JP7494604B2 - Authentication method, line connection device, authentication system, and computer program - Google Patents

Description

The present invention relates to an authentication method, a line connection device, an authentication system, and a computer program.

Strict regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which is attracting attention as the US version of the GDPR, are appearing one after another, making the handling of personal information even more important. At the same time, mobile devices such as smartphones have become explosively popular among individuals, and with the development of communication networks, electronic commerce using smartphones is becoming more and more common.

Identity authentication is a key technology when providing systems and applications that comply with required regulations and are easy for users to use. Patent Document 1 discloses an authentication system called FIDO (Fast Identity Online) that uses personal biometric information. FIDO is based on the premise that the user has a terminal (also called an authenticator) at hand that determines whether the person is the real person or not.

JP 2018-197997 A

However, while FIDO can guarantee that the person holding the authentication device is the correct person based on personal biometric information, it cannot prove that the person is the correct user (e.g., the user's name, address, etc.). Even if biometric authentication such as fingerprint authentication or face authentication is used, it is possible to impersonate a fictitious person.

The present invention was made in consideration of the above circumstances, and reveals an authentication method, line connection device, authentication system, and computer program that can guarantee the legitimacy of a user.

The present application includes multiple means for solving the above problem, but as one example, an authentication method includes a communication device outputting an authentication request to a line connection device whose installation location is managed by a line carrier or service provider, the line connection device authenticating the communication device and outputting the authentication result to the communication device, and the communication device outputting the authentication result to a service provider device.

The present invention makes it possible to achieve authentication that guarantees the legitimacy and authenticity of users.

1 is a schematic diagram showing a first example of the configuration of an authentication system according to an embodiment of the present invention; FIG. 2 is a block diagram showing an example of a configuration of a communication device. FIG. 2 is a schematic diagram showing an example of the configuration of a line connection device. FIG. 2 is a block diagram showing an example of the functionality of an authentication application. FIG. 2 is a block diagram showing an example of the configuration of a line carrier server. FIG. 11 is an explanatory diagram showing an example of a grouping process of communication devices by a line connection device; 11 is an explanatory diagram showing an example of a grouping process of communication devices by a communication network management server; FIG. 2 is a schematic diagram showing an example of secret sharing data used in the authentication system of the present embodiment. FIG. FIG. 13 is a schematic diagram illustrating an example of grouping information. FIG. 11 is an explanatory diagram illustrating an example of one-route authentication processing for a communication device. FIG. 13 is a schematic diagram showing an example of authentication processing by a line connection device. FIG. 11 is an explanatory diagram showing an example of a two-route authentication process for a communication device. FIG. 11 is an explanatory diagram showing an example of one-route authentication processing using user information for a communication device. FIG. 11 is an explanatory diagram showing an example of a two-route authentication process using user information for a communication device. 11 is an explanatory diagram showing an example of a relationship between the level of approval accuracy of a service provided by a service provider and an authentication result; 13 is a flowchart showing an example of a processing procedure at the time of grouping by a communication device. 10 is a flowchart showing an example of a processing procedure at the time of authentication by a communication device. 10 is a flowchart showing an example of a processing procedure at the time of authentication by a line connection device. FIG. 11 is a schematic diagram showing a second example of the configuration of the authentication system according to the present embodiment.

The following describes an embodiment of the present invention. FIG. 1 is a schematic diagram showing a first example of the configuration of an authentication system according to the present embodiment. The authentication system includes a line connection device 50. A service provider server 10 as a service provider device, a communication device 20, and a line carrier server 30 as a line carrier device are connected to a communication network 1. The communication device 20 and the line connection device 50 are connected by a secret communication path 2, and the line connection device 50 and the line carrier server 30 are connected by a secret communication path 3. In the following description, the communication path between the line connection device 50 and the line carrier server 30 is described as the secret communication path 3, but the secret communication path 3 is not essential. In addition, in this specification, the line connection device does not only mean one line connection device, but also means a group of line connection devices. In other words, it also includes a group of devices in which the line connection device is divided into multiple devices.

Service providers include businesses that provide a variety of services over the Internet. Examples include product sales, reservations for dining, lodging, and travel, insurance and bank account applications, membership organization registration, seminar applications, remote control of home appliances and security cameras, reading newspapers and e-books, renting movies and music, posting on social media, and point management. However, the content of the services is not limited to these.

The communication device 20 may be, for example, a communication terminal such as a smartphone, tablet, or personal computer carried by a user, a connected car, or a device (such as a camera, robot, or IoT device) used in a company (such as an office or factory).

A line operator is a business that provides lines (such as telephone lines or optical fiber) through which users connect to the Internet, and may also act as an Internet service provider (connection to the Internet).

The line connection device 50 includes, for example, a router, a gateway device, a terminal device, etc., which are types of terminal connection devices. The line connection device 50 may be any device that has a line connection function, and may be a device (having a line connection function) that is divided into the same network as the line connection device and subnetted. The line connection device 50 is installed at a location managed by a line operator or a service operator. The installation location of the line connection device 50 may be managed by the line operator, or may be managed by a service operator or a company that a resident has applied to register with the service operator. That is, the line operator or service operator delivers the line connection device 50 to an individual's home, a company's office, a factory, etc., based on a contract with a subscriber such as an individual or a company. The delivered line connection device 50 is (fixedly) installed at the subscriber's home, office, factory, etc., which is an installation location managed by the line operator or service operator. The line connection device 50 is installed at a location with a specified address. As a result, the line connection device 50 can function as a "thing" that can determine user information specified by the contract contents, including the user's name and address. In the following, the description will be given using the line connection device 50 as an example, but the device is not limited to the line connection device 50, and may be any device as long as it is a reliable device located in a private home, a corporate office, a factory, etc., is connected to a network, and is easily noticeable if stolen. Note that the service provider that manages the line connection device 50 may be different from the service provider that manages the service provider server 10.

The secret communication paths 2 and 3 can be, for example, an Internet VPN (Virtual Private Network). The communication network management server 100 manages pairs of global IP addresses and private IP addresses of each device under management, so that it can build an Internet VPN between the communication device 20 and the line connection device 50, and an Internet VPN between the line connection device 50 and the line carrier server 30. Alternatively, the mechanism described in PCT/JP2017/006131 filed by the applicant may be used. For example, the communication device 20 and the line connection device 50 exist in different IP address spaces, such as indoors and outdoors, but can perform P2P communication using IP addresses managed by the communication network management server 100. This improves the security of communication between the communication device 20 and the line connection device 50, and allows access to the line connection device 50 via the Internet.

