information. This is a program for issuing an attribute certificate with an electronic signature using a private key 450 of a certificate authority. In this embodiment, the attribute certificate 480 of the user who uses the user device 140 is issued by the program.

  The attribute certificate revocation information issuance program 430 applies an electronic signature to the list of revoked attribute certificate information for the attribute certificate issued by the attribute certificate authority using the secret key 450 of the attribute certificate authority. This is a program for generating revocation information 470. The revocation information generated by the program is stored in the storage device 250.

  The attribute certificate authority private key 450 is an encryption key used when an attribute certificate authority digital signature is given when an attribute certificate is issued. The secret key 450 is secret key information owned by the attribute certification authority and is safely managed in the attribute certification authority. In the present embodiment, management is performed inside the storage device 250 of the attribute certification authority device, but management may also be performed using a hardware security module or the like.

  The attribute certificate authority public key certificate 460 is a public key certificate for the attribute certificate authority issued by the certificate authority device 110. The public key described in the public key certificate and the secret key 450 form a pair of keys.

  The attribute certificate revocation information 470 is information used to confirm whether or not the attribute certificate has been revoked. For example, an attribute certificate revocation list (ACRL) is applicable.

  The user attribute certificate 480 is a user attribute certificate issued using the attribute certificate issuing program 420 as an attribute certificate including attribute information associated with the user public key certificate 380.

  FIG. 5 is a diagram illustrating a software configuration of the attribute certificate management apparatus 130 related to the present embodiment.

  The memory 240 of the attribute certificate management apparatus 130 is an area where the operating system 510, the attribute certificate registration program 520, and the attribute certificate disclosure program 530 are loaded. These programs are executed by the CPU 230 as necessary to realize the functions described later.

In addition, the storage device 250 of the attribute certificate management device 130 includes a user attribute certificate 480,
Data such as access control information 550 is stored. Depending on the embodiment, setting information 560 related to attribute disclosure and an encryption key 570 are further stored.

  Next, the function of each program will be described. Each program is read in the device in which each program is stored and executed by the CPU 230 to realize its function. For convenience of explanation, each program will be described as an execution subject.

  In FIG. 5, an operating system 510 is a program for realizing functions such as file management, process management, and device management in order to control the entire apparatus.

  The attribute certificate registration program 520 is a program for registering an attribute certificate of a certain user in the attribute certificate management apparatus 130. The program accepts registration of an attribute certificate directly from the attribute certification authority device 120 or accepts registration of an attribute certificate in response to a user request.

  The attribute certificate disclosure program 530 is a program for disclosing the user's attribute certificate registered by the attribute certificate registration program 520. In this program, there are a case where the user himself / herself requests disclosure and a person who wants to confirm the contents of the attribute certificate (a service provider in the example of this embodiment) requests disclosure. When the user himself / herself requests the disclosure of the attribute certificate, the user is authenticated based on the access control information 550 to confirm that the requesting person is the owner of the valid attribute certificate, and then disclosed. I do.

  In addition, when a service provider or the like requests disclosure of an attribute certificate, it authenticates who is the requester based on the access control information 550, and the person has authority to disclose the attribute certificate. Whether the certificate is possessed is determined based on the setting information 560 regarding attribute disclosure, and then the attribute certificate is disclosed. The disclosure program also has a setting function regarding registration, change, and deletion of setting information 560 regarding attribute disclosure.

  Some stored user attribute certificates are encrypted using different encryption keys for each attribute information unit. When handling such an encrypted attribute certificate, it sends the attribute information that may be disclosed together with the encrypted encryption key 570 and the encrypted attribute certificate to the person concerned.

  The access control information 550 is policy information used when authenticating a person who has requested access to the attribute certificate management apparatus 130 and confirming the authority to use each program in the apparatus. It is assumed that the trust anchor information in the authentication by PKI and the white list and black list of the requester determined by the operator of the attribute certificate management apparatus are also included in the access control information.

  The setting information 560 regarding attribute disclosure is information that defines conditions necessary for disclosing a user's attribute certificate to a person other than the user. For example, it is data in which a disclosing person is assigned to an attribute certificate unit or an attribute information unit included therein. When an encryption attribute certificate is used, a correspondence relationship with the encryption key is also assigned in the setting information. The encryption key 570 is an encryption key used for encrypting attribute information in the encrypted attribute certificate.

  FIG. 6 is a diagram illustrating a configuration of the user device 140.

  An operating system 610 and a Web browser program 620 are loaded in the memory 240 of the user device 140. These programs are executed by the CPU 230 as necessary to realize the functions described later.

  The memory area 250 stores the user's private key 650 and the user's public key certificate 380.

  Next, the function of each program will be described. Each program is read in the device in which each program is stored and executed by the CPU 230 to realize its function. For convenience of explanation, each program will be described as an execution subject.

  In FIG. 6, an operating system 610 is a program for realizing functions such as file management, process management, and device management in order to control the entire apparatus.

  The web browser program 620 is a program that downloads an HTML file, an image file, a music file, etc. that have been released to a web server on the network, analyzes the layout, and displays or plays back the data. It is a program that can be transmitted to a Web server and can operate a program described in Java (registered trademark) or the like. The program also includes a function for performing cryptographic processing necessary for performing SSL or TLS communication and a function for managing keys and certificates.

  The user secret key 650 is obtained by importing a secret key generated by the Web browser program 620 of the user device 140 or a user secret key generated by the certificate authority device 130.

  The user public key certificate 380 is obtained by importing the user public key certificate generated by the certificate authority device 110 by the Web browser program 620.

  FIG. 7 is a diagram illustrating a configuration of the service providing apparatus 150. An operating system 710, a service providing program 720, and an authentication / authorization program 730 are loaded in the memory 240 of the service providing apparatus 150. These programs are executed by the CPU 230 as necessary to realize the functions described later.

  The memory area 250 stores service providing data 750, access control information 760, and information 770 regarding attribute conditions. Also, according to the embodiment, attribute certificate acquisition destination information 780, a service providing apparatus private key 790, and a service providing apparatus 791 are stored.

  Next, the function of each program will be described. Each program is read in the device in which each program is stored and executed by the CPU 230 to realize its function. For convenience of explanation, each program will be described as an execution subject.

  In FIG. 7, an operating system 710 is a program for realizing functions such as file management, process management, and device management in order to control the entire apparatus.

  The service providing program 720 is a program that accepts and responds to a network service provided by a service provider. The function of the Web server and the application program that operates on the upper level correspond to the program.

  The authentication / authorization program 730 authenticates who is requesting access when there is an access request from another device via the network, and is authorized for the service requested to be accessed. It is a program that authorizes the use only for users. The authentication function is realized by, for example, a server having a client authentication function by SSL or TLS. Since the authorization function is determined using the user's attribute certificate, the program executes a series of processes from acquisition of the attribute certificate to determination.

  The service providing data 750 is data used when a service provider provides a service, and is used by the service providing program 720.

  The access control information 760 is policy information used when authenticating a person who has requested access to the service providing apparatus 150 and confirming the authority to use a service provided by the apparatus. The access control information includes trust anchor information in PKI authentication and information that defines a service provision range according to user attribute information.

  The information 770 regarding the attribute condition is information that defines the type of attribute information that the user wants to present. The attribute certificate acquisition destination information 780 is information that records the acquisition destination of the user's attribute certificate. For example, it is data in which information for identifying an acquisition destination URL or an acquisition destination is assigned to each user.

  The service providing apparatus private key 790 is an encryption key used for authentication when the service providing apparatus 150 accesses the attribute certificate management apparatus 130. It is secret key information owned by the service providing apparatus, and is safely managed in the service providing apparatus station. In the present embodiment, management is performed inside the storage device 250 in the service providing device 150, but management may be performed using a hardware security module or the like.

  The service providing device public key certificate 791 is a public key certificate for the service providing device issued by the certificate authority device 110. The public key described in the public key certificate and the secret key 790 form a pair of keys.

