JP2009116454A - User authentication method, access terminal device, program, and recording medium - Google Patents

Abstract

In authentication technology, high convenience is realized while suppressing impersonation of a legitimate user.
[Solution]
First information corresponding to each persona identifier of each user is stored in a persona selection device shared for each persona identifier, and second information corresponding to a certain user is accessed separately from the persona selection device. Stored in the terminal device. Then, the persona selection device transmits the first information corresponding to the authentication target persona identifier which is a certain persona identifier of the certain user to the access terminal device, and the access terminal device transmits the transmitted first information. And information determined by certain second information stored in the access terminal device, and outputs the information as authentication information corresponding to the authentication target persona identifier, and the authentication target persona identifier and the authentication information are sent to the authentication device. Send.
[Selection] Figure 9

Description

  The present invention relates to a user authentication technique for performing user authentication, and more particularly to a user authentication technique having a spoofing prevention function.

When using a Web site that requires user authentication, the user normally accesses the authentication device on the network using an access terminal device, transmits authentication information to the authentication device, and the user from the authentication device. Authentication must be received (for example, refer nonpatent literature 1).
In some cases, a user uses a plurality of persona identifiers and uses a Web site by performing user authentication as an independent subject (persona) for each persona identifier. In this case, the user must manage authentication information for each persona identifier.
OASIS (Organization for the Advancement of Structured Information Standards), “Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML)”, [online], May 31, 2002, [searched September 7, 2007] , Internet <URL: http://www.oasis-open.org/committees/security/#documents>

  As described above, in a general authentication method, an access terminal device accesses an authentication device through a network, shows authentication information to the authentication device, and receives authentication from the authentication device. However, it is troublesome for the user to input authentication information to the access terminal device every time authentication processing is performed. A simple technique for solving such a problem is to store authentication information in the access terminal device in advance. However, when such an access terminal device can be used by a plurality of persons, a person who can use the access terminal device can easily become a legitimate user.

  Therefore, the authentication information is stored only in the permission terminal device such as a mobile phone possessed by the user, the permission terminal device transfers the authentication information to the access terminal device, and the access terminal device stores the authentication information. A method of receiving user authentication by transmitting to an authentication device is conceivable. However, in the case of this method, the user must manage and operate the permission terminal device, which is not convenient. In particular, when a user uses a plurality of persona identifiers and uses a plurality of personas to perform user authentication, management and operation of the permission terminal device becomes even more complicated.

  Therefore, the authentication information corresponding to each persona identifier is stored together in the persona selection device, the persona selection device forwards the authentication information to the access terminal device, and the access terminal device passes this authentication information to the authentication device. A method of transmitting and receiving user authentication can be considered. However, in this case, it becomes possible for the administrator of the persona selection device to become a legitimate user.

  The present invention has been made in view of these points, and an object of the present invention is to provide a user authentication technique capable of realizing high convenience while suppressing impersonation of a legitimate user.

  In the present invention, in order to solve the above-described problem, first information corresponding to each persona identifier of each user is stored in a storage unit of a persona selection device shared by each persona identifier (first information storage process). ), Second information corresponding to a certain user is stored in a storage unit of an access terminal device different from the persona selection device (second information storage process). Then, when the first information request information is transmitted from the access terminal device, the transmission unit of the persona selection device corresponds to at least the authentication target persona identifier that is one persona identifier of the certain user. The first information is transmitted to the access terminal device (first information transmission process), and the authentication information generation unit of the access terminal device transmits the first information transmitted in the first information transmission process and the access terminal device. Information determined by a certain second information stored in the storage unit of the ID, and outputs the information as authentication information corresponding to the persona identifier to be authenticated (authentication information generation process), and the transmission unit of the access terminal device Transmits the authentication target persona identifier and the authentication information to the authentication device (authentication information transmission process).

  Here, only the first information stored in the storage unit of the persona selection device cannot be used as authentication information. For this reason, the administrator of the persona selection device cannot impersonate a legitimate user. Further, only the second information stored in the storage unit of the access terminal device cannot be used as authentication information. Therefore, impersonation by a person other than a legitimate user can be suppressed.

  As described above, with the authentication technique of the present invention, high convenience can be realized while suppressing impersonation of a legitimate user.

The best mode for carrying out the present invention will be described below with reference to the drawings.
[First Embodiment]
First, a first embodiment of the present invention will be described.
<Configuration>
FIG. 1 is a diagram illustrating a configuration of an authentication system 1 according to the first embodiment. 2A is a block diagram showing the configuration of the authorization device 10 of FIG. 1, and FIG. 2B is a block diagram showing the configuration of the persona selection device 20 of FIG. FIG. 3 is a block diagram showing the configuration of the access terminal device 30 of FIG. 4A is a block diagram showing the configuration of the authentication device 40 in FIG. 1, and FIG. 4B is a block diagram showing the configuration of the service providing device 50 in FIG.

  As shown in FIG. 1, the authentication system 1 of this embodiment includes an authorization device 10, a persona selection device 20, an access terminal device 30, an authentication device 40, and a service providing device 50, which are Communication is possible through the network 60. For simplification of explanation, FIG. 1 shows the authorization device 10, the persona selection device 20, the access terminal device 30, the authentication device 40, and the service providing device 50 one by one. There may be a configuration in which a plurality of some devices exist.

  As illustrated in FIG. 2A, the authorization device 10 of the present embodiment includes a communication processing unit 11a, a permission / certification certificate generation unit 11b, a control unit 11c, a storage unit 12a, a temporary memory 12b, It has a transmission unit 13a and a reception unit 13b.

  Here, the authorization device 10 of this embodiment is configured by reading a predetermined program into a known computer having a CPU (central processing unit), a RAM (random access memory), a communication device, and the like. The communication processing unit 11a, the permission / certification certificate generation unit 11b, and the control unit 11c are configured by reading a predetermined program into the CPU, and the storage unit 12a and the temporary memory 12b are a hard disk, a RAM, a register, and a cache memory. Or a storage area in which at least a part of them is combined. Furthermore, the transmission part 13a and the reception part 13b are comprised by the communication apparatus etc. which are driven by control of CPU. Specific examples of hardware constituting the authorization device 10 include a server device, a personal computer having a connection standby function, a mobile phone, a PDA (personal digital assistant), and the like. The authorization device 10 according to the present embodiment executes each process according to the control of the control unit 11c.