Figure 2 is a block diagram showing an example of the configuration of the communication device 20. The communication device 20 includes a control unit 21 that controls the entire device, a communication unit 22, a secret communication unit 23, a storage unit 24, a display panel 25, an operation unit 26, and a reading unit 27. The control unit 21 can be composed of a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), etc.

The communication unit 22 is composed of the required communication modules, etc., and provides communication functions with the service provider server 10 via the communication network 1.

The secret communication unit 23 can perform P2P communication with the line connection device 50 in accordance with communication session management by the communication network management server 100.

The storage unit 24 can be configured with a semiconductor memory or the like, and can store information received via the communication unit 22 and the secret communication unit 23, processing results by the control unit 21, and required information. The storage unit 24 can store, for example, an authentication app downloaded from an external server. The authentication app is processed by loading it into the RAM of the control unit 21 or the storage unit 24 and executing it by the CPU.

The display panel 25 can be configured with a liquid crystal panel or an organic EL (Electro Luminescence) display, etc. The operation unit 26 can be configured with, for example, a touch panel incorporated in the display panel 25, and can perform predetermined operations performed by the user on the display panel 25. The operation unit 26 can also perform operations on a keyboard displayed on the display panel 25. The operation unit 26 may also be a hardware keyboard, a mouse, etc.

The reading unit 27 can optically read a specified label, such as a two-dimensional barcode, attached to the line connection device 50 during processing of the authentication application. Note that the reading method is not limited to an optical method such as a two-dimensional barcode, and reading can also be done using an electromagnetic method such as a wireless IC tag. In other words, any method that requires physical proximity to the line connection device 50 during authentication can be used. Using such a method provides a trusted point that can be defended against malicious online attacks from hackers, etc.

Figure 3 is a schematic diagram showing an example of the configuration of line connection device 50. Line connection device 50 includes, for example, a single semiconductor chip configured as a single SoC (System on a Chip), and is equipped with all or part of the hardware required for the operation of line connection device 50 (for example, various processors, memory, communication modules, etc.). Note that line connection device 50 may also include hardware that realizes other control functions.

The line connection device 50 has an execution environment providing unit 53 that runs on a CPU 54. The execution environment providing unit 53 divides the execution environment of software (OS: Operating System, applications, etc.) into two: a normal execution environment 52 (also called normal world or REE: Rich Execution Environment) and a trusted execution environment 51 (secure world or TEE: Trusted Execution Environment) by using, for example, a technology called CPU virtualization support technology (for example, TrustZone (registered trademark)). Memory space, input/output devices, etc. are separated between the normal execution environment 52 and the trusted execution environment 51.

The normal execution environment 52 is an execution environment of a commonly used OS, and access to the trusted execution environment 51 is restricted. The trusted execution environment 51 is an independent execution environment provided separately from the normal execution environment 52 on the same SoC for the purpose of isolating security functions. In order to call a process to be executed in the trusted execution environment 51 from the normal execution environment 52, it is necessary to go through the execution environment providing unit 53. The execution environment providing unit 53 is called, for example, a trusted firmware or a secure monitor.

The normal execution environment 52 includes a normal application 521, a memory 522, and a normal OS 523. The normal application 521 realizes the normal line connection function of the line connection device 50. The normal OS 523 has an interface function between the normal application 521 and the execution environment providing unit 53.

The trusted execution environment 51 includes an authentication application 511, a secure memory 512, and a secure OS 513. The authentication application 511 executes grouping processing (registration processing) of the communication device 20, described below, authentication processing of the communication device 20, and the like. The secure memory 512 can store grouping information, described below, and the like. The secure memory 512 is more tamper-resistant than the memory 522, and is safer in terms of security. The secure OS 513 has an interface function between the authentication application 511 and the execution environment providing unit 53.

The network communication unit 55 may be provided separately in the normal execution environment 52 and the trusted execution environment 51, or may be provided within the normal execution environment 52. The network communication unit 55 can perform P2P communication with the communication device 20 and with the line carrier server 30.

Note that it is not essential to use CPU virtualization support technology to configure the line connection device 50 to have a trusted execution environment 51, and the line connection device 50 may be configured to have only a normal execution environment 52. For example, if the line connection device 50 is a home air conditioner or the like, it does not have a trusted execution environment 51.

Figure 4 is a block diagram showing an example of the functions of the authentication application 511. The authentication application 511 has functions such as a secret communication processing unit 511a, a grouping processing unit 511b, and an authentication processing unit 511c. The secret communication processing unit 511a performs P2P communication with the communication device 20 and with the line carrier server 30 via the network communication unit 55. The grouping processing unit 511b and the authentication processing unit 511c will be described later.

Figure 5 is a block diagram showing an example of the configuration of the line carrier server 30. The line carrier server 30 includes a control unit 31 that controls the entire server, a communication unit 32, a secret communication unit 33, a storage unit 34, a line contract DB 35, and an authentication unit 36. The control unit 31 can be configured with a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), etc.

The communication unit 32 is composed of the required communication modules, etc., and provides communication functions with the service provider server 10 via the communication network 1.

The secret communication unit 33 can perform P2P communication with the line connection device 50 in accordance with communication session management by the communication network management server 100.

The memory unit 34 can be configured with a semiconductor memory or the like, and can store the required information.

The line contract DB 35 can record information about subscribers who have signed up for a line (also referred to as "user information"). The line contract DB 35 includes information such as the subscriber's name, address, sex, date of birth, telephone number, occupation, credit card information, bank account, and an identification number (such as a serial number) that identifies the line-connected device 50. The line contract DB 35 may be configured to be provided in a data server separate from the line carrier server 30.

The authentication unit 36 authenticates the line connection device 50.

Next, the processing of the authentication system of this embodiment will be described. First, the grouping (also called "registration") processing of the communication devices 20 will be described. The grouping processing may be performed by the line connection device 50 or by the communication network management server 100.

Figure 6 is an explanatory diagram showing an example of grouping processing of communication devices 20 by line connection device 50. The processing shown by symbols P1 to P8 will be described below. (P1) As a predetermined operation on line connection device 50, a label such as a two-dimensional barcode attached to line connection device 50 is optically read by communication device 20. Note that the predetermined operation on line connection device 50 may be an operation that can be performed at the installation location of line connection device 50, and may include, for example, an operation on a switch or button provided on line connection device 50. This makes it possible to ensure that the user performing the operation is at the installation location of line connection device 50. In other words, a malicious person who is not at the installation location of line connection device 50 cannot perform unauthorized grouping processing. By adopting such a method, it is possible to increase resistance to cyber attacks via the Internet.