  FIG. 8 is a diagram showing data specifications of the user public key certificate 380 and the attribute certificate 480 used in this embodiment. The user's public key certificate 380 is a conventional technique such as X.264. It is based on the specification of 509. Specifically, data that includes elements such as the public key certificate serial number, the issuer name of the public key certificate, the subject name of the public key certificate, the validity period of the public key certificate, and the public key information as the signature target. Yes, an electronic signature is given by the private key 350 of the certificate authority. The combination of the public key certificate serial number and the issuer of the public key certificate generally identifies the public key certificate uniquely, and the combination is used as a pointer of the public key certificate.

  The user attribute certificate 480 is also a conventional technology such as X.264. It is based on the specification of 509. Specifically, the elements such as the issuer name of the user's public key certificate, the user's public key certificate serial number, the issuer name of the attribute certificate, the validity period of the attribute certificate, and attribute information are subject to signature. The digital signature is given by the secret key 450 of the attribute certificate authority. The values described in the issuer name of the user's public key certificate and the serial number of the user's public key certificate match the serial number and issuer name of the user's public key certificate 380 so that the public key Associate a certificate with an attribute certificate.

  FIG. 9 is a diagram showing an outline of the processing flow of qualification authentication using the attribute certificate management apparatus according to the embodiment of the present invention. A procedure for the service providing apparatus 150 to confirm the qualification and attribute of the user using the attribute certificate between the user apparatus 140, the service providing apparatus 150, and the attribute certificate management apparatus 130 will be described.

  In FIG. 9, the user device 140 transmits a service request to the service providing device 150. The service providing apparatus transmits an authentication request to the user apparatus. The user device receives the authentication request, generates authentication information, and transmits the authentication information to the service providing device. The service providing apparatus authenticates the other party who has accessed from the authentication information, and then transmits a list of attribute certificate acquisition sources to the user apparatus. The user device displays a list of attribute certificate acquisition sources, causes the user to select it, and transmits the selected information to the service providing device.

  The service providing apparatus transmits a request for acquiring an attribute certificate to the attribute certificate management apparatus via the user apparatus based on the received acquisition destination information. The attribute certificate management device transmits an authentication request to the user device. The user device receives the authentication request, generates authentication information, and transmits it to the attribute certificate management device. The attribute certificate management apparatus transmits a list of attribute certificates to the user apparatus after authenticating the other party who has accessed from the authentication information. The user device displays a list of attribute certificates, causes the user to select it, and transmits the selected information to the attribute certificate management device.

  The attribute certificate management apparatus transmits the attribute certificate to the service providing apparatus that is the request source of the attribute certificate via the user apparatus. The service providing apparatus transmits the service provision content to the user apparatus according to the result of verifying the received attribute certificate. The above is one embodiment of the attribute certificate management method according to the present invention.

  10, FIG. 11 and FIG. 12 are diagrams showing a detailed processing flow of the contents of FIG.

  In FIG. 10, the user device 140 starts the Web browser program 620, inputs a URL for accessing a service provided by the service providing device 150, and transmits a service request to the service providing device 150 (step). 2001).

In the service providing apparatus 150, the service providing program 720 receives the service request transmitted from the user apparatus 140 (step 2002).
When the service request is received in the above step, the service providing program 720 transmits a request for authentication information necessary for authenticating the user, that is, an authentication request to the user device 140. For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to this step (step 2003).

  The user device 140 receives the authentication request transmitted in step 2003 using the web browser program 620 (step 2004).

  Subsequently, the user device 140 uses the Web browser program 620 to generate authentication information corresponding to the authentication request. For example, in the case of authentication in SSL or TLS, this corresponds to generation of electronic signature data using the user's private key 650 (step 2005).

  Further, the user device 140 transmits the authentication information generated in step 2005 and other information necessary for verifying the authentication information to the service providing device 150. For example, in the case of authentication by SSL or TLS, in addition to the electronic signature data, the user's public key certificate 380 is also transmitted as information transmitted from the user device 140 to the service providing device 150 (step 2006).

  In the service providing apparatus 150, the authentication information transmitted by the user apparatus 140 is received by the service providing program 720 (step 2007).

  Subsequently, in the service providing apparatus 150, the authentication / authorization program 730 verifies the authentication information transmitted by the user apparatus 140 and authenticates the user. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the user device is verified using the user's public key certificate 380 and the authentication path of the user's public key certificate 380 is changed. This is equivalent to verifying and confirming that the service providing apparatus can trace to a trust anchor certificate set in advance.

  Note that a certificate serving as a trust anchor is included in the access control information 760. Further, if necessary, the certificate authority device 110 is accessed to acquire the revocation information 370, and the validity of the user's public key certificate 380 is also confirmed based on the revocation information (step 2008).

  When the user authentication is completed in step 2008, the authentication / authorization program 730 of the service providing apparatus 150 searches for the acquisition destination of the attribute certificate of the user (step 2009).

  As a result of the search in step 2009, if the attribute certificate acquisition destination information can be acquired, such as the situation where the attribute certificate acquisition destination information 780 is generated in step 2039, the processing is omitted until step 2017. You can do it. On the other hand, if the acquisition destination information of the attribute certificate cannot be acquired, the process proceeds to the next step 2011 (step 2010).

  If the acquisition destination of the attribute certificate cannot be acquired in step 2010, the authentication / authorization program 730 of the service providing apparatus 150 instructs the user apparatus 140 to specify the acquisition destination. Send a list of certificate sources. It is assumed that the attribute certificate acquisition destination list is registered in advance on the service providing apparatus side (step 2011).

  In the user device 140, the Web browser program 620 receives the attribute certificate acquisition destination list transmitted in step 2011 (step 2012).

  Subsequently, the Web browser program 620 of the user device 140 displays a list of acquisition destinations of the received attribute certificate (Step 2013).

  Further, the Web browser program 620 of the user device 140 causes the user to select an appropriate attribute certificate acquisition destination from the displayed attribute certificate acquisition destination list (step 2014).

  The Web browser program 620 of the user device 140 transmits information related to the acquisition destination of the attribute certificate selected by the user in Step 2014 to the service providing device 150 (Step 2015).

  In the service providing apparatus 150, the service providing program 720 receives the information regarding the acquisition destination of the attribute certificate transmitted by the user apparatus 140 (step 2016).

Next, the procedure after step 2016 in FIG. 10 will be described with reference to FIG.
When the information related to the acquisition destination of the attribute certificate is acquired in step 2009 or 2016, the service providing apparatus 150 sends a message to the user apparatus that requests the attribute certificate management apparatus 130 for the user's attribute certificate. 140. As a message when requesting an attribute certificate, information indicating the type of attribute information required by the service provider (for example, an object identifier indicating an attribute type), session information (for example, session information is incorporated in Cookie) And a return URL information necessary for returning communication to the service providing apparatus 150 after accessing the attribute certificate management apparatus 130 is well known.

It is assumed that information indicating the type of attribute information is set in advance in information 770 regarding attribute conditions. The message also includes information for enabling the Web browser program of the user terminal 140 to redirect to the acquisition destination of the attribute certificate acquired in step 2009 or 2016. Furthermore, a ticket indicating that the service providing apparatus 150 has been authenticated may be attached to the message as necessary. This authenticated ticket is, for example, SAML (Security Assertion Markup
This corresponds to an authentication assertion or artifact in (Language) (step 2017).

  In the user device 140, the attribute certificate request transmitted in step 2017 is received by the web browser program 620 (step 2018).

  Since the attribute certificate request received in step 2018 is a message indicating that redirection to the attribute certificate management apparatus 130 is performed, the Web browser program 620 of the user apparatus 140 receives the request in step 2018. The content of the received message is transmitted as it is to the attribute certificate management apparatus 130 (step 2019).