  Further, as illustrated in FIG. 2B, the persona selection device 20 of this embodiment includes a communication processing unit 21a, an identifier management unit 21b, a login verification unit 21c, a control unit 21d, a storage unit 22a, A temporary memory 22b, a transmitter 23a, and a receiver 23b are included.

  Here, the persona selection device 20 of this embodiment is configured by reading a predetermined program into a known computer having a CPU, a RAM, a communication device, and the like. The communication processing unit 21a, the identifier management unit 21b, the login verification unit 21c, and the control unit 21d are configured by reading a predetermined program into the CPU, and the storage unit 22a and the temporary memory 22b include a hard disk, a RAM, a register, It is configured by a cache memory or the like, or a storage area that combines at least a part of these. Furthermore, the transmission part 23a and the reception part 23b are comprised by the communication apparatus etc. which are driven by control of CPU. In addition, as a specific example of hardware constituting the persona selection device 20, a server device, a connection standby function (a function for establishing a connection with the device in response to a connection request transmitted from a device that has not established a connection) Examples include a personal computer, a mobile phone, and a PDA. In addition, the persona selection apparatus 20 of this form performs each process according to control of the control part 21d.

  As illustrated in FIG. 3, the access terminal device 30 according to the present embodiment includes a communication processing unit 31a, a key pair generation unit 31b, a permission authorization target information generation unit 31c, a login authentication information generation unit 31d, The authentication information generation unit 31e, the control unit 31f, the storage unit 32a, the temporary memory 32b, the transmission unit 33a, the reception unit 33b, the input unit 34a, and the output unit 34b.

  Here, the access terminal device 30 of this embodiment is configured by reading a predetermined program into a known computer having a CPU, RAM, communication device, and the like. The communication processing unit 31a, the key pair generation unit 31b, the authorization authorization target information generation unit 31c, the login authentication information generation unit 31d, the authentication information generation unit 31e, and the control unit 31f are read by a predetermined program being read into the CPU. The storage unit 32a and the temporary memory 32b are configured by a hard disk, a RAM, a register, a cache memory, or the like, or a storage area in which at least a part of these is combined. Furthermore, the transmission unit 33a and the reception unit 33b are configured by a communication device or the like that is driven by the control of the CPU. Further, specific examples of hardware constituting the access terminal device 30 include a server device, a personal computer, a mobile phone, a PDA, and the like. Note that this embodiment is also applicable when the access terminal device 30 does not have a connection standby function. Further, the access terminal device 30 according to the present embodiment executes each process according to the control of the control unit 31f.

  Also, as illustrated in FIG. 4A, the authentication device 40 of this embodiment includes a communication processing unit 41a, an authentication information verification unit 41b, an authentication result information generation unit 41c, a control unit 41d, and a storage unit 42a. A temporary memory 42b, a transmitter 43a, and a receiver 43b.

  Here, the authentication device 40 of this embodiment is configured by reading a predetermined program into a known computer having a CPU, a RAM, a communication device, and the like. The communication processing unit 41a, the authentication information verification unit 41b, the authentication result information generation unit 41c, and the control unit 41d are configured by reading a predetermined program into the CPU, and the storage unit 42a and the temporary memory 42b are a hard disk , RAM, register, cache memory, or the like, or a storage area that combines at least a part of these. Furthermore, the transmission unit 43a and the reception unit 43b are configured by a communication device or the like that is driven by the control of the CPU. Further, specific examples of hardware configuring the authentication device 40 include a server device, a personal computer having a connection standby function, a mobile phone, a PDA, and the like. Note that the authentication device 40 of the present embodiment executes each process according to the control of the control unit 41d.

  Also, as illustrated in FIG. 4B, the service providing apparatus 50 according to the present embodiment includes a communication processing unit 51a, an authentication result information verification unit 51b, a control unit 51c, a storage unit 52a, and a temporary memory 52b. , A transmission unit 53a and a reception unit 53b.

  Here, the service providing apparatus 50 according to the present embodiment is configured by reading a predetermined program into a known computer including a CPU, a RAM, a communication apparatus, and the like. The communication processing unit 51a, the authentication result information verification unit 51b, and the control unit 51c are configured by reading a predetermined program into the CPU. The storage unit 52a and the temporary memory 52b include a hard disk, a RAM, a register, and a cache. It is configured by a memory or the like, or a storage area that combines at least a part of these. Furthermore, the transmission part 53a and the reception part 53b are comprised by the communication apparatus etc. which are driven by control of CPU. Moreover, a server apparatus etc. can be illustrated as a specific example of the hardware which comprises the service provision apparatus 50. FIG. The service providing apparatus 50 according to the present embodiment executes each process according to the control of the control unit 51c.

<Registration process>
First, the registration process will be described.
In this embodiment, a user identifier is assigned to each user, and one or more persona identifiers are assigned to each user identifier. In addition, an independent IdP key (corresponding to “first information”) is set for each persona identifier of the present embodiment. Furthermore, an independent master password (corresponding to “second information”) is set for each user identifier. A public key encryption key pair (secret key SK1, public key PK1) is set for the authorization device 10, and a public key encryption key pair (secret key SK3, public key PK3) is set for the authentication device 40. ) Is set.

  In the storage unit 12a of the authorization device 10, an IdP key (corresponding to “first information”) for each persona identifier, a secret key SK1 of the authorization device 10, and an address (such as an IP address) of the persona selection device 20 And are stored. The transmission unit 13a of the authorization device 10 uses the persona selection device 20 (FIG. 2 (b)) to share the IdP key (corresponding to “first information”) for each persona identifier via the network 60 at an arbitrary timing. ).

  In addition, the storage unit 22a of the persona selection device 20 (FIG. 2B) stores a user identifier, a persona identifier, and an IdP key ("first information") transmitted from the authorization device 10 in a corresponding relationship. Are stored in association with each other (first information storage process). The public key PK1 of the authorization device 10 is stored in the storage unit 22a of the persona selection device 20 (FIG. 2B).