(P2) The grouping request application in the authentication application outputs a grouping request to the line connection device 50.

(P3) The grouping processing unit 511b of the line connection device 50 activates the execution of the grouping process for a predetermined time (e.g., 5 minutes, 10 minutes, etc.). Since the grouping process is only possible for the predetermined time, it is possible to improve security against attacks such as executing the grouping process to record unauthorized grouping information.

(P4) The grouping processing unit 511b outputs a portion of the secret sharing data previously stored in the secure memory 512 to the communication device 20.

(P5) The authentication application of the communication device 20 stores a portion of the acquired secret sharing data in the memory unit 24.

(P6) The authentication application of the communication device 20 generates communication device identification data unique to the communication device and stores it in the memory unit 24. The communication device identification data is a random binary string.

(P7) The communication device 20 outputs the generated communication device identification data to the line connection device 50.

(P8) The line connection device 50 stores the acquired communication device identification data in the secure memory 512. This completes the grouping process, and the grouping information is stored in the secure memory 512. The line connection device 50 and the communication device 20 are grouped (registered) via the shared data (e.g., secret sharing data x, binary string r). At the time of grouping the communication device 20 to be authenticated, the line connection device 50 stores in the communication device 20 a part of the secret sharing data obtained by secretly sharing the specified data. Through the grouping process of the communication device 20, the line connection device 50 can be made to act as the parent device and the communication device 20 as the child device, and the two can be made to recognize the parent/child relationship.

Figure 7 is an explanatory diagram showing an example of grouping processing of communication devices 20 by the communication network management server 100. Below, an example of grouping processing performed by the communication network management server 100 is described, but the grouping processing is not limited to a configuration in which it is performed by the communication network management server 100, and may be performed by another server on the Internet. Below, the processing indicated by symbols P101 to P111 is described. (P101) As a specified operation on the line connection device 50, a label such as a two-dimensional barcode affixed to the line connection device 50 is optically read by the communication device 20.

(P102) The grouping request application in the authentication application outputs a grouping request to the line connection device 50.

(P103) The line connection device 50 outputs a grouping request to the communication network management server 100.

(P104) The communication network management server 100 performs grouping processing. Note that the content of the grouping processing is the same as the grouping processing performed by the line connection device 50.

(P105) The communication network management server 100 outputs a portion of the secret sharing data stored in memory (not shown) to the line connection device 50.

(P106) The line connection device 50 outputs a portion of the secret sharing data obtained from the communication network management server 100 to the communication device 20.

(P107) The authentication application of the communication device 20 stores a portion of the acquired secret sharing data in the memory unit 24.

(P108) The authentication application of the communication device 20 generates communication device identification data unique to the communication device and stores it in the memory unit 24. The communication device identification data is a random binary string.

(P109) The communication device 20 outputs the generated communication device identification data to the line connection device 50.

(P110) The line connection device 50 outputs the acquired communication device identification data to the communication network management server 100.

(P111) The communication network management server 100 stores the acquired communication device identification data in memory (not shown). This completes the grouping process, and the communication network management server 100 stores the grouping information, which is the result of the grouping process.

Figure 8 is a schematic diagram showing an example of secret sharing data used in the authentication system of this embodiment. The specified data before secret sharing is A, and the secret shared data are a and b. Secret sharing involves dividing the data A before sharing into multiple data a and b while encrypting it. The specified data before secret sharing is X, and the secret shared data are x and y. The line connection device 50 stores the secret sharing data a, b, and x in advance. The secret sharing data a, b, and x are stored, for example, before the line connection device 50 is shipped, that is, before it is delivered to the home, office, or factory of the subscriber. The memory unit of the line carrier server 30 stores the secret sharing data y. Furthermore, the memory unit 24 of the communication device 20 does not store data related to secret sharing.

When grouping, the line connection device 50 outputs the secret shared data a and x stored in the secure memory 512 to the communication device 20, and can store it in the storage unit 24 of the communication device 20. When grouping, the communication device 20 generates a binary string r and stores it in the storage unit 24. The communication device 20 also outputs the generated binary string r to the line connection device 50. The line connection device 50 stores the acquired binary string in the secure memory 512. The secret shared data a, b, x and the binary string r stored in the secure memory 512 constitute grouping information. Note that the secret shared data a may be deleted.

FIG. 9 is a schematic diagram showing an example of grouping information. The line connection device 50 can store grouping information for each communication device to be grouped in association with the communication devices in the group. As shown in FIG. 9, for a certain line connection device 50, the communication devices to be grouped that form one group are D1, D2, D3, .... The line connection device 50 stores the secret shared data a and b of the pre-distribution data A, the secret shared data x of the pre-distribution data X, and the binary string r1 generated by the communication device D1 as the grouping information for the communication device D1. Similarly, the line connection device 50 stores the secret shared data a and b of the pre-distribution data A, the secret shared data x of the pre-distribution data X, and the binary string r2 generated by the communication device D2 as the grouping information for the communication device D2. The same applies to the other communication devices D3, .... The secret shared data a may be deleted.

As a result, even if multiple users form a family and share one line-connected device 50, it is possible to individually authenticate the communication device 20 owned by each user. In addition, the correspondence between the line-connected device 50 and one or more grouped communication devices 20 is managed by the communication network management server 100.

The line connection device 50 can obtain the location information of the communication device 20 to be authenticated, for example, via WiFi, by using the GPS function of the communication device 20 to be authenticated. The line connection device 50 calculates approximate GPS information based on the address information recorded and managed in the line contract DB 35 managed by the line operator, and if there is no significant difference between the acquired location information and the calculated GPS information, it records and manages it as correct address information in the line contract DB 35, or records it as a result of correct authentication in the line connection device 50. As a result, the communication device 20 to be authenticated can be registered based on whether it is within a specified range from the installation location of the line connection device 50. This makes it possible to ensure that the user who performs grouping is at the installation location of the line connection device 50. In other words, since a malicious person who is not at the installation location of the line connection device 50 cannot perform illegal grouping processing, it is possible to prevent illegal devices and devices from being grouped.