  In the attribute certificate management device 130, the attribute certificate disclosure program 530 receives the attribute certificate request transmitted by the user device 140 (step 2020).

  If it is not necessary to request authentication from the user apparatus 140, such as when an authenticated ticket is included in the attribute certificate request received in step 2020, the processing is omitted until step 2028. May be. However, if an authenticated ticket has been received, verification of the ticket is performed in this step. On the other hand, if the attribute certificate request does not include an authenticated ticket or the like and it is necessary to request authentication from the user device 140, the process proceeds to the next step 2022 (step 2021). .

  If it is determined in step 2021 that user authentication is required, the attribute certificate disclosure program 530 sends a request for authentication information necessary for user authentication, that is, an authentication request, Transmit to user device 140. For example, a client authentication request by SSL or TLS corresponds to this step (step 2022).

  The user device 140 receives the authentication request transmitted in step 2022 by the Web browser program (step 2023).

  Subsequently, the user device 140 uses the Web browser program 620 to generate authentication information corresponding to the authentication request. For example, in the case of authentication in SSL or TLS, this corresponds to generation of electronic signature data using the user's private key 650 (step 2024).

  Further, the user device 140 transmits the authentication information generated in step 2024 and other information necessary for verifying the authentication information to the attribute certificate management device 130. For example, in the case of authentication by SSL or TLS, as the information transmitted from the user device 140 to the attribute certificate management device 130, the user's public key certificate 380 is also transmitted in addition to the electronic signature data (step 2025). ).

  In the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 receives the authentication information transmitted by the user apparatus 140 (step 2026).

  Subsequently, in the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 verifies the authentication information transmitted by the user apparatus 140 and authenticates the user. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the user device is verified using the user's public key certificate 380 and the authentication path of the user's public key certificate 380 is changed. This is equivalent to verifying and confirming that the service providing apparatus can trace to a trust anchor certificate set in advance.

  Note that a certificate serving as a trust anchor is included in the access control information 550. If necessary, the certificate authority device 110 is accessed to obtain the revocation information 370, and the validity of the user's public key certificate 380 is also confirmed based on the revocation information (step 2027).

  In step 2027, when the user authentication is completed, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 causes the user apparatus 140 to specify the attribute certificate to be presented to the service providing apparatus 150. Send a list of attribute certificates to. It is assumed that the user attribute certificate 480 is registered in advance at the request of the user or when the attribute certificate authority 120 issues the user attribute certificate. A plurality of attribute certificates may be registered for one user. The list transmitted at this time includes only the authenticated ticket received in step 2020 or the user attribute certificate related to the user's public key certificate 380 received in step 2026. It is controlled not to include the user's attribute certificate.

  When presenting a list of attribute certificates, it is possible to avoid unnecessary selection by the user by adding only those that are valid from the viewpoint of attribute certificate verification to the list.

  In addition, since the attribute certificate request message received by the service providing apparatus 150 is included in the attribute certificate request message received in step 2020, only items that meet this condition are added to the list. Thus, unnecessary selection by the user can be avoided. Furthermore, a list of sites that may present the attribute certificate or a list of sites that should not present the attribute certificate is registered in advance on the attribute certificate management apparatus 130 side, By comparing with the return URL included in the message of the attribute certificate request received in step 2020 and adding only those judged to be able to present the attribute certificate to the list to be selected, It is possible to avoid unnecessary selection by the user (step 2028).

  In the user device 140, the list of attribute certificates transmitted in step 2028 is received by the web browser program 620 (step 2029).

  Subsequently, the Web browser program 620 of the user device 140 displays a list of received attribute certificates (Step 2030).

  Further, the Web browser program 620 of the user device 140 causes the user to select an attribute certificate to be disclosed to the service providing device 150 from the displayed list of attribute certificates (step 2031).

  The Web browser program 620 of the user device 140 transmits information on the attribute certificate selected by the user in Step 2031 to the attribute certificate management device 130 (Step 2032).

  In the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 receives information about the attribute certificate transmitted by the user apparatus 140 (step 2033).

  Subsequently, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 sends a message to the effect that the user's attribute certificate 480 specified in step 2033 is transmitted to the service providing apparatus 150 that is the return URL. Transmit to user device 140. As a message when requesting a document to be transmitted, in addition to the user attribute certificate 480 specified in the above step 2033, the Web browser program of the user terminal 140 returns the user attribute certificate as the return URL. Information or a script for enabling transfer of the document 480 is also included. If the session information is also received in step 2020, the session information may be included in the message (step 2034).

  The user device 140 receives the message including the attribute certificate transmitted in step 2034 and the Web browser program 620 (step 2035).

  The message received in step 2035 is a message indicating that the user's attribute certificate 480 included in the message is to be transferred to the service providing apparatus 150, or a script is described. The web browser program 620 of the user device 140 transmits the user attribute certificate 480 received in step 2035 to the service providing device 150. If session information in a format to be recorded in the Web browser program 620 is received in step 2018, the session information may be transmitted in addition to this message (step 2036).

  In the service providing apparatus 150, the service providing program 720 receives the attribute certificate transmitted by the user apparatus 140 (step 2037).

Next, the procedure after step 2037 in FIG. 11 will be described with reference to FIG.
In step 2037, when the user attribute certificate 480 is received, the authentication / authorization program 730 of the service providing apparatus 150 performs authentication path verification of the attribute certificate, and the service providing apparatus sets in advance. This is equivalent to confirming that the certificate of the trust anchor can be traced. Note that a certificate serving as a trust anchor is included in the access control information 760. Furthermore, it is confirmed that the correspondence between the pointer of the public key certificate indicated by the attribute certificate and the public key certificate 380 of the user received in step 2007 is obtained. If necessary, the attribute certificate authority device 120 is accessed to acquire the attribute certificate revocation information 470, and the validity of the user attribute certificate 480 is also confirmed based on the revocation information (step 2038).

  Subsequently, when the verification of the user's attribute certificate is successful in step 2038, the authentication / authorization program 730 of the service providing apparatus 150 sets the attribute information described in the attribute certificate in advance. It is confirmed that the condition of the access control information 760 is satisfied. When the attribute certificate is acquired, if the encryption key 570 used for encrypting the attribute information of the attribute certificate is also acquired, the attribute information of the attribute certificate is obtained using the encryption key. After performing the decryption process, the attribute information is extracted.

  If the user attribute certificate 480 used in the step is compatible with the service provided by the service providing apparatus, the acquisition destination of the attribute certificate acquired in step 2016 is set. The attribute certificate acquisition destination information 780 is recorded so as to be associated with the user of the attribute certificate (step 2039).

  When it is confirmed in step 2039 that the access control information condition is satisfied, the service providing program 720 of the service providing apparatus 150 executes the requested service based on the authenticated / authorized user information. . If necessary, service providing data 750 is also used (step 2040).

  Further, the service providing program 720 of the service providing apparatus 150 transmits the result executed in step 2040 to the user apparatus 140 as the service providing content (step 2041).

  In the user device 140, the Web browser program 620 receives the information related to the service provision content transmitted in step 2040 (step 2042).

  Subsequently, the Web browser program 620 of the user device 140 displays information regarding the received service provision content (step 2043).

  By carrying out the above procedure, it is possible to disclose an appropriate attribute certificate to the service provider without introducing a special program on the user device side.

  FIG. 13 is a diagram illustrating an outline of a processing flow for setting access rights using the attribute certificate management apparatus according to the second embodiment of the present invention. This processing flow is a procedure that is performed in advance when performing the processing of FIG. 16 according to the second embodiment of the present invention. In this processing flow, a procedure for setting an access right for disclosing an attribute certificate to the service providing apparatus 150 or the like between the user apparatus 140 and the attribute certificate management apparatus 130 is described.

  In FIG. 13, the user device 140 transmits an access request to the attribute certificate management device 130. The attribute certificate management device transmits an authentication request to the user device. The user device receives the authentication request, generates authentication information, and transmits it to the attribute certificate management device.