  Further, in the storage unit 32a of the access terminal device 30 (FIG. 3), a user identifier, an address of the authorization device 10 (authorization device address), an address of the persona selection device 20 (persona selection device address), The address of the authentication device 40 (authentication device address) is stored.

In addition, in the storage unit 42a of the authentication device 40, there is a persona identifier, an IdP key (corresponding to “first information”), and a master password (corresponding to “second information”) that are in correspondence with each other. Stored in association. Further, the secret key SK3 of the authentication device 40 is stored in the storage unit 42a of the authentication device 40.
Further, the public key PK3 of the authentication device 40 is stored in the storage unit 52a of the service providing device 50 (FIG. 4B).

<Authorization process>
Next, an authorization process for the access terminal device 30 to use the authentication system 1 of this embodiment will be described. Unless otherwise specified, each data in each calculation process is stored in the temporary memory of each device one by one and used in the subsequent calculation processes (the same applies to each embodiment).

6 and 7 are flowcharts for explaining the authorization processing of the first embodiment.
First, the key pair generation unit 31b of the access terminal device 30 (FIG. 3) generates a key pair (secret key SK2, public key PK2) of a public key cryptosystem (RSA, elliptical RSA, etc.) and stores them. 32a is stored (step S1). Next, the input unit 34a receives an input of a device identifier, and the input device identifier is stored in the storage unit 32a (step S2). Next, the communication processing unit 31a reads the device identifier from the storage unit 32a, and the transmission unit 43 transmits the device identifier (step S3). This transmission is performed as, for example, an HTTP request.

  The transmitted device identifier is sent to the persona selection device 20 through the network 60, and the reception unit 23b of the persona selection device 20 (FIG. 2B) receives this and sends it to the identifier management unit 21b. The identifier management unit 21b confirms whether the transmitted device identifier is usable (whether the same device identifier as the transmitted device identifier is already stored in the storage unit 22a) (step S5). And the confirmation result information which shows the confirmation result is sent to the transmission part 23a, and the transmission part 23a transmits it to the terminal device 30 for access via the network 60 (step S6). This transmission is performed as, for example, an HTTP response.

  The confirmation result information is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) and sent to the permission / authorization object information generating unit 31c. The permission / authorization object information generation unit 31c refers to the sent confirmation result information and confirms whether the device identifier input in step S2 is usable (step S8). If the device identifier input in step S2 is not usable, the process returns to step S2. If the device identifier input in step S2 is usable, the permission / authorization object information generating unit 31c determines that the public key PK2 is “Permission approval target information”, which is information necessary to create a certificate that proves that the access terminal device 30 belongs, is generated. In this embodiment, the permission / authorization object information generation unit 31c reads the public key PK2 and the device identifier from the storage unit 32a, and generates permission / authorization object information including the public key PK2 and the device identifier. However, this is merely an example, and the function value obtained by substituting the public key PK2 into a predetermined function (for example, a one-way function such as a hash function) and the device identifier of the access terminal device 30 may be used as the permission certification target information.

  The generated authorization authorization target information is sent to the transmission unit 33a together with the user identifier read from the storage unit 32a by the communication processing unit 31a, and the transmission unit 33a transmits these to the authorization device 10 via the network 60 ( Step S10). The transmitted user identifier and permission authorization target information are received by the receiving unit 13b of the authorization device 10 (FIG. 2A) (step S11) and sent to the permission certification certificate generating unit 11b. The authorization certificate generation unit 11b reads the secret key SK1 of the authorization device 10 from the storage unit 12a, and generates an authorization certificate that is an electronic certificate of the authorization target information using the secret key SK1 (step S12). ). The authorization certificate is an electronic signature of the authorization certification target information generated using the secret key SK1, and the authorization certification target information and the ciphertext of the authorization certification target information generated using the secret key SK1 including. Examples of digital signature schemes include known signature schemes such as RSA signatures, ElGamal signatures, and DSA signatures. The same applies to other electronic signatures described below.

  The user identifier and the generated authorization certificate are transmitted to the transmission unit 13a, and the transmission unit 13a transmits the user identifier and the authorization certificate to the persona selection device 20 via the network 60 (step S13). The transmitted user identifier and authorization certificate are received by the receiving unit 23b of the persona selection device 20 (FIG. 2B) (step S14) and sent to the communication processing unit 21a. The communication processing unit 21a selects a user identifier that matches the transmitted user identifier from the storage unit 22a, and associates the selected authorization identifier with the authorization certificate and the device identifier included in the authorization certificate. And stored in the storage unit 22a (step S15).

  Next, the communication processing unit 31a of the access terminal device 30 (FIG. 3) reads a usable device identifier from the storage unit 32a, generates a permission authorization certificate request including the device identifier, and sends the request to the transmission unit 33a. . The transmission unit 33a transmits the permission certificate request to the persona selection device 20 via the network 60 (step S16). This transmission is performed as, for example, an HTTP request.

  The transmitted authorization certificate request is received by the receiving unit 23b of the persona selection device 20 (FIG. 2B) (step S17) and sent to the communication processing unit 21a. The communication processing unit 21a searches the storage unit 22a using the device identifier included in the transmitted permission authorization certificate request, and extracts the permission authorization certificate associated with the device identifier that matches the device identifier. The data is sent to the transmission unit 23a. The transmission unit 23a transmits this permission certificate to the access terminal device 30 via the network 60 (step S18). This transmission is performed as, for example, an HTTP response. The transmitted authorization certificate is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) (step S19) and sent to the communication processing unit 31a. The communication processing unit 31a stores the sent authorization certificate in the storage unit 32a (step S20).

  In the authorization process of this embodiment, the authorization certificate generated by the authorization device 10 is stored in the persona selection device 20, and the access terminal device 30 accesses the persona selection device 20 and acquires the authorization certificate. To do. By mediating the persona selection device 20 in this way, the authorization device 10 can send the authorization certificate to the access terminal device 30 even when the access terminal device 30 does not have a connection standby function. .