Furthermore, when subsequently grouping another communication device 20, it is only necessary to determine whether the information recorded in the line connection device 50 or the line contract DB 35 and the location information of the communication device 20 to be newly grouped are within an acceptable range of deviation. In other words, all devices and equipment other than those that have not been grouped can be blocked. To further improve the accuracy of authentication, there is also a method of checking both the line connection device 50 and the line contract DB 35.

In addition, when registering communication devices 20 other than the user's communication device 20 to be grouped in the grouping process, user information identifying the user of the communication device 20 (including, for example, address, gender, date of birth, and telephone number) may be recorded in the line contract DB 35. By registering the user in advance, it is possible to eliminate and simplify the registration process when a user who uses a communication device 20 other than the user's communication device 20 performs a similar procedure, and it is also possible to confirm the identity of the user (individual), thereby improving security.

In the above example, secret shared data is used during grouping, but this is not limiting. Other secret data can be used instead of or in addition to the secret shared data. A public key cryptography system can also be used.

Next, the authentication process for the communication device 20 will be described. In the following example, two-factor authentication will be used as an example.

Figure 10 is an explanatory diagram showing an example of one-route authentication processing for a communication device 20. The processing indicated by symbols P11 to P16 will be described below. (P11) The communication device 20 outputs a service request to the service provider server 10. The service request can be made to the service provider server 10 using, for example, the user ID or email address of the user of the communication device 20 and a password, etc., according to the content of the service desired by the user. The password corresponds to what the user knows (knowledge information) in the two-factor authentication.

(P12) The service provider server 10 outputs an approval request to the communication device 20. The approval request requests information about the user (including personal information, etc.) in addition to whether the user is a real person, depending on the content of the service.

(P13) The communication device 20 outputs an authentication request to the line connection device 50.

(P14) The line connection device 50 authenticates the communication device 20 based on the grouping information. Authentication of the communication device 20 includes, for example, authentication of the user who uses the communication device 20 (e.g., a smartphone, tablet, personal computer, etc.) used by an individual, and authentication of the communication device 20 (e.g., a camera, robot, IoT device, etc.) installed in an office or factory as a device. Specific examples of authentication methods will be described later.

(P15) The line connection device 50 outputs the authentication result to the communication device 20. In FIG. 10, authentication focusing on the line connection device 50 is described, but the communication network management server 100 may be used instead of the line connection device 50.

(P16) The communication device 20 outputs the authentication result to the service provider server 10. If the authentication is not successful, the communication device 20 may output an error, but instead of the error, it can output a dummy authentication result to the service provider server 10. Since the unauthorized user obtains the dummy authentication result, the unauthorized user does not realize that the authentication has not been successful, even though the authentication has not actually been successful. The authentication result and the method obtained by the authentication process of the line connection device 50 correspond to what the user has (possessed information) in two-factor authentication. The advantage is that not only does the user not need to always carry it on hand, but also that there is no need to carry a token such as an IC card distributed by the service provider for each service provider. In other words, the same mechanism can be used for two-factor authentication based on possessed information, regardless of the service provider.

In FIDO, the completion of identity authentication simply means that a FIDO-certified authentication device is used to ensure that the person being authenticated is the person registered in the authentication device based on the person's personal biometric information. FIDO-type methods cannot prevent false addresses and names from being registered when initially registering with a service provider. Other issues with fingerprint authentication include its vulnerability to fraudulent attacks using materials such as gummies. With facial authentication, it is possible to impersonate someone else using photographs or 3D images, and there are also issues from the perspective of protecting personal information, so there are still several issues remaining with the biometric authentication used in FIDO.

On the other hand, in the authentication using the line connection device 50 of this embodiment, since personal biometric authentication is not required, there is no problem in terms of the possibility of impersonation or protection of personal biometric information. The line connection device 50 is installed at a location (e.g., the address of the subscriber) managed by the line carrier, and the subscriber's personal information (e.g., name, gender, date of birth, etc.) is also managed, so that the name, address, date of birth, gender, etc. of the user who uses the line connection device 50 can be determined. In other words, authentication of the communication device 20 by the line connection device 50 means that the user's name, address, date of birth, gender, etc. are determined, and the legitimacy and authenticity of the user can be guaranteed. The legitimacy of the user means that the name, address, date of birth, and gender are each legitimate. The authenticity of the user means that the name, address, date of birth, and gender are each genuine. The immobile line connection device 50 is placed in a place (e.g., a home, an office, a factory, etc.) where the person or object to be authenticated is closely related, and the line connection device 50 can be regarded as information possessed by the user (e.g., a token such as an IC card). According to this embodiment, it is possible to solve the problems with FIDO, such as (1) the utilization of personal biometric information and (2) the ability to register a user as a different person with a service provider, and to realize authentication that can guarantee the legitimacy and authenticity of the user.

Figure 11 is a schematic diagram showing an example of authentication processing by the line connection device 50. The processing shown by symbols P51 to P57 will be described below. In the authentication processing, the grouping information shown in Figure 8 is used.

(P51) The communication device 20 outputs an authentication request to the line connection device 50. The process of P51 corresponds to the process of P13 illustrated in FIG. 10.

The line connection device 50 generates a challenge CH. The challenge CH is, for example, a random number. The generated challenge CH is stored in the secure memory 512.

(P52) The line connection device 50 outputs the generated challenge CH to the communication device 20.

(P53) The communication device 20 generates a key F from the secret shared data x based on the challenge CH.

(P54) The communication device 20 encrypts the secret shared data a and the binary string r with the key F (common key encryption) and outputs the encrypted data to the line connection device 50. To generate the key F, for example, the numerical value included in the challenge CH can be used as a pointer to the binary string r, and the numerical value of the binary string r pointed to by the pointer can be extracted to generate the key F.

(P55) The line connection device 50 generates a key F from the secret shared data x based on the challenge CH, and uses the generated key F to decrypt the encrypted data.

(P56) As a result of the decryption, the line connection device 50 obtains the secret shared data a and the binary string r, and compares the secret shared data a obtained as a result of the decryption with the secret shared data a stored in the secure memory 512, completing the authentication.

In addition, since the line connection device 50 obtains the secret shared data a and the binary string r as a result of the decryption, it may restore the pre-shared data A from the secret shared data a and b and authenticate it.

(P57) The line connection device 50 outputs the authentication result to the communication device 20. The process of P57 corresponds to the process of P15 illustrated in FIG. 10. This proves that the communication device 20 that output the authentication request is a grouped communication device 20, thereby improving the authentication accuracy.