  The attribute certificate management device transmits a menu screen for managing the attribute certificate to the user device after authenticating the other party who has accessed from the authentication information. The user device displays a menu screen, causes the user to select it, and transmits the selected information to the attribute certificate management device. The description here describes an example of selecting access right registration as a menu. The process flow is the same even when access right change or deletion is selected. The attribute certificate management apparatus transmits, to the user apparatus, a screen for registering the access right when disclosing the attribute certificate based on the received menu selection content.

The user device displays an access right registration screen, causes the user to input information necessary for access right registration, and transmits the input information to the attribute certificate management device. The attribute certificate management apparatus transmits a confirmation screen based on the input registration information to the user apparatus. The user apparatus displays an access right registration confirmation screen, confirms whether or not the registration can be performed with the contents of the screen, and transmits the confirmation result to the attribute certificate management apparatus. If the registration is determined as a result of the confirmation, the attribute certificate management apparatus sets an access right, and transmits a screen indicating that the registration is completed to the user apparatus. The user device receives the registration completion screen and displays its contents.
The above is one embodiment of the access right setting method in the attribute certificate management apparatus according to the present invention.

  14 and 15 are diagrams showing a detailed processing flow of the contents of FIG. In FIG. 14, the user device 140 activates the Web browser program 620, inputs a URL for accessing the attribute certificate management device 130, and transmits an access request to the attribute certificate management device 130 (step). 3001).

  The attribute certificate management apparatus 130 receives the attribute certificate in the attribute certificate disclosure program 530 transmitted by the user apparatus 140 (step 3002).

  When the service request is received in the above step, the attribute certificate disclosure program 530 transmits a request for authentication information necessary for user authentication, that is, an authentication request to the user device 140. For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to this step (step 3003).

  In the user device 140, the authentication request transmitted in step 3003 is received by the web browser program (step 3004).

  Subsequently, the user device 140 uses the Web browser program 620 to generate authentication information corresponding to the authentication request. For example, in the case of authentication in SSL or TLS, this corresponds to generation of electronic signature data using the user's private key 650 (step 3005).

  Further, the user device 140 transmits the authentication information generated in step 3005 and other information necessary for verifying the authentication information to the attribute certificate management device 130. For example, in the case of authentication by SSL or TLS, as the information transmitted from the user device 140 to the attribute certificate management device 130, the user's public key certificate 380 is also transmitted in addition to the electronic signature data (step 3006). ).

  In the attribute certificate management device 130, the attribute certificate disclosure program 530 receives the authentication information transmitted by the user device 140 (step 3007).

  Subsequently, in the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 verifies the authentication information transmitted by the user apparatus 140 and authenticates the user. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the user device is verified using the user's public key certificate 380 and the authentication path of the user's public key certificate 380 is changed. This is equivalent to verifying and confirming that the attribute certificate management apparatus can trace to a trust anchor certificate set in advance.

  Note that a certificate serving as a trust anchor is included in the access control information 760. If necessary, the certificate authority device 110 is accessed to acquire the revocation information 370, and the validity of the user's public key certificate 380 is also confirmed based on the revocation information (step 3008).

  When the user authentication is completed in step 3008, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 transmits a menu screen to the user apparatus 140. In this embodiment, it is assumed that the menu screen includes a menu for registering, changing, and deleting access rights (step 3009).

  The user device 140 receives the menu screen transmitted in step 3009 by the web browser program 620 (step 3010).

  Subsequently, the web browser program 620 of the user device 140 displays the received menu screen (step 3011).

  Furthermore, the Web browser program 620 of the user device 140 causes the user to select a menu that the user wants to execute from the displayed menu screen. In this embodiment, an example of selecting access right registration is described. However, even if change or deletion is selected, the processing after this step is the same. Good (step 3012).

  The Web browser program 620 of the user device 140 transmits the information on the menu selected by the user in step 3013 to the attribute certificate management device 130 (step 3013).

  In the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 receives the menu information transmitted by the user apparatus 140 (step 3014).

  Next, the procedure after step 3014 in FIG. 14 will be described with reference to FIG.

  The attribute certificate management apparatus 130 transmits a screen for registering an access right to the user apparatus 140 based on the menu information received in step 3014 (step 3015).

  In the user device 140, the Web browser program 620 receives the access right registration screen transmitted in step 3015 (step 3016).

  Subsequently, the Web browser program 620 of the user device 140 displays an access right registration screen (step 3017).

  Further, the Web browser program 620 of the user device 140 causes the user to input information necessary for registration of access right, etc., on the access right registration screen. For example, it is assumed that a list of attribute certificates owned by the user is displayed and information of service providers that may be disclosed is assigned to each attribute certificate or for each attribute information in each attribute certificate. (Step 3018).

  The Web browser program 620 of the user device 140 transmits information such as registration input by the user in step 3019 to the attribute certificate management device 130 (step 3019).

  In the attribute certificate management device 130, the registration information transmitted by the user device 140 is received by the attribute certificate disclosure program 530 (step 3020).

  Subsequently, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 transmits a screen for confirming registration of access rights to the user apparatus 140 based on the registration information received in the above step 3021 ( Step 3021).

In the user device 140, the Web browser program 620 receives the access right registration confirmation screen transmitted in step 3021 (step 3022).
Subsequently, the Web browser program 620 of the user device 140 displays an access right registration confirmation screen (step 3023).

  Further, the Web browser program 620 of the user device 140 displays the information input in the above step 3018 as an access right registration confirmation screen, for example, as a confirmation result from determining, correcting or canceling the content. Next, the user is made to select the contents to be executed (step 3024).

  The Web browser program 620 of the user device 140 transmits the confirmation result selected by the user in step 3024 to the attribute certificate management device 130 (step 3025).

  In the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 receives the confirmation result transmitted by the user apparatus 140 (step 3026).

  Subsequently, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 shifts the processing to the next step 3028 when the confirmation result received in the above step 3026 indicates that the registration is determined. . If the confirmation result indicates that the registration is to be corrected, the process returns to step 3015. If the confirmation result indicates that the registration is cancelled, for example, the process returns to step 3009 (step 3027).

  If registration is determined in step 3027, the setting information 560 relating to attribute disclosure is recorded to reflect the contents of the registration information received in step 3020 (step 3028).

  Further, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 transmits a message to the user apparatus 140 that the reflection of the access right implemented in step 3028 is completed (step 3029).

In the user device 140, the Web browser program 620 receives the completion result screen transmitted in step 3029 (step 3030).
Subsequently, the Web browser program 620 of the user device 140 displays a completion result screen (step 3031).

  FIG. 16 is a diagram illustrating an outline of a processing flow of qualification authentication using the attribute certificate management apparatus according to the second embodiment of the present invention. This processing flow is a procedure for disclosing an attribute certificate to the service provider 150, which is performed after the processing such as access right registration in FIG. 13 is performed. In this processing flow, the service providing apparatus 150 uses the attribute certificate to confirm the user's qualifications and attributes among the user apparatus 140, the service providing apparatus 150, and the attribute certificate management apparatus 130. Describe the procedure.

  In FIG. 16, the user device 140 transmits a service request to the service providing device 150. The service providing apparatus transmits an authentication request to the user apparatus. The user device receives the authentication request, generates authentication information, and transmits the authentication information to the service providing device. The service providing apparatus authenticates the other party who has accessed from the authentication information, and then transmits a request for acquiring the attribute certificate of the user to the attribute certificate management apparatus.

  The attribute certificate management apparatus transmits an authentication request to the service providing apparatus. The service providing apparatus receives the authentication request, generates authentication information, and transmits the authentication information to the attribute certificate management apparatus. The attribute certificate management apparatus transmits the user's attribute certificate to the service providing apparatus based on the access right of the attribute certificate set in advance. If the attribute certificate is encrypted, an encryption key for decrypting it is also transmitted. The service providing apparatus transmits the service provision content to the user apparatus according to the result of verifying the received attribute certificate. The above is one embodiment of the attribute certificate management method according to the present invention.