  5A and 5B show the device identifier, the user identifier, the persona identifier, the IdP key (first information), and the authorization certificate that are associated with each other in the storage unit 22a of the persona selection device 20 in the process so far. It is the figure which illustrated the relationship. In this example, the two tables shown in FIGS. 5A and 5B are used, and the association is performed through the user identifier. In the table (persona management table) of FIG. 5A, the persona identifier and attribute information (name, telephone number, etc.) of each persona, the user identifier, and the IdP key (first information) are associated with each other. In the table (device management table) of FIG. 5B, the device identifier of the registered device, the device name, the user identifier registered for the device, and the permission setting certificate correspond to each other. Attached.

  FIG. 5C shows a persona identifier, an IdP key (first information), a master password (second information) associated with the storage unit of the authentication device 40 (FIG. 4A) in the process so far. It is the figure which illustrated the relationship. In this example, a persona identifier, an IdP key (first information), and a master password (second information) are associated with one table.

<Authentication process>
Next, the authentication procedure of this embodiment will be described.
8 and 9 are flowcharts for explaining the authentication processing of the first embodiment. Hereinafter, the authentication processing of this embodiment will be described with reference to these drawings.
First, the address of the service providing device 50 is input to the input unit 34a of the access terminal device 30 (FIG. 3) and sent to the communication processing unit 31a. The communication processing unit 31a generates service request information having headers of the address of the service providing device 50 and the address of the access terminal device 30 that have been sent, and transmits them to the service providing device 50 (step S31). This transmission is performed as, for example, an HTTP request.

  This service request information is received by the receiving unit 53b of the service providing apparatus 50 (FIG. 4B) and sent to the communication processing unit 51a. Receiving this, the communication processing unit 51a generates authentication request information, and transmits it from the transmission unit 53a to the access terminal device 30 via the network (step S33). This transmission is performed as, for example, an HTTP response.

  This authentication request information is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) and sent to the communication processing unit 31a. In response to this, the login authentication information generation unit 31d generates login authentication information for logging in to the persona selection device 20. In the example of this embodiment, login processing is performed by SSL (Secure Socket Layer) client authentication. In this example, the login authentication information generation unit 31d reads the secret key SK2 from the storage unit 32a, the random number generation unit generates a random number R, and the hash calculation unit generates a hash value H (R) of the random number R. Then, the encryption unit generates a ciphertext En (SK2, H (R)) obtained by encrypting the hash value H (R) using the secret key SK2. The login authentication information generation unit 31d further reads the authorization certificate from the storage unit 32a, and generates login authentication information including the ciphertext En (SK2, H (R)), the random number R, and the authorization object information. .

  The generated login authentication information is sent to the transmission unit 33a together with the persona selection device address read from the storage unit 32a. The transmission unit 33a transmits the login authentication information having the header of the persona selection device address and the address of the access terminal device 30 to the persona selection device 20 via the network 60 (step S35). This transmission is performed as, for example, an HTTP request.

  The transmitted login authentication information is received by the receiving unit 23b of the persona selection device 20 (FIG. 2B) (step S36) and sent to the login verification unit 21c. The login verification unit 21c uses the public key PK1 read from the storage unit 22a to verify the authorization certificate included in the sent login authentication information (step S37). Specifically, for example, the login verification unit 21c uses the public key PK1 to decrypt the ciphertext included in the permission certification certificate to obtain the permission certification target information, and the authorization certification included in the permission certification certificate. Verify whether it matches the target information. If this verification is successful, the login verification unit 21c verifies the login authentication information by using the public key PK2 (provided with permission authorization target information) provided in the authorization certificate (step S38). For example, the decryption unit of the login verification unit 21c decrypts the ciphertext En (SK2, H (R)) included in the login authentication information to obtain the hash value H (R), and the hash calculation unit of the login verification unit 21c However, the hash value H (R) of the random number R included in the login authentication information is calculated, and the comparison unit of the login verification unit 21c verifies whether or not these hash values match. If the authorization object information does not have the public key PK2, but instead has a function value obtained by substituting the public key PK2 into a predetermined function, the public key PK2 is restored from the function value, or separately The public key PK2 needs to be sent to the login verification unit 21c.

  If the verification fails, the process ends with an error (step S39). On the other hand, when the verification is successful, the communication processing unit 21a reads all persona identifiers associated with the same device identifier as the device identifier included in the authorization certificate of the login authentication information from the storage unit 22a. Then, a persona list including information respectively corresponding to these persona identifiers is generated. As an example of the persona list, a list of persona identifiers corresponding to each persona identifier can be listed, and a list of selectable persona identifiers by selecting a persona name can be exemplified. The generated persona list is sent to the transmission unit 23a, and the transmission unit 23a transmits the persona list to the access terminal device 30 via the network 60 (step S40). This transmission is performed as, for example, an HTTP response.

  This personalist is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) (step S41) and output from the output unit 34b. A user who uses the access terminal device 30 refers to the persona list output from the output unit 34b, selects a desired persona, and selects information indicating the selection result (for example, a persona identifier of the selected persona). Information) is input to the input unit 34a (step S42). The input selection information is sent to the transmission unit 33a together with the persona selection device address read from the storage unit 32a. The transmitter 33a transmits selection information (corresponding to “first information request information”) having the header of the persona selection device address and the address of the access terminal device 30 to the persona selection device 20 via the network 60 (step S43). ). This transmission is performed as, for example, an HTTP request.

  The transmitted selection information is received by the receiving unit 23b of the persona selection device 20 (FIG. 2B) (step S44) and sent to the communication processing unit 21a. The communication processing unit 21a extracts, from the storage unit 22a, an IdP key (first information) corresponding to the selected persona identifier (corresponding to “authentication target persona identifier”) specified by the selection information (step S45). The data is sent to the transmission unit 33a. The transmitter 33a transmits the IdP key (first information) to the access terminal device 30 via the network 60 (first information transmission process / step S46). This transmission is performed as, for example, an HTTP response.