In the above example, the secret shared data a and the binary string r are encrypted and decrypted using the common key F, but this is merely an example and other encryption techniques may be used. For example, public key encryption may be used. In this case, the communication device 20 encrypts the secret shared data a and the binary string r with a public key, and the line connection device 50 can decrypt the secret shared data a and the binary string r with a private key. That is, the communication device 20 encrypts the secret shared data stored therein with the encryption key and outputs it to the line connection device 50, and the line connection device 50 can decrypt and obtain the encrypted secret shared data with the decryption key. The encryption/decryption method may be common key encryption or public key encryption.

Figure 12 is an explanatory diagram showing an example of two-route authentication processing for a communication device 20. References P11 to P16 are the same as in Figure 10, so their explanation will be omitted. Below, the processing indicated by references P17 to P18 will be explained. (P17) The line connection device 50 outputs the authentication result to the line carrier server 30.

(P18) The line carrier server 30 outputs the authentication result to the service provider server 10. In two-route authentication, the service provider server 10 can obtain the authentication result from two routes: the communication device 20 and the line carrier server 30.

As a result, even if there is a fraudulent act such as spoofing due to an attack on the communication between the communication device 20 and the service provider server 10 or an attack on the communication device 20, such fraudulent act can be easily recognized by two-way authentication.

Figure 13 is an explanatory diagram showing an example of one-route authentication processing using user information for communication device 20. Below, the processing indicated by symbols P21 to P29 will be explained. Symbols P21 to P24 are similar to symbols P11 to P14 in Figure 10, so their explanation will be omitted.

(P25) The line connection device 50 outputs a user information request to the line carrier server 30. The user information request is to request the line carrier server 30 to provide user information so that the user information can be included in the authentication result.

(P26) The line carrier server 30 authenticates the line connection device 50. Secret sharing can be used to authenticate the line connection device 50. For example, the line carrier server 30 acquires secret sharing data x (see FIG. 8) that has been pre-stored in the secure memory 512 of the line connection device 50. If the line carrier server 30 can restore the pre-shared data X based on the acquired secret sharing data x and the secret sharing data y that the line carrier server 30 pre-stores, it can authenticate the line connection device 50 as legitimate. This proves that the line connection device 50 is a legitimate line connection device, thereby improving the authentication accuracy.

(P27) The line carrier server 30 extracts the required user information from the line contract DB 35 and outputs the extracted user information to the line connection device 50. The user information includes, for example, all or part of the name, address, sex, date of birth, telephone number, occupation, credit card information, bank account, etc., of the user who uses the communication device 20.

(P28) The line connection device 50 outputs the authentication result, including the user information, to the communication device 20.

(P29) The communication device 20 outputs the authentication result including the user information to the service provider server 10. This makes it possible to provide the necessary user information according to the level of approval accuracy for the service of the service provider. If the authentication is unsuccessful, the communication device 20 may output an error, but can output a dummy authentication result to the service provider server 10 instead of the error. Because an unauthorized user obtains the dummy authentication result, the unauthorized user will not realize that the authentication was unsuccessful, even though it is actually unsuccessful.

Figure 14 is an explanatory diagram showing an example of two-way authentication processing using user information for communication device 20. Below, the processing indicated by symbols P21 to P34 will be explained. Symbols P21 to P28 are the same as symbols P21 to P28 in Figure 13, so their explanation will be omitted.

(P30) The communication device 20 accepts the user's consent to the authentication result. In this case, the authentication result including the user information is displayed on the display panel 25, and the user can check in advance what user information will be provided to the service provider.

(P31) The communication device 20 outputs the authentication result, including the user information, to the service provider server 10.

(P32) The communication device 20 notifies the line connection device 50 that the user information has been approved by the user.

(P33) The line connection device 50 notifies the line carrier server 30 that the user information has been approved by the user.

(P34) The line provider server 30 outputs the authentication result, including the user information, to the service provider server 10.

In two-route authentication, the service provider server 10 can obtain authentication results including user information from two routes: the communication device 20 and the line carrier server 30. As a result, even if there is fraudulent activity such as spoofing due to an attack on the communication between the communication device 20 and the service provider server 10, or an attack on the communication device 20, such fraudulent activity can be easily recognized by two-route authentication.

Figure 15 is an explanatory diagram showing an example of the relationship between the level of approval accuracy of a service provided by a service provider and the authentication result. The levels of the approval system for a service are classified into three levels, for example, high (high level), medium (medium level), and low (low level).

First, a high-level case will be described. Examples of usage scenarios include money transfers, large purchases (e.g., jewelry, cars, houses, etc.), large reservations (e.g., cruises, travel, etc.), large numbers of restaurant reservations, and insurance applications. The authentication results obtained include, for example, the user's detailed address (including years of residence), name, telephone number, date of birth, gender, My Number type, occupation, student, housewife, etc. Although not shown, pension number can also be included. The fee to be charged to the service provider can be determined, for example, according to the amount of user information contained in the authentication result. In addition, a contract must be concluded with the service provider, and it can be determined whether detailed reverse lookup is performed, whether email addresses and nicknames are recorded, and whether a rebate (compensation) is given according to the user's use of the user information.

At the mid-level, usage scenarios include small purchases, checking account balances, making store reservations, logging into an intranet, etc. Compared to the high-level cases, the authentication results obtained are in a form that hides specific personal information to a lesser extent, and include, for example, gender, age, area of residence, general occupation, whether the person is a young adult or a child, phone number, etc. The same is true for the low level.

Compared to FIDO, the user information provided to the service provider contains a lot more information. In the case of FIDO, it is only possible to guarantee that the person being authenticated is the person registered in the authentication device.

As described above, the content of the authentication result output to the service provider device can be made different depending on the approval level of the service provided by the service provider. This makes it possible to provide the necessary user information depending on the level of approval accuracy for the service provided by the service provider.

Figure 16 is a flowchart showing an example of a processing procedure when grouping by the communication device 20. The following processing can be executed by an authentication application, but for convenience, the processing will be described as being performed by the control unit 21. The control unit 21 reads the two-dimensional barcode affixed to the line connection device 50 (S11), and outputs a grouping request to the line connection device 50 (S12).

The control unit 21 acquires a portion of the secret sharing data from the line connection device 50 (S13) and stores the acquired portion of the secret sharing data in the storage unit 24 (S14). The control unit 21 generates identification data (e.g., a binary string such as a random number) for the communication device 20 (S15), outputs the generated identification data to the line connection device 50 (S16), and ends the process.