  FIG. 17 is a diagram showing a detailed processing flow of the contents of FIG. In FIG. 17, the user device 140 starts the Web browser program 620, inputs a URL for accessing a service provided by the service providing device 150, and transmits a service request to the service providing device 150 (step). 4001).

In the service providing apparatus 150, the service providing program 720 receives the service request transmitted from the user apparatus 140 (step 4002).
When the service request is received in the above step, the service providing program 720 transmits a request for authentication information necessary for authenticating the user, that is, an authentication request to the user device 140. For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to this step (step 4003).

The user device 140 receives the authentication request transmitted in step 2003 using the web browser program (step 4004).
Subsequently, the user device 140 uses the Web browser program 620 to generate authentication information corresponding to the authentication request. For example, in the case of authentication in SSL or TLS, this corresponds to generation of electronic signature data using the user's private key 650 (step 4005).

  Further, the user device 140 transmits the authentication information generated in step 2005 and other information necessary for verifying the authentication information to the service providing device 150. For example, in the case of authentication by SSL or TLS, in addition to the electronic signature data, the user's public key certificate 380 is also transmitted as information transmitted from the user device 140 to the service providing device 150 (step 4006).

  In the service providing apparatus 150, the service providing program 720 receives the authentication information transmitted by the user apparatus 140 (step 4007).

  Subsequently, in the service providing apparatus 150, the authentication / authorization program 730 verifies the authentication information transmitted by the user apparatus 140 and authenticates the user. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the user device is verified using the user's public key certificate 380 and the authentication path of the user's public key certificate 380 is changed. This is equivalent to verifying and confirming that the service providing apparatus can trace to a trust anchor certificate set in advance. Note that a certificate serving as a trust anchor is included in the access control information 760. If necessary, the certificate authority device 110 is accessed to acquire the revocation information 370, and the validity of the user's public key certificate 380 is also confirmed based on the revocation information (step 4008).

  When the user authentication is completed in step 4008, the authentication / authorization program 730 of the service providing apparatus 150 transmits a message requesting the attribute certificate of the user to the attribute certificate management apparatus 130. . The request includes information on the owner of the requested attribute certificate (that is, the user in the present embodiment), the type of requested attribute information, and the like (step 4009).

  In the attribute certificate management device 130, the attribute certificate request transmitted from the service providing device 150 is received by the attribute certificate disclosure program 530 (step 4010).

  When the attribute certificate request is received in the above step, the attribute certificate disclosure program 530 sends a request for authentication information necessary for authenticating the requester of the attribute certificate, that is, an authentication request to the service providing apparatus 150. Send. For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to this step (step 4011).

  In the service providing apparatus 150, the authentication / authorization program 730 receives the authentication request transmitted in step 4011 (step 4012).

  Subsequently, the service providing apparatus 150 uses the authentication / authorization program 730 to generate authentication information corresponding to the authentication request. For example, authentication in SSL or TLS corresponds to generation of electronic signature data using the secret key 790 of the service providing apparatus (step 4013).

  Further, the service providing apparatus 150 transmits the authentication information generated in step 4013 and other information necessary for verifying the authentication information to the attribute certificate management apparatus 130. For example, in the case of authentication by SSL or TLS, in addition to the electronic signature data, the public key certificate 791 of the service providing apparatus is also transmitted as information transmitted from the service providing apparatus 150 to the attribute certificate management apparatus 130 (Step S1). 4014).

  The attribute certificate management apparatus 130 receives the attribute certificate in the attribute certificate disclosure program 530 transmitted by the service providing apparatus 150 (step 4015).

  Subsequently, the attribute certificate management apparatus 130 verifies the authentication information transmitted by the service providing apparatus 150 by the attribute certificate disclosure program 530 and authenticates the requester of the attribute certificate. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the service providing apparatus is verified using the public key certificate 791 of the service providing apparatus, and the public key certificate 791 of the service providing apparatus is authenticated. This is equivalent to verifying the path and confirming that the service providing apparatus can trace to a trust anchor certificate set in advance. Note that a certificate serving as a trust anchor is included in the access control information 550. Further, if necessary, the certificate authority device 110 is accessed to acquire the revocation information 370, and the validity of the public key certificate 791 of the service providing device is also confirmed based on the revocation information (step 4016).

  When the authentication is successful in step 4016, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 is requested based on the access right of the attribute certificate set in the setting information 560 related to attribute disclosure. It is determined whether the authenticated service providing apparatus can access the user's attribute certificate. If access is permitted, the attribute certificate is transmitted to the service providing apparatus 150.

  If an encrypted attribute certificate is used, the encryption key used for encrypting the attribute information of the attribute certificate is also transmitted. If authentication fails in step 4016, or if access is denied in this step, a message that denies access to the attribute certificate is returned (step 4017).

  In the service providing apparatus 150, the authentication / authorization program 730 receives the attribute certificate transmitted in step 4017. When an encrypted attribute certificate is used, the encryption key used when encrypting the attribute information of the attribute certificate is also received. If an access refusal message is received, the subsequent processing proceeds as a result of failure of authentication / authorization (step 4018).

  Subsequent processing is the same as Step 2038 to Step 2043 shown in FIG.

  By carrying out the above procedure, it is possible to disclose an appropriate attribute certificate to the service provider without introducing a special program on the user device side. Further, even when the Web browser program installed in the user device does not have a function such as redirection, the attribute certificate can be handled.

  FIG. 18 is a diagram illustrating an outline of a processing flow of qualification authentication using the attribute certificate management apparatus according to the third embodiment of the present invention. In this processing flow, the service providing apparatus 150 uses the attribute certificate to confirm the user's qualifications and attributes among the user apparatus 140, the service providing apparatus 150, and the attribute certificate management apparatus 130. Describe the procedure.

  In FIG. 18, the user device 140 transmits a service request to the service providing device 150. The service providing apparatus transmits an authentication request to the user apparatus. The user device receives the authentication request, generates authentication information, and transmits the authentication information to the service providing device. The service providing apparatus authenticates the other party who has accessed from the authentication information, and then transmits a list of attribute certificate acquisition sources to the user apparatus. The user device displays a list of attribute certificate acquisition sources, causes the user to select it, and transmits the selected information to the service providing device.

  The service providing apparatus transmits a request for information necessary to acquire the attribute certificate to the attribute certificate management apparatus via the user apparatus based on the received acquisition destination information. The attribute certificate management device transmits an authentication request to the user device. The user device receives the authentication request, generates authentication information, and transmits it to the attribute certificate management device. The attribute certificate management apparatus transmits a list of attribute certificates to the user apparatus after authenticating the other party who has accessed from the authentication information. The user device displays a list of attribute certificates, causes the user to select it, and transmits the selected information to the attribute certificate management device.

  The attribute certificate management apparatus transmits pointer information related to the attribute certificate to the service providing apparatus that is the request source of the attribute certificate via the user apparatus. The service providing apparatus transmits an attribute certificate acquisition request of the user to the attribute certificate management apparatus based on the received pointer information of the attribute certificate. The attribute certificate management apparatus transmits an authentication request to the service providing apparatus. The service providing apparatus receives the authentication request, generates authentication information, and transmits the authentication information to the attribute certificate management apparatus.

  The attribute certificate management apparatus transmits the user's attribute certificate to the service providing apparatus based on the access right of the attribute certificate set in advance. If the attribute certificate is encrypted, an encryption key for decrypting it is also transmitted. The service providing apparatus transmits the service provision content to the user apparatus according to the result of verifying the received attribute certificate. The above is one embodiment of the attribute certificate management method according to the present invention.