  The transmitted IdP key (first information) is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) (step S47) and stored in the storage unit 32a. Further, the input unit 34a accepts input of a master password (second information) by the user, and the input master password (second information) is stored in the storage unit 32a (second information storage process / step S48). Next, the authentication information generation unit 31e reads the IdP key (first information) and the master password (second information) from the storage unit 32a, generates information determined by these, and selects the selected persona identifier ( (Corresponding to “personal identifier to be authenticated”) is output as authentication information (authentication information generation process / step S49). The authentication information generation unit 31e of the present embodiment substitutes the function value [F (IdP key (first 1 information), master password (second information))] is output as authentication information corresponding to the selected persona identifier (corresponding to “personal identifier to be authenticated”).

  Here, the master password (second information) is information set for each user. Therefore, a third party can guess that different personas belong to the same user when the master password (second information) is the same. Therefore, it is desirable that the master password (second information) cannot be restored from the authentication information from the viewpoint of protecting the privacy of the persona. In this embodiment, since authentication information is generated using a one-way function, even if the authentication information is acquired by a third party, the third party cannot restore the master password (second information) from the authentication information. This can protect the privacy of personas.

The variation of the authentication information of this form is illustrated below.
[Variation 1]
In variation 1, the function value [F (IdP key (first information) obtained by substituting the bit combination value of the IdP key (first information) and the master password (second information) into the one-way function F]. ) | Master password (second information))] is the authentication information corresponding to the persona identifier to be authenticated. Α | β means bit combination of α and β, but it does not limit the bit connection position of α and β, bit combination that combines β after α, bit that combines α after β This is a concept including coupling, bit coupling in which each bit of α and each bit of β are coupled alternately. As F, a hash function such as SHA-1 can be used.

[Variation 2]
In variation 2, the function value obtained by substituting the exclusive OR of the IdP key (first information) and the master password (second information) into the one-way function F corresponds to the persona identifier to be authenticated. Authentication information (end of variation description).

  Next, the generated authentication information and the corresponding persona identifier (corresponding to “authentication target persona identifier”) are sent to the transmission unit 33a together with the authentication device address read from the storage unit 32a. The transmitting unit 33a transmits authentication information having a header of the authentication device address and the address of the access terminal device 30 and a persona identifier to the authentication device 40 via the network 60 (authentication information transmission process / step S50). This transmission is performed as, for example, an HTTP request.

  The transmitted authentication information and the corresponding persona identifier are received by the reception unit 43b of the authentication device 40 (FIG. 4A) and sent to the authentication information verification unit 41b. The authentication information verification unit 41b reads the IdP key (first information) and the master password (second information) associated with the same persona identifier as the sent persona identifier from the storage unit 42a, and is determined by these. Information is generated by the same method as in step S49. In this embodiment, the authentication information verification unit 41b substitutes the read IdP key (first information) and the master password (second information) into the one-way function F [F (IdP key (first Information), master password (second information))]. And the authentication information verification part 41b determines whether the produced | generated function value and authentication information correspond (step S53). If they do not match, the authentication information verification unit 41b determines that the verification has failed and terminates the process with an error (step S54). On the other hand, if they match, the authentication information verification unit 41b determines that the verification has passed, and outputs the determination result to the authentication result information generation unit 41c. The authentication result information generation unit 41c reads the secret key SK3 of the authentication device 40 from the storage unit 42a, and generates verification result information in which an electronic signature is added to the determination result using the secret key SK3 (step S55). The generated verification result information is sent to the transmission unit 43a, and the transmission unit 43a transmits this to the access terminal device 30 via the network 60 (step S56). This transmission is performed as, for example, an HTTP response. Further, when the authentication device 40 holds the address of the service providing device 50, the transmission may be performed by designating the service providing device 50 as a redirect destination.

  The transmitted verification result information is received by the receiving unit 33b of the access terminal device 30 (FIG. 3), and further transmitted from the transmitting unit 33a to the service providing device 50 via the network 60 (step S57). This verification result information is received by the receiving unit 53b of the service providing apparatus 50 (FIG. 4B) (step S58) and sent to the authentication result information verifying unit 51b. The authentication result information verification unit 51b reads the public key PK3 of the authentication device 40 from the storage unit 52a, and verifies the verification result information using the public key PK3 (steps S59 and S60). If the verification fails, the process ends in error (step S61). If the verification passes, the communication processing unit 51 transmits the access terminal device from the transmission unit 53a via the network 60. Service information is transmitted to 30 (step S62).

<Features of this embodiment>
As described above, in this embodiment, the IdP key (first information) corresponding to each persona identifier of each user is stored in the storage unit 22a of the persona selection device 20 shared for each persona identifier. (Registration process) The master password (second information) corresponding to a certain user to be authenticated is stored in the storage unit 32a of the access terminal device 30 different from the persona selection device 20 (step S48). In addition, the transmission unit 23a of the persona selection device 20 transmits the IdP key (first information) corresponding to the authentication target persona identifier, which is a persona identifier of the authentication target user, to the access terminal device 30 (step S46). ), The authentication information generation unit 31e of the access terminal device 30 transmits the transmitted IdP key (first information) and a certain master password (second information) stored in the storage unit 32a of the access terminal device 30. Is generated and output as authentication information corresponding to the persona identifier to be authenticated (step S49). Then, the transmission unit 33 a of the access terminal device 30 transmits the authentication target persona identifier and the authentication information to the authentication device 40.

  Here, only the IdP key stored in the storage unit 22a of the persona selection device 20 cannot be used as authentication information. For this reason, the administrator of the persona selection device 20 cannot become a legitimate user. Also, a third party who knows the master password (second information) cannot use it as authentication information only with this master password (second information). As described above, impersonation by a third party other than a legitimate user can be prevented.

  In this embodiment, the transmission unit 33a of the access terminal device 30 transmits the login authentication information to the persona selection device 20 (step S35), and the login verification unit 21c of the persona selection device 20 verifies the login authentication information. (Step S38) Only when the verification result of the login authentication information is acceptable, the persona selection device 20 transmits the IdP key (first information) to the access terminal device 30 (Step S46). . Thereby, it is possible to prevent the IdP key (first information) from being transmitted to a third party other than the user.