Figure 17 is a flowchart showing an example of a processing procedure during authentication by the communication device 20. The following processing can be executed by an authentication app, but for convenience, it will be described as being performed by the control unit 21. The control unit 21 outputs a service request to the service provider server 10 (S21) and obtains an approval request from the service provider server 10 (S22).

The control unit 21 outputs an authentication request to the line connection device 50 (S23) and obtains the authentication result from the line connection device 50 (S24). The control unit 21 determines whether or not it is two-path authentication (S25), and if it is two-path authentication (YES in S25), displays the authentication result on the display panel 25 (S26). If it is not two-path authentication (NO in S25), the control unit 21 performs the process of step S28 described below.

The control unit 21 accepts the acceptance of the authentication result (S27). If the control unit 21 accepts the acceptance, it can output a notification of the acceptance to the line connection device 50. The line connection device 50 can output a notification of the acceptance to the line carrier server 30.

The control unit 21 outputs the authentication result to the service provider server 10 (S28) and ends the process. Note that the line provider server 30, which has received the notification of acceptance, can also output the authentication result to the service provider server 10.

Figure 18 is a flowchart showing an example of a processing procedure during authentication by the line connection device 50. The following processing can be executed by the authentication application 511. The authentication application 511 obtains an authentication request from the communication device 20 (S41), and authenticates the communication device 20 based on the grouping information (S42).

The authentication application 511 outputs a user information request to the line carrier server 30 (S43). The line carrier server 30 authenticates the line connection device 50, and the line connection device 50 can obtain the user information from the line carrier server 30.

The authentication application 511 outputs the authentication result including the user information to the communication device 20 (S44). The communication device 20 can output the authentication result including the user information to the service provider server 10. The authentication application 511 determines whether or not the authentication is two-way authentication (S45).

If it is two-route authentication (YES in S45), the authentication application 511 obtains consent of the authentication result from the communication device 20 (S46), outputs the authentication result including the user information to the line carrier server 30 (S47), and ends the process. The line carrier server 30 can output the authentication result including the user information to the service provider server 10. If it is not two-route authentication (NO in S45), the authentication application 511 ends the process.

Figure 19 is a schematic diagram showing a second example of the configuration of an authentication system according to this embodiment. The difference from the first example shown in Figure 1 is that the communication device 20 is a personal computer (PC) or the like that does not use a mobile communication network, and the line connection device 50 is connected to the communication network 1. The operation and functions of the authentication system are similar to those of the first example, and therefore will not be described.

The problem with the method of authenticating with something that the user has (carries) is that, in many cases, a device (such as a one-time password generator) prepared by the site on the Internet to be authenticated is used, but there is a high possibility that the user will forget to carry it or the battery will run out. In addition, when a user uses multiple sites, he or she needs to carry multiple generators, which is not practical. The authentication device used in FIDO authenticates the user by biometric authentication, but if the authentication device is lost, authentication cannot be performed. On the other hand, the line connection device 50 of this embodiment is installed in a managed location such as a home, office, or factory, and is used to connect various devices to a network. It is not moved from the installation location and is in an environment where it cannot be stolen, so the possibility of forgetting to carry it or losing it is extremely low. In addition, there is no need to utilize personal biometric information (biodata) as in FIDO, and it is possible to prevent impersonation of another person. In particular, the line connection device 50 is delivered and installed at the address of the subscriber based on the contract with the line operator (if it is installed at a location other than that specified in the contract, the line connection device will not function), so the name, address, age, etc. of the person to be authenticated can be determined, providing the service operator with reliable information (a function that cannot be realized with FIDO).

The address of the subscriber can be determined by utilizing the personal information at the time of the contract concluded between the line operator and the subscriber. The advantages of utilizing the user information managed by the line operator are as follows. That is, it takes time and costs for a malicious person to register with a service operator under a false name. Since the line connection device 50 installed at the contracted address is accessed during authentication, not only are various settings (e.g., grouping) required at that address in advance, but the address and line connection device 50 must be maintained until the time of authentication and the timing of use. In order to keep the address active, not only is it necessary to pay rent for that period and to make payments to the line operator, but personal information such as the official name must be disclosed to the line operator. For this reason, it can be said that it has a great crime deterrent effect.

Furthermore, in recent years, various services have increasingly started offering student discounts and discount prices according to age. In such cases, the service provider must verify the user's age. According to this embodiment, the authentication result can include the user's age, eliminating the need for the service provider to verify the user's age independently, which can significantly reduce the burden on the service provider.

This embodiment can be used in a variety of fields. Examples include two-factor authentication when using a client, personal authentication when using electronic commerce, member authentication in an organization or company that operates a membership system, user authentication when controlling IT home appliances from outside the home, user authentication for remote control, and personal authentication when opening a bank account. However, the fields of use are not limited to these.

In the authentication method of this embodiment, a communication device outputs an authentication request to a line connection device whose installation location is managed by a line carrier or service provider, the line connection device authenticates the communication device and outputs the authentication result to the communication device, and the communication device outputs the authentication result to a service provider device.

The line connection device of this embodiment includes a registration unit that registers a communication device to be authenticated when a specific operation is triggered at an installation location managed by a line operator or a service operator, a storage unit that stores the registration result by the registration unit, an acquisition unit that acquires an authentication request from the communication device, and an output unit that outputs an authentication result for the service operator to the communication device based on the authentication request acquired by the acquisition unit and the registration result stored in the storage unit.

In the authentication system of this embodiment, the communication device outputs an authentication request to a line connection device whose installation location is managed by a line operator or service provider, the line connection device authenticates the communication device and outputs the authentication result to the communication device, and the communication device outputs the authentication result to a service provider device.

The computer program of this embodiment causes a computer to execute a process that, triggered by a specified operation at an installation location managed by a line carrier or service provider, registers a communication device to be authenticated, stores the registration result in a memory unit, acquires an authentication request from the communication device, and outputs an authentication result for the service provider to the communication device based on the acquired authentication request and the registration result stored in the memory unit.

The computer program of this embodiment causes a computer to execute the following process: acquire a service approval request from a service provider device, output an authentication request corresponding to the acquired approval request to a line connection device whose installation location is managed by the line carrier, acquire an authentication result from the line connection device, and output the acquired authentication result to the service provider device.