  FIG. 19 is a diagram showing a detailed processing flow of the contents of FIG. Since the user apparatus 140 transmits a service request to the service providing apparatus 150, the attribute certificate management apparatus 130 displays a list of attribute certificates for the user and allows the user to select the attribute certificate. The procedure until the information is transmitted to the attribute certificate management apparatus is the same as the contents shown in the explanation from step 2001 in FIG. 10 to step 2033 in FIG.

  Subsequent to step 2033, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 executes a pointer (for example, the issuer name of the attribute certificate) of the user's attribute certificate 480 specified in step 2033. And a serial number) are transmitted to the user apparatus 140 to the service providing apparatus 150 as the return URL. As a message when requesting a document to be transmitted, in addition to the pointer information of the user's attribute certificate specified in the above step 2033, the Web browser program of the user terminal 140 returns the user's attribute to the return URL. Information or a script for enabling transfer of attribute certificate pointer information is also included. If the session information is also received in step 2020, the session information may be included in this message (step 5001).

  The user device 140 receives the message including the attribute certificate transmitted in Step 5001 and the Web browser program 620 (Step 5002).

  The message received in step 5002 is a message for transferring the pointer information of the user's attribute certificate included in the message to the service providing apparatus 150, or a script is described. The Web browser program 620 of the user device 140 transmits the pointer information of the user attribute certificate received in step 5002 to the service providing device 150. If session information in the format to be recorded in the Web browser program 620 is received in step 2018, the session information may be transmitted in addition to this message (step 5003).

  In the service providing apparatus 150, the service providing program 720 receives the pointer information of the attribute certificate transmitted by the user apparatus 140 (step 5004).

  Based on the attribute certificate pointer information received in step 5004, the authentication / authorization program 730 of the service providing apparatus 150 requests the attribute certificate management apparatus 130 to request the user's attribute certificate. Send. The request includes the pointer information of the requested attribute certificate, the type of requested attribute information, and the like (step 5005).

  In the attribute certificate management apparatus 130, the attribute certificate disclosure program 530 receives the attribute certificate request transmitted by the service providing apparatus 150 (step 5006).

  Upon receiving the attribute certificate request in step 5006, the attribute certificate disclosure program 530 sends a request for authentication information necessary for authenticating the requester of the attribute certificate, that is, an authentication request to the service providing apparatus 150. Send to. For example, a request for client authentication by SSL (Secure Socket Layer) or TLS (Transport Layer Security) corresponds to this step (step 5007).

In the service providing apparatus 150, the authentication request transmitted in step 5007 is received by the authentication / authorization program 730 (step 5008).
Subsequently, the service providing apparatus 150 uses the authentication / authorization program 730 to generate authentication information corresponding to the authentication request. For example, authentication in SSL or TLS corresponds to generation of electronic signature data using the secret key 790 of the service providing apparatus (step 5009).

  Further, the service providing apparatus 150 transmits the authentication information generated in step 5009 and other information necessary for verifying the authentication information to the attribute certificate management apparatus 130. For example, in the case of authentication by SSL or TLS, in addition to the electronic signature data, the public key certificate 791 of the service providing apparatus is also transmitted as information transmitted from the service providing apparatus 150 to the attribute certificate management apparatus 130 (Step S1). 5010).

  The attribute certificate management apparatus 130 receives the attribute certificate in the attribute certificate disclosure program 530 transmitted by the service providing apparatus 150 (step 5011).

  Subsequently, the attribute certificate management apparatus 130 verifies the authentication information transmitted by the service providing apparatus 150 by the attribute certificate disclosure program 530 and authenticates the requester of the attribute certificate. For example, in the case of authentication by SSL or TLS, the electronic signature data transmitted from the service providing apparatus is verified using the public key certificate 791 of the service providing apparatus, and the public key certificate 791 of the service providing apparatus is authenticated. This is equivalent to verifying the path and confirming that the service providing apparatus can trace to a trust anchor certificate set in advance.

  Note that a certificate serving as a trust anchor is included in the access control information 550. If necessary, the certificate authority device 110 is accessed to obtain the revocation information 370, and the validity of the public key certificate 791 of the service providing device is also confirmed based on the revocation information (step 5012).

  If the authentication is successful in step 5012, the attribute certificate disclosure program 530 of the attribute certificate management apparatus 130 is requested based on the access right of the attribute certificate set in the setting information 560 regarding attribute disclosure. It is determined whether the authenticated service providing apparatus can access the user's attribute certificate. If access is permitted, the attribute certificate is transmitted to the service providing apparatus 150. If an encrypted attribute certificate is used, the encryption key used for encrypting the attribute information of the attribute certificate is also transmitted. If authentication fails in step 5012, or if access is denied in this step, a message that denies access to the attribute certificate is returned (step 5013).

  In the service providing apparatus 150, the authentication / authorization program 730 receives the attribute certificate transmitted in step 5013. When an encrypted attribute certificate is used, the encryption key used when encrypting the attribute information of the attribute certificate is also received. If an access refusal message is received, the subsequent processing proceeds as a result of failure of authentication / authorization (step 5014). Subsequent processing is the same as Step 2038 to Step 2043 shown in FIG.

  By carrying out the above procedure, it is possible to disclose an appropriate attribute certificate to the service provider without introducing a special program on the user device side.

FIG. 1 is a diagram illustrating a system configuration according to the first embodiment of the present invention. FIG. 2 is a diagram illustrating hardware configurations of a certificate authority device, an attribute certificate authority device, an attribute certificate management device, a user device, and a service providing device. FIG. 3 is a diagram illustrating the configuration of the certificate authority device. FIG. 4 is a diagram illustrating a configuration of the attribute certification authority device. FIG. 5 is a diagram illustrating a configuration of the attribute certificate management apparatus. FIG. 6 is a diagram illustrating the configuration of the user device. FIG. 7 is a diagram illustrating the configuration of the service providing apparatus. FIG. 8 is a diagram illustrating the data specifications of the user's public key certificate and attribute certificate. FIG. 9 is a diagram showing an outline of a processing flow of qualification authentication using the attribute certificate management apparatus according to the first embodiment of the present invention. FIG. 10 is a diagram showing details (first stage) of the processing flow of qualification authentication using the attribute certificate management apparatus according to the first embodiment of the present invention. FIG. 11 is a diagram illustrating details (middle stage) of the processing flow of qualification authentication using the attribute certificate management apparatus according to the first embodiment of the present invention. FIG. 12 is a diagram showing details of the qualification authentication processing flow (second stage) using the attribute certificate management apparatus according to the first embodiment of the present invention. FIG. 13 is a diagram illustrating an outline of a processing flow for setting access rights using the attribute certificate management apparatus according to the second embodiment of the present invention. FIG. 14 is a diagram showing details (first stage) of the processing flow for setting access rights using the attribute certificate management apparatus according to the second embodiment of the present invention. FIG. 15 is a diagram showing details of the processing flow (second stage) of access right setting using the attribute certificate management apparatus according to the second embodiment of the present invention. FIG. 16 is a diagram illustrating an outline of a processing flow of another aspect of qualification authentication using the attribute certificate management apparatus according to the second embodiment of the present invention. FIG. 17 is a diagram illustrating details of a processing flow of another aspect of qualification authentication using the attribute certificate management apparatus according to the second embodiment of the present invention. FIG. 18 is a diagram illustrating an outline of a processing flow of another aspect of qualification authentication using the attribute certificate management apparatus according to the third embodiment of the present invention. FIG. 19 is a diagram illustrating details of a processing flow of another aspect of qualification authentication using the attribute certificate management apparatus according to the third embodiment of the present invention.