  In this embodiment, the function value obtained by substituting the IdP key (first information) and the master password (second information) into the one-way function is used as the authentication information corresponding to the persona identifier to be authenticated. (Step S49), as described above, protection of persona privacy is possible.

[Second Embodiment]
Next, a second embodiment of the present invention will be described.
This embodiment is a modification of the first embodiment, in which the same IdP key (first information) is set for one or more persona identifiers corresponding to the same user, and the IdP key (first information) and master Information determined by the password (second information) and the authentication target persona identifier is authentication information. That is, the difference of the second embodiment from the first embodiment is that the persona identifier, the user identifier, and the IdP key (first information) are associated with each other in the storage unit of the persona selection device according to the second embodiment, and the authentication. Only the association of the user identifier, the persona identifier, the IdP key (first information), and the master password (second information) and the authentication information generation process (step S49) in the storage unit of the apparatus. Hereinafter, only differences from the first embodiment will be described.

<Example of data structure of this embodiment>
FIG. 10A is a diagram illustrating a persona management table stored in the storage unit of the persona selection device according to the second embodiment. FIG. 10B is a diagram illustrating a table stored in the storage unit of the authentication device according to the second embodiment.
As illustrated in FIG. 10A, in the persona management table of this example, the persona identifier and attribute information (name, telephone number, etc.) of each persona, the user identifier, and the key for IdP (first information) are stored. Are related to each other. However, unlike the persona management table (FIG. 5A) exemplified in the first embodiment, the same IdP key (first information) is registered for each user identifier. Further, as illustrated in FIG. 10B, in the table stored in the storage unit of the authentication device of the second embodiment, the user identifier, the persona identifier, the IdP key (first information), and the master password (second Information). Unlike the table illustrated in the first embodiment (FIG. 5C), the same IdP key (first information) is registered for each user identifier.
Thus, in this embodiment, the same IdP key (first information) is set for one or more persona identifiers corresponding to the same user.

<Authentication information generation process of this embodiment>
In this embodiment, instead of the authentication information generation process (step S49), the authentication information generation unit 31e reads the IdP key (first information) and the master password (second information) from the storage unit 32a. And information determined by the persona identifier of the persona selected in step S42 (corresponding to “authentication object persona identifier”) is output as authentication information corresponding to the authentication object persona identifier. In this embodiment, an IdP key (first information), a master password (second information), and a persona identifier to be authenticated are substituted into a one-way function F [F (IdP key (first Information), master password (second information), authentication target persona identifier)] is output as authentication information corresponding to the authentication target persona identifier.

  Here, the IdP key (first information) and the master password (second information) of the present embodiment are information set for each user. Therefore, a third party can guess that different personas belong to the same user because the IdP key (first information) and the master password (second information) are the same. Therefore, from the viewpoint of protecting the privacy of the persona, it is desirable that the IdP key (first information) and the master password (second information) cannot be restored from the authentication information. In this embodiment, since authentication information is generated using a one-way function, even if the authentication information is acquired by a third party, the third party uses the IdP key (first information) and master password from the authentication information. (Second information) cannot be restored. This can protect the privacy of personas.

The variation of the authentication information of this form is illustrated below.
[Variation 1]
In variation 1, a function value obtained by substituting the bit combination value of the IdP key (first information), the master password (second information), and the persona identifier to be authenticated into the one-way function F [F (IdP Key (first information) | master password (second information) | authentication target persona identifier)] is the authentication information corresponding to the authentication target persona identifier.

[Variation 2]
In variation 2, the function value obtained by substituting the exclusive OR of the IdP key (first information), the master password (second information), and the persona identifier to be authenticated into the one-way function F is It is authentication information corresponding to the persona identifier.

<Features of this embodiment>
In this embodiment, the same IdP key (first information) is set for one or more persona identifiers corresponding to the same user, the IdP key (first information), the master password (second information), and the authentication target Information determined by the persona identifier is used as authentication information. As a result, the types of IdP keys (first information) to be managed by the persona selection device can be reduced, and the storage capacity of the storage unit of the persona selection device and the management cost can be reduced.
In this embodiment, the function value obtained by substituting the IdP key (first information), master password (second information), and authentication target persona identifier into the one-way function corresponds to the authentication target persona identifier. Personal information protection can be realized because of the authentication information.

[Third Embodiment]
This embodiment is a modification of the first embodiment. In this embodiment, the ciphertext generated with the encryption key set separately for each persona identifier is the first information, and the decryption key for decrypting the ciphertext is the second information. Then, the ciphertext (first information) generated by the encryption key corresponding to the authentication target persona identifier is decrypted using the decryption key (second information), and the decryption result corresponds to the authentication target persona identifier. Output as authentication information.
In the following description, differences from the first embodiment will be mainly described, and description of matters common to the first embodiment will be omitted.

<Configuration>
In the authentication system of the third embodiment, the authorization device 10 constituting the authentication system 1 of the first embodiment is replaced with an authorization device 110, the persona selection device 20 is replaced with a persona selection device 120, and an access terminal device. 30 is replaced with an access terminal device 130, and the authentication device 40 is replaced with an authentication device 140.

  FIG. 11A is a block diagram illustrating a configuration of the authorization device 110 according to the third embodiment, and FIG. 11B is a block diagram illustrating a configuration of the persona selection device 120 according to the third embodiment. is there. FIG. 12A is a block diagram showing the configuration of the access terminal device 130 according to the third embodiment, and FIG. 12B is a block diagram showing the configuration of the authentication device 140 according to the third embodiment. FIG. In addition, in each figure, the same code | symbol as 1st Embodiment was attached | subjected about the part which is common in 1st Embodiment.

  As shown in FIG. 11A, the difference between the authorization device 110 of the present embodiment and the authorization device 10 of the first embodiment is that the information stored in the storage unit 12a and the authorization device 110 are encrypted. This is a point further having a portion 111c. Further, as shown in FIG. 11B, the difference between the persona selection device 120 of this embodiment and the persona selection device 20 of the first embodiment is information stored in the storage unit 22a. Also, as shown in FIG. 12A, the difference between the access terminal device 130 of the present embodiment and the access terminal device 30 of the first embodiment is that information stored in the storage unit 32a and authentication information generation The part 31e is replaced with the authentication information generation part 131e. Also, as shown in FIG. 12B, the difference between the authentication device 140 of the present embodiment and the authentication device 40 of the first embodiment is that the information stored in the storage unit 42a and the authentication information verification unit 41b authenticate. This is a point that is replaced by the information verification unit 141b.