The communication device outputs an authentication request to a line connection device whose installation location is managed by a line operator or a service operator. The communication device may be, for example, a communication terminal such as a smartphone, tablet, or personal computer carried by a user, or a device (camera, robot, IoT device, etc.) used in a company (office, factory, etc.). The line operator is a company that provides a line (telephone line, optical fiber, etc.) when a user connects to the Internet, and may also play the role of a provider (connection to the Internet). The line connection device includes, for example, a router, a gateway device, a terminal device, etc. The installation location of the line connection device is managed by the line operator or the service operator. That is, the line operator delivers the line connection device to an individual's home, a company's office, a factory, etc. based on a contract with a subscriber such as an individual or a company. The delivered line connection device is installed in the subscriber's home, office, factory, etc., which is an installation location managed by the line operator. As a result, the line connection device can function as a "thing" that can determine user information specified by the contract contents, including the user's name and address.

When the line connection device receives an authentication request, it authenticates the communications device and outputs the authentication result to the communications device. By having the line connection device authenticate the communications device, the user using the communications device can be linked to user information determined by the installed line connection device. This makes it possible to determine the user's name, address, etc. using the line connection device, thereby ensuring the legitimacy of the user. By having the communications device output the authentication result to the service provider device, authentication that ensures the legitimacy of the user can be realized.

In the authentication method of this embodiment, the communication device and the line connection device are connected using a secret communication path.

The communication device and the line-connected device are connected using a secret communication path. For example, an Internet VPN (Virtual Private Network) can be used as the secret communication path. This improves the security of the communication between the communication device and the line-connected device, and allows the line-connected device to be accessed via the Internet.

In the authentication method of this embodiment, when the line connection device registers a communication device to be authenticated, a portion of the secret shared data obtained by secretly sharing predetermined data is stored in the communication device, and when the authentication request is obtained, the secret shared data stored in the communication device that output the authentication request is obtained, and the communication device is authenticated based on a comparison with the predetermined data.

When the line connection device registers the communication device to be authenticated, it stores a portion of the secret shared data obtained by secretly sharing the specified data in the communication device. Registration of the communication device means a grouping process in which the line connection device is the parent device and the communication device is the child device, and both devices recognize the parent/child relationship. The specified data before secret sharing is A, and the secret shared data is a and b. Secret sharing involves dividing the data A before sharing into multiple pieces of data a and b while encrypting it. The line connection device stores the secret shared data a and b in advance, and when grouping with the communication device (when registering), it can output, for example, one of the secret shared data a to the communication device and store it in the communication device.

When the line connection device receives an authentication request from a communication device, it obtains the secret sharing data a stored in the communication device that output the authentication request, and can authenticate the communication device based on a comparison between the obtained secret sharing data a and the stored secret sharing data b. This proves that the communication device that output the authentication request is a grouped communication device, thereby improving the accuracy of authentication.

In the authentication method of this embodiment, the communication device may encrypt the secret sharing data stored therein with an encryption key and output the encrypted secret sharing data to the line connection device, and the line connection device may obtain the encrypted secret sharing data by decrypting it with a decryption key.

The authentication method of this embodiment starts the registration of the communication device to be authenticated when a specific operation on the line connection device is triggered.

The specified operation on the line connection device may be an operation that can be performed at the location where the line connection device is installed. For example, it may include an operation to optically read a label such as a two-dimensional barcode attached to the line connection device, or an operation on a switch or button provided on the line connection device. This ensures that the user performing the operation is present at the location where the line connection device is installed. In other words, since a malicious person who is not at the location where the line connection device is installed cannot perform unauthorized grouping processing, authentication accuracy can be improved.

The authentication method of this embodiment may register the communication device to be authenticated to the line connection device via predetermined shared data (e.g., grouping information).

In the authentication method of this embodiment, when registering a communication device to be authenticated, user information that identifies the user of the communication device may be stored and used.

In the authentication method of this embodiment, the line connection device acquires location information of the communication device to be authenticated, and registers the communication device to be authenticated based on whether the acquired location information is within a specified range from the installation location.

The line connection device can obtain location information of the communication device to be authenticated by utilizing the GPS function of the communication device. The line connection device can register the communication device to be authenticated based on whether the obtained location information is within a specified range from the installation location of the line connection device. This makes it possible to ensure that the user performing the grouping is present at the installation location of the line connection device. In other words, since a malicious person who is not at the installation location of the line connection device cannot perform the grouping process fraudulently, the accuracy of authentication can be improved.

In the authentication method of this embodiment, user information related to the user who uses the communication device and associated with the installation location is stored in the line carrier device, and the line connection device outputs the authentication result including the user information acquired from the line carrier device to the communication device.

The line carrier device stores user information about users who use communication devices. The user information is information provided by the user to the line carrier according to a line contract between the line carrier and the user, and is associated with the location where the line-connected device is installed. The user information may include, for example, the user's name, address, gender, date of birth, telephone number, occupation, credit card information, bank account, etc.

The line carrier device outputs the authentication result, including the user information acquired from the line carrier device, to the communication device. The communication device can output the authentication result, including the user information, to the service provider device. This makes it possible to provide the necessary user information according to the level of approval accuracy for the service of the service provider.

In the authentication method of this embodiment, user information includes the user's address, gender, date of birth, and telephone number.

In the authentication method of this embodiment, a portion of the secret shared data obtained by secretly sharing specified data is stored in the line connection device, and the remainder of the secret shared data is stored in the line carrier device, and the line carrier device acquires the portion of the secret shared data stored in the line connection device and authenticates the line connection device based on whether or not the specified data can be restored.

Let X be the specified data before secret sharing, and x and y be the secret shared data. The line connection device stores the secret shared data x in advance, and the line carrier device stores the secret shared data y in advance.

The line carrier device acquires secret shared data x from the line connection device, and determines whether or not it is possible to restore the specified data X using the acquired secret shared data x and the stored secret shared data y, thereby authenticating the line connection device. This proves that the line connection device is a legitimate line connection device, thereby improving the accuracy of authentication.

In the authentication method of this embodiment, the line connection device outputs the authentication result of the communication device to the line carrier device, and the line carrier device outputs the authentication result to the service provider device.

The line connection device outputs the authentication result of the communication device to the line carrier device. The line carrier device outputs the authentication result to the service provider device. This makes it possible to perform two-route authentication for the service provider device, with one route for outputting the authentication result from the communication device and the other route for outputting the authentication result from the line carrier device. Even if fraudulent acts such as spoofing occur due to attacks on the communication between the communication device and the service provider device, or attacks on the communication device, two-route authentication makes it easy to recognize such fraudulent acts.