Explanation of symbols

110 Certificate Authority Device 120 Attribute Certificate Authority Device 130 Attribute Certificate Management Device 140 User Device 150 Service Providing Device 160 Network 210 Input Device 220 Display Device 230 CPU
240 Memory 250 Storage Device 260 Communication Device 270 Bus 310 Operating System 320 Public Key Certificate Issuance Program 330 Revocation Information Issuance Program 350 Certification Authority Private Key 360 Certification Authority Public Key Certificate 370 Revocation Information 380 User Public Key Certificate 410 Operating system 420 Attribute certificate issuing program 430 Attribute certificate revocation information issuing program 450 Attribute certificate authority private key 460 Attribute certificate authority public key certificate 470 Attribute certificate revocation information 480 User attribute certificate 510 Operating system 520 Attribute certificate registration program 530 Attribute certificate disclosure program 550 Access control information 560 Setting information regarding attribute disclosure 570 Encryption key 610 Operating system 620 Web browser Program 650 User's private key 710 Operating system 720 Service providing program 730 Authentication / authorization program 750 Service providing data 760 Access control information 770 Information on attribute conditions 780 Attribute certificate acquisition destination information 790 Service providing device private key 791 Service Public key certificate of the providing device

Claims (17)

In an attribute certificate management system in which an attribute certificate management apparatus, a service providing apparatus, and a user apparatus are connected via a network, the attribute information of a user who intends to use the service by the service providing apparatus that provides the service on the network Attribute certificate management method when confirming
The attribute certificate management apparatus includes an attribute certificate disclosure unit that manages user attribute certificates, and the attribute certificate management apparatus stores user attribute certificates in advance. In
The service providing device executes an authentication request step of transmitting an authentication request to the user device in response to an access from the user device used by the user,
The user device receives the authentication request, and executes an authentication information transmission step for generating and transmitting authentication information,
The service providing device executes the user authentication step on the service providing device side such as receiving the authentication information and performing user authentication,
The service providing apparatus executes an attribute certificate acquisition destination acquisition step of acquiring attribute certificate acquisition destination information,
The service providing apparatus executes an attribute certificate requesting step of transmitting a message for requesting an attribute certificate to the attribute certificate management apparatus that is an acquisition destination of the acquired attribute certificate via the user. ,
The user device receives an attribute certificate request message and executes an attribute certificate request transfer step of transferring the attribute certificate to the attribute certificate management device.
The attribute certificate management device executes an attribute certificate request receiving step of receiving a message for requesting an attribute certificate;
The attribute certificate management device executes an attribute certificate management device side user authentication step for authenticating a user device that has transmitted a message for requesting an attribute certificate,
The attribute certificate management device executes an attribute certificate selection step of selecting an attribute certificate that may be presented to a service provider,
The attribute certificate management device executes an attribute certificate transmission step of transmitting the selected attribute certificate to the service providing device via the user;
The user device executes an attribute certificate transfer step of receiving the attribute certificate and transferring the attribute certificate to the service providing device;
The service providing device receives the attribute certificate, verifies the attribute certificate, authorizes the service based on the attribute information in the attribute certificate, and executes the service according to the authorization result. An attribute certificate management method characterized in that: In an attribute certificate management system in which an attribute certificate management device, a service providing device, and a user device are connected via a network,
In order to set the disclosure authority of the attribute certificate with the attribute certificate management device for a plurality of service providing devices that provide services on the network,
The attribute certificate management device executes an authentication request step of transmitting an authentication request to the user device in response to an access from the user device used by the user,
The user device receives the authentication request, and executes an authentication information transmission step for generating and transmitting authentication information,
The attribute certificate management device receives the authentication information and executes a user authentication step for authenticating a user,
When the attribute certificate management device receives a request from the user device to register, change or delete the disclosure authority of the user's attribute certificate, a screen for inputting setting information corresponding to the request Execute the setting screen transmission step to transmit the information of
The user device receives and displays information on a screen for inputting setting information, causes the user to input setting information necessary for registering, changing, or deleting the disclosure of the attribute certificate. Execute the setting information input step to be sent to the attribute certificate management device,
The attribute certificate management device receives the setting information and executes a disclosure authority setting step for reflecting the setting information in the attribute certificate management device;
Furthermore, in order for the service providing apparatus that provides the service on the network to check the attribute information of the user who intends to use the service,
The attribute certificate management apparatus includes an attribute certificate disclosure unit that manages user attribute certificates, and the attribute certificate management apparatus stores user attribute certificates in advance. In
The service providing device executes an authentication request step of transmitting an authentication request to the user device in response to an access from the user device used by the user,
The user device receives the authentication request, and executes a user authentication information transmission step for generating and transmitting authentication information,
The service providing apparatus receives the authentication information and executes a user authentication step for authenticating a user,
The service providing apparatus executes an attribute certificate requesting step of transmitting a message for requesting an attribute certificate to the attribute certificate management apparatus,
The attribute certificate management device executes an attribute certificate request receiving step of receiving a message for requesting an attribute certificate;
The attribute certificate management device executes a service providing device authentication request step of transmitting an authentication request to the service providing device in response to access from the service providing device,
The service providing apparatus receives the authentication request, and executes a service providing apparatus authentication information transmission step for generating and transmitting authentication information.
The attribute certificate management device receives the authentication information and executes a service providing device authentication step for authenticating the service providing device,
The attribute certificate management device executes an attribute certificate acquisition step of acquiring an attribute certificate for which disclosure authority is given to the service provider,
The attribute certificate management apparatus executes an attribute certificate information transmission step of transmitting the selected attribute certificate and related information to the service providing apparatus,
The service providing apparatus receives the attribute certificate information, verifies the attribute certificate, authorizes the service based on the attribute information in the attribute certificate, and executes the service according to the authorization result. An attribute certificate management method characterized by executing a step. In an attribute certificate management system in which an attribute certificate management apparatus, a service providing apparatus, and a user apparatus are connected from a network, the attribute information of a user who intends to use the service by the service providing apparatus that provides the service on the network Attribute certificate management method when confirming
The attribute certificate management apparatus includes an attribute certificate disclosure unit that manages user attribute certificates, and the attribute certificate management apparatus stores user attribute certificates in advance in the attribute certificate management apparatus. ,
The service providing device executes an authentication request step of transmitting an authentication request to the user device in response to an access from the user device used by the user,
The user device receives the authentication request, and executes an authentication information transmission step for generating and transmitting authentication information,
The service providing apparatus executes the user authentication step on the service providing apparatus side that receives the authentication information and performs user authentication,
The service providing apparatus executes an attribute certificate acquisition destination acquisition step of acquiring attribute certificate acquisition destination information,
The service providing apparatus executes an attribute certificate request step of transmitting a message for requesting an attribute certificate to the attribute certificate management apparatus that is an acquisition destination of the acquired attribute certificate via the user. ,
The user device receives an attribute certificate request message and executes an attribute certificate request transfer step of transferring the attribute certificate to the attribute certificate management device.
The attribute certificate management device executes an attribute certificate request receiving step of receiving a message for requesting an attribute certificate;
The attribute certificate management device executes an attribute certificate management device side user authentication step for authenticating a user device that has transmitted a message for requesting an attribute certificate,
The attribute certificate management device executes an attribute certificate selection step of selecting an attribute certificate that may be presented to a service provider;
The attribute certificate management apparatus executes an attribute certificate pointer information transmission step of transmitting pointer information related to the selected attribute certificate to the service providing apparatus via the user,
The user device receives the attribute certificate pointer information and executes an attribute certificate pointer information transfer step of transferring to the service providing device,
The service providing apparatus executes an attribute certificate request step of receiving attribute information pointer information and transmitting a message for requesting an attribute certificate to the attribute certificate management apparatus based on the pointer information,
The attribute certificate management device executes a service providing device authentication request step of transmitting an authentication request to the service providing device in response to access from the service providing device,
The service providing apparatus receives the authentication request, and executes a service providing apparatus authentication information transmission step for generating and transmitting authentication information.
The attribute certificate management device receives the authentication information and executes a service providing device authentication step for authenticating the service providing device,