<Registration process>
Next, the registration process of this embodiment will be described.
In this embodiment, a user identifier is assigned to each user, and one or more persona identifiers are assigned to each user identifier. An independent password is set for each persona identifier. Furthermore, an independent key pair (secret key SK0, public key PK0) is set for each persona identifier. Also, a public key encryption key pair (secret key SK1, public key PK1) is set for the authorization device 110, and a public key encryption key pair (secret key SK3, public key PK3) is set for the authentication device 140. ) Is set. In this embodiment, the ciphertext obtained by encrypting the password using the public key PK0 (corresponding to “encryption key”) corresponds to the first information, and the secret key SK0 (corresponding to “decryption key”) is the first. 2 corresponds to the information, and the password corresponds to the authentication information.

  In the storage unit 12a of the authorization device 110 (FIG. 11A), a persona identifier, a password, and a public key PK0 that are in a corresponding relationship are stored in association with each other. The storage unit 12a stores the secret key SK1 of the authorization device 110 and the address (such as an IP address) of the persona selection device 120. The encryption unit 111c of the authorization device 110 reads the corresponding persona identifier, password, and public key PK0 from the storage unit 12a at an arbitrary timing, and encrypts the encrypted text using the public key PK0. The first information corresponding to the identifier is generated. The ciphertext (first information) of the generated password and the corresponding persona identifier are transmitted via the network 60 to the persona selection device 120 (FIG. 11B) shared for each persona identifier. The

  In the storage unit 22a of the persona selection device 120 (FIG. 11 (b)), a user identifier, a persona identifier, and a ciphertext (first information) of the transmitted password are stored in association with each other. (First information storage process). In addition, the public key PK1 of the authorization device 110 is further stored in the storage unit 22a.

In addition, a corresponding user identifier is stored in the storage unit 32a of the access terminal device 130 (FIG. 12A). Further, the storage unit 32a stores a persona identifier assigned to the user identifier and a secret key SK0 (second information) corresponding to the persona identifier in association with each other. Furthermore, in this storage unit 32a, the address of the authorization device 110 (authorization device address), the address of the persona selection device 120 (persona selection device address), and the address of the authentication device 140 (authentication device address) are stored. Stored.
In the storage unit 42a of the authentication device 140 (FIG. 12B), a persona identifier and a password that are in a corresponding relationship are stored in association with each other. In addition, the secret key SK3 of the authentication device 140 is stored in the storage unit 42a.

<Authorization process>
Since it is the same as that of the first embodiment, the description is omitted.

<Authentication process>
Next, the authentication procedure of this embodiment will be described.
FIG. 13 is a flowchart for explaining an authentication process according to the third embodiment. Hereinafter, the authentication processing of this embodiment will be described with reference to these drawings.
First, the same processing as steps S31 to S44 of the first embodiment is executed. Next, the communication processing unit 21 of the persona selection device 120 (FIG. 11B) uses the persona identifier of the persona selected in step S42 (corresponding to “personal identifier to be authenticated”) and the password associated therewith. The ciphertext (first information) is extracted from the storage unit 22a (step S111). The extracted persona identifier and password ciphertext (first information) are sent to the transmission unit 23a, and the transmission unit 23a sends the persona identifier and password ciphertext (first information) via the network 60 to the access terminal. It transmits to the apparatus 130 (step S112).

  The transmitted persona identifier and password ciphertext (first information) are received by the receiving unit 33b of the access terminal device 130 (FIG. 12A) (step S113) and sent to the authentication information generating unit 131e. The authentication information generation unit 131e reads out the secret key SK0 (second information) associated with the sent persona identifier from the storage unit 32a (step S114). Then, the authentication information generation unit 131e obtains a password (authentication information) by decrypting the ciphertext (first information) of the transmitted password with the secret key SK0 (second information) (step S115). The acquired password (authentication information) is transmitted together with the corresponding persona identifier from the transmission unit 33a to the authentication device 140 via the network 60 (step S116), and received by the reception unit 33b of the authentication device 140 (FIG. 12B). (Step S117).

The received password (authentication information) and persona identifier are sent to the authentication information verification unit 141b, and the authentication information verification unit 141b stores the password associated with the same persona identifier as the sent persona identifier in the storage unit 42a. And compare with the received password (authentication information). The authentication information verification unit 141b determines that the verification passes if they match, and determines that the verification fails if they do not match.
Thereafter, the same processing as steps S53 to S62 of the first embodiment is executed.

<Features of this embodiment>
In this embodiment, a password ciphertext generated by a public key PK0 (encryption key) set separately for each persona identifier is used as first information, and a secret key SK0 (decryption key) for decrypting the ciphertext is used. ) As the second information, the ciphertext (first information) of the password generated by the public key PK0 (encryption key) corresponding to the authentication target persona identifier is converted into the decryption key (second information) corresponding to the authentication target persona identifier. Information) and the decryption result is set as authentication information corresponding to the persona identifier to be authenticated (step S115).

  Here, only the ciphertext of the password stored in the storage unit 22a of the persona selection device 120 cannot be used as authentication information. For this reason, the administrator of the persona selection device 120 cannot be a legitimate user. Also, a third party who knows the secret key SK0 cannot use it as authentication information only with the secret key SK0. As described above, impersonation by a third party other than a legitimate user can be prevented.

  In this embodiment, the public key PK0 and the secret key SK0 are set separately for each persona identifier. This prevents a third party from guessing that different personas correspond to the same user from the commonality of the public key PK0 and the secret key SK0.

  In this embodiment, the public key cryptosystem is used as the encryption scheme for generating the ciphertext (first information), but Camellia and AES are used as the encryption scheme for generating the ciphertext (first information). A common key cryptosystem such as the above may be used. In this case, the encryption key and the decryption key are common keys.