In the authentication method of this embodiment, the line carrier device notifies the communication device of the authentication result via the line connection device, and after the user of the communication device accepts the authentication result, outputs the authentication result to the service provider device.

When the line carrier device outputs the authentication result to the service provider device, it notifies the communication device of the authentication result in advance and obtains consent from the user of the communication device. This allows the user to check in advance what kind of authentication result will be provided to the line carrier device by the line carrier device.

The authentication method of this embodiment varies the content of the authentication result output to the service provider device depending on the approval level of the service provided by the service provider.

The contents of the authentication result output to the service provider device can be made different depending on the approval level of the service provided by the service provider. This makes it possible to provide the necessary user information depending on the level of approval accuracy for the service provided by the service provider.

In the authentication method of this embodiment, the line connection device is installed at a location with a specified address.

In the authentication method of this embodiment, if authentication is not successful, the communication device may output a dummy authentication result to the service provider device.

REFERENCE SIGNS LIST 1 Communication network 2, 3 Secret communication path 10 Service provider server 20 Communication device 21 Control unit 22 Communication unit 23 Secret communication unit 24 Memory unit 25 Display panel 26 Operation unit 27 Reading unit 30 Line provider server 31 Control unit 32 Communication unit 33 Secret communication unit 34 Memory unit 35 Line contract DB
36 Authentication unit 50 Line connection device 51 Trusted execution environment 511 Authentication application 511a Secret communication processing unit 511b Grouping processing unit 511c Authentication processing unit 512 Secure memory 513 Secure OS
52 Normal implementation environment 521 Normal application 522 Memory 523 Normal OS
53 Execution environment providing unit 54 CPU
55 Network communication section

Claims (19)

The communication device outputs an authentication request to a line connection device whose installation location is managed by the line carrier or the service provider,
The line connection device authenticates the communication device and outputs the authentication result to the communication device;
The line connection device,
At the time of registering a communication device to be authenticated, a part of secret shared data obtained by secretly sharing predetermined data is stored in the communication device;
When receiving the authentication request, the secret sharing data stored in the communication device which has output the authentication request is obtained, and the communication device is authenticated based on a comparison with the predetermined data;
The communication device outputs the authentication result to a service provider device.
Authentication method. The communication device and the line connection device are connected using a secret communication path.
The authentication method according to claim 1 . The communication device includes:
Encrypt the secret sharing data stored in itself with an encryption key and output the encrypted data to the line connection device;
The line connection device is
Decrypting the encrypted secret sharing data with a decryption key to obtain the data.
The authentication method according to claim 1 . A registration of a communication device to be authenticated is started by using a predetermined operation on the line connection device as a trigger.
The authentication method according to any one of claims 1 to 3. registering a communication device to be authenticated with the line connection device via predetermined shared data;
The authentication method according to any one of claims 1 to 4 . When registering a communication device to be authenticated, user information that identifies a user of the communication device is stored.
The authentication method according to any one of claims 1 to 5 . The line connection device,
Obtain location information of the communication device to be authenticated,
registering the communication device to be authenticated based on whether the acquired location information is within a predetermined range from the installation location;
The authentication method according to any one of claims 1 to 6 . storing user information related to a user who uses the communication device and associated with the installation location in a line carrier device;
the line connection device outputs the authentication result, including the user information acquired from the line carrier device, to the communication device;
The authentication method according to any one of claims 1 to 7 . The user information includes the user's address, gender, date of birth, and telephone number.
The authentication method according to claim 8 . storing a part of secret shared data obtained by secretly sharing predetermined data in the line connection device;
storing the remainder of the secret sharing data in the line carrier device;
The line carrier device,
acquiring a part of the secret shared data stored in the line connection device, and authenticating the line connection device based on whether the data can be restored to the predetermined data;
The authentication method according to claim 8 or 9 . The line connection device outputs the authentication result of the communication device to the line carrier device,
The line carrier device outputs the authentication result to the service provider device.
The authentication method according to any one of claims 8 to 10 . The line carrier device,
notifying the communication device of the authentication result via the line connection device;
After the user of the communication device agrees with the authentication result, the authentication result is output to a service provider device.
The authentication method according to claim 11 . varying the contents of the authentication result to be output to the service provider device according to the approval level of the service of the service provider;
An authentication method according to any one of claims 1 to 12 . The line connection device is installed at a location with a specified address.
An authentication method according to any one of claims 1 to 13 . The communication device includes:
If the authentication is not successful, a dummy authentication result is output to the service provider device.
An authentication method according to any one of claims 1 to 14 . a registration unit that registers a communication device to be authenticated when a predetermined operation is triggered at an installation location managed by a line carrier or a service provider;
a storage unit that stores a registration result by the registration unit;
an acquisition unit that acquires an authentication request from a communication device;
an output unit that outputs an authentication result for the service provider to the communication device based on the authentication request acquired by the acquisition unit and the registration result stored in the memory unit. The communication device outputs an authentication request to a line connection device whose installation location is managed by the line carrier or the service provider,
The line connection device authenticates the communication device and outputs the authentication result to the communication device;
The line connection device stores a part of secret sharing data obtained by secretly sharing predetermined data in the communication device at the time of registering the communication device to be authenticated,
When the line connection device receives the authentication request, the line connection device receives the secret sharing data stored in the communication device which has output the authentication request, and performs authentication of the communication device based on a comparison with the predetermined data;
The communication device outputs the authentication result to a service provider device.
Authentication system. On the computer,
A communication device to be authenticated is registered in response to a predetermined operation at an installation location managed by a line carrier or a service provider,
The registration result is stored in a storage unit.
Obtaining an authentication request from the communication device;
outputting, to the communication device, an authentication result for the service provider based on the acquired authentication request and the registration result stored in the storage unit;
A computer program that executes a process. A computer program that operates on a communication device,
On the computer,
At the time of registering the communication device to be authenticated, a part of secret sharing data obtained by secretly sharing predetermined data is stored by a line connection device;
Obtaining an approval request for the service from the service provider device;
An authentication request corresponding to the obtained authorization request is output to a line connection device whose installation location is managed by the line carrier;
When the line connection device receives the authentication request, the line connection device receives the secret sharing data stored in the communication device which output the authentication request, and receives an authentication result of the communication device based on a comparison with the predetermined data from the line connection device;
outputting the obtained authentication result to the service provider device;
A computer program that executes a process.

Images