The attribute certificate management device executes an attribute certificate request receiving step of receiving a message for requesting an attribute certificate;
The attribute certificate management device executes an attribute certificate acquisition step of acquiring an attribute certificate that is authorized to be disclosed to the service provider;
The attribute certificate management apparatus executes an attribute certificate information transmission step of transmitting the selected attribute certificate and related information to the service providing apparatus,
The service providing apparatus receives the attribute certificate information, verifies the attribute certificate, authorizes the service based on the attribute information in the attribute certificate, and executes the service according to the authorization result. An attribute certificate management method characterized by executing a step. In the attribute certificate management method according to claim 1 or claim 3,
The attribute certificate acquisition destination acquisition step includes:
The service providing device transmits a list of attribute certificate acquisition destinations to the user device,
The user device receives and displays a list of attribute certificate acquisition destinations, causes the user to select an attribute certificate acquisition destination from the list, and provides information on the selected attribute certificate acquisition destination. An attribute certificate management method characterized by being realized by transmitting to a service providing apparatus. In the attribute certificate management method according to claim 1 or claim 3,
The authorization step includes
The service providing apparatus is embodied by including pre-recording attribute certificate acquisition destination information when service authorization is successful,
The attribute certificate acquisition destination acquisition step includes:
An attribute certificate management method, characterized in that the service providing apparatus is embodied by reading the acquisition source information recorded in an authorization step performed in the past. In the attribute certificate management method according to claim 1 or claim 3,
The attribute certificate management device side user authentication step includes:
The service providing device transmits an authentication request to the user device in response to an access from the user device used by the user,
The user device receives the authentication request, generates and transmits authentication information,
The service providing apparatus is embodied by receiving the authentication information and authenticating a user. An attribute certificate management method, comprising: In the attribute certificate management method according to claim 1 or claim 3,
The attribute certificate request step includes:
The service providing apparatus is embodied by including authenticated information indicating that the attribute certificate request is authenticated, and the attribute certificate management apparatus side user authentication step includes:
An attribute certificate management method, characterized in that the attribute certificate management device is embodied by verifying the authenticated information as user authentication. In the attribute certificate management method according to claim 1 or claim 3,
The attribute certificate selection step includes:
The attribute certificate management device executes an attribute certificate list transmission step of transmitting a list of authenticated user attribute certificates to the user device;
The user device receives and displays a list of attribute certificates, causes the user to select an attribute certificate that may be presented to the service providing device from the list, and displays information about the selected attribute certificate. Performing an attribute certificate user selection step of transmitting to the attribute certificate management device;
An attribute certificate management method, characterized in that the attribute certificate management apparatus is embodied by executing an attribute certificate selection information reception step of receiving information on the selected attribute certificate. In the attribute certificate management method according to claim 8,
The attribute certificate list transmission step includes:
Of the user's attribute certificates stored in the attribute certificate management apparatus, only valid and suitable attribute conditions are used as a list of the user's attribute certificates, and the list of attribute certificates is used as the user apparatus. An attribute certificate management method characterized by being realized by transmitting to the server. In the attribute certificate management method according to claim 8,
The attribute certificate list transmission step includes:
Compared to the white list or black list of the service providing device recorded in advance in the attribute certificate management device, only the one suitable for presentation is used as the list of the attribute certificate of the user, and the attribute certificate list is used. An attribute certificate management method characterized by being realized by transmitting to a user device. In the attribute certificate management method according to claim 2 or claim 3,
The attribute certificate information in the attribute certificate transmission step is one or more used for encrypting the attribute certificate of the user attribute certificate and, when the attribute certificate is encrypted, the attribute certificate information of the user. It is realized by including the encryption key of
The authorization step is
Attribute certification characterized in that when service authorization is performed based on the attribute information in the attribute certificate, the attribute information is decrypted using the encryption key and the service authorization is performed. Document management method. A service providing apparatus that provides a service on a network is a service providing apparatus used when checking attribute information of a user who intends to use the service,
In response to access from the user device used by the user, an authentication request transmission function for transmitting an authentication request to the user device;
A user authentication function for authenticating a user using the authentication information received from the user device;
Attribute certificate acquisition destination acquisition function to acquire attribute certificate acquisition destination information,
An attribute certificate request transmission function for transmitting a message for requesting an attribute certificate to the acquisition destination of the acquired attribute certificate via the user;
An authorization function for receiving a user attribute certificate via the user, verifying the attribute certificate, and authorizing a service based on attribute information in the attribute certificate. Service providing device. A service providing apparatus that provides a service on a network is an attribute certificate management apparatus used when confirming attribute information of a user who intends to use the service,
An attribute certificate registration function for registering and storing the user's attribute certificate; and
An attribute certificate request reception function for receiving a message for requesting an attribute certificate from a user device;
A user authentication function for authenticating a user device that has sent a message for requesting an attribute certificate;
Attribute certificate selection function to select an attribute certificate that may be presented to the service provider;
An attribute certificate management apparatus, comprising: an attribute certificate information transmission function for transmitting a selected attribute certificate or pointer information thereof to a service providing apparatus that is a return destination via the user. A service providing apparatus that provides a service on a network is an attribute certificate management apparatus used when confirming attribute information of a user who intends to use the service,
In response to access from the user device used by the user, an authentication request transmission function for transmitting an authentication request to the user device;
A user authentication function for receiving the authentication information from the user device and authenticating the user;
When a request for registering, changing or deleting the disclosure authority of the user's attribute certificate is received from the user device, information on a screen for inputting setting information corresponding to the request is transmitted to the user device. Setting screen transmission function to
An attribute certificate management apparatus, comprising: a disclosure authority setting function that receives setting information from the user apparatus and reflects the setting information in the setting information in the attribute certificate management apparatus. A service providing apparatus that provides a service on a network is a service providing apparatus used when checking attribute information of a user who intends to use the service,
An authentication request transmission function for transmitting an authentication request to the user device in response to an access from the user device used by the user;
A user authentication function for receiving authentication information from the user device and authenticating the user;
An attribute certificate request transmission function for transmitting a message for requesting an attribute certificate to the attribute certificate management device;
A service providing apparatus authentication information transmission function for receiving an authentication request from the attribute certificate management apparatus and generating and transmitting authentication information;
An authorization function for receiving attribute certificate information from the attribute certificate management device, verifying the attribute certificate, and authorizing a service based on the attribute information in the attribute certificate. Service providing device. An attribute certificate management device according to claim 14,
Furthermore,
An attribute certificate request receiving function for receiving a message for requesting an attribute certificate from a service providing device;
A service providing device authentication request function for transmitting an authentication request to the service providing device in response to an access from the service providing device;
A service providing device authentication function for receiving authentication information from the service providing device and authenticating the service providing device;
An attribute certificate acquisition function for acquiring an attribute certificate that is authorized to be disclosed to the service provider;
An attribute certificate management apparatus, comprising: an attribute certificate information transmission function for transmitting the selected attribute certificate and related information to the service providing apparatus. A service providing apparatus that provides a service on a network is a service providing apparatus used when checking attribute information of a user who intends to use the service,
In response to access from the user device used by the user, an authentication request transmission function for transmitting an authentication request to the user device;
A user authentication function for authenticating a user using the authentication information received from the user device;
Attribute certificate acquisition destination acquisition function to acquire attribute certificate acquisition destination information,
An attribute certificate request transmission function for transmitting a message for requesting an attribute certificate to the acquisition destination of the acquired attribute certificate via the user;
An attribute certificate pointer information receiving function for receiving pointer information to the user's attribute certificate via the user;
An attribute certificate request transmission function for transmitting a message for requesting an attribute certificate to the attribute certificate management apparatus based on the acquired pointer information of the attribute certificate;
A service providing apparatus authentication information transmission function for receiving an authentication request from the attribute certificate management apparatus and generating and transmitting authentication information;
An authorization function that receives user attribute certificate information from the attribute certificate management device, verifies the attribute certificate, and authorizes a service based on the attribute information in the attribute certificate. A service providing apparatus.

Images