[Fourth Embodiment]
This embodiment is a modification of the third embodiment. Also in this embodiment, the ciphertext generated by the encryption key set separately for each persona identifier is the first information, and the decryption key for decrypting the ciphertext is the second information. Then, the ciphertext (first information) generated by the encryption key corresponding to the authentication target persona identifier is decrypted using the decryption key (second information), and the decryption result corresponds to the authentication target persona identifier. Output as authentication information. However, in the third embodiment, the ciphertext obtained by encrypting the password set for each persona identifier with the encryption key is used as the first information, whereas in this embodiment, the encryption key is necessary for SSL client authentication. A ciphertext obtained by encrypting information is defined as first information. Below, it demonstrates centering around difference with 1st Embodiment, and abbreviate | omits description about the matter which is common in 1st Embodiment.

<Configuration>
In the authentication system of the fourth embodiment, the authorization device 10 constituting the authentication system 1 of the first embodiment is replaced with an authorization device 210, the persona selection device 20 is replaced with a persona selection device 220, and an access terminal device. 30 is replaced with an access terminal device 230, and the authentication device 40 is replaced with an authentication device 240.

  FIG. 14A is a block diagram showing the configuration of the authorization device 210 of the fourth embodiment, and FIG. 14B is a block diagram showing the configuration of the persona selection device 220 of the second embodiment. is there. FIG. 15A is a block diagram showing the configuration of the access terminal device 230 according to the fourth embodiment, and FIG. 15B is a block diagram showing the configuration of the authentication device 240 according to the fourth embodiment. FIG. In addition, in each figure, the same code | symbol as 1st Embodiment was attached | subjected about the part which is common in 1st Embodiment.

  As shown in FIG. 14 (a), the difference between the authorization device 210 of this embodiment and the authorization device 20 of the first embodiment is that the information stored in the storage unit 12a and the authorization device 210 are encrypted. It is a point which further has the part 211c. Further, as shown in FIG. 14B, the difference between the persona selection device 220 of the present embodiment and the persona selection device 20 of the first embodiment is information stored in the storage unit 22a. As shown in FIG. 15A, the difference between the access terminal device 230 of this embodiment and the access terminal device 30 of the first embodiment is that information stored in the storage unit 32a and authentication information generation The part 31e is replaced with the authentication information generation part 231e. Also, as shown in FIG. 15B, the difference between the authentication device 240 of this embodiment and the authentication device 40 of the first embodiment is that the information stored in the storage unit 42a and the authentication information verification unit 41b authenticate. This is a point that is replaced by the information verification unit 241b.

<Registration process>
Next, the registration process of this embodiment will be described.
In this embodiment, a user identifier is assigned to each user, and one or more persona identifiers are assigned to each user identifier. Each persona identifier is set with an independent key pair (secret key SK6, public key PK6) and key pair (secret key SK0, public key PK0). Also, a public key cryptosystem key pair (secret key SK1, public key PK1) is set for the authorization device 210, and a public key cryptosystem key pair (secret key SK3, public key PK3) is set for the authentication device 240. ) Is set. The public key PK0 corresponds to the encryption key, and the secret key SK0 corresponds to the decryption key.

  The storage unit 12a of the authorization device 210 (FIG. 14 (a)) associates a corresponding persona identifier, key pair (secret key SK6, public key PK6), public key PK6 certificate, and public key PK0. Stored. The public key PK6 certificate is a public key certificate of the public key PK6 generated using the secret key SK1 of the authorization device 21. The storage unit 12a further stores a secret key SK1 and an address (such as an IP address) of the persona selection device 220. The encryption unit 211c of the authorization device 210 obtains the corresponding persona identifier, the key pair (secret key SK6, public key PK6), the certificate of the public key PK6, and the public key PK0 from the storage unit 12a at any occasion. A ciphertext obtained by encrypting the key pair (secret key SK6, public key PK6) and the certificate of the public key PK6 is generated as the first information by reading and using the public key PK0. For example, the encryption unit 211c encrypts the bit combination of the certificate of the key pair and the public key PK6 with the public key PK0, and uses the ciphertext as the first information. The ciphertext (first information) for the generated key pair (private key SK6, public key PK6) and the certificate of the public key PK6 and the corresponding persona identifier are connected to each persona identifier via the network 60. To the persona selection device 220 (FIG. 14B) shared.

  In the storage unit 22a of the persona selection device 220 (FIG. 14B), the user identifier, the persona identifier, the transmitted key pair (private key SK6, public key PK6), and proof of the public key PK6 are associated. The ciphertext (first information) for the certificate is stored in association with each other (first information storage process). The storage unit 22a further stores the public key PK1 of the authorization device 210.

In addition, the corresponding user identifier is stored in the storage unit 32a of the access terminal device 230 (FIG. 15A). Further, the storage unit 32a stores a persona identifier assigned to the user identifier and a secret key SK0 (corresponding to “second information”) corresponding to the persona identifier in association with each other. Furthermore, the address of the authorization device 210 (authorization device address), the address of the persona selection device 220 (persona selection device address), and the address of the authentication device 240 (authentication device address) are stored in the storage unit 32a. Stored.
The storage unit 42a of the authentication device 240 (FIG. 15B) stores the public key PK1 of the authorization device 210 and the secret key SK3 of the authentication device 240.

<Authorization process>
Since it is the same as that of the first embodiment, the description is omitted.

<Authentication process>
Next, the authentication procedure of this embodiment will be described.
FIG. 16 is a flowchart for explaining an authentication process according to the fourth embodiment. Hereinafter, the authentication processing of this embodiment will be described with reference to these drawings.
First, the same processing as steps S31 to S44 of the first embodiment is executed. Next, the communication processing unit 21 of the persona selection device 220 (FIG. 14B) uses the persona identifier of the persona selected in step S42 (corresponding to “personal identifier to be authenticated”) and the key pair associated therewith. The ciphertext (first information) for (the secret key SK6, the public key PK6) and the certificate of the public key PK6 is extracted from the storage unit 22a (step S121). The extracted persona identifier and ciphertext (first information) are sent to the transmission unit 23a, and the transmission unit 23a transmits the information to the access terminal device 230 via the network 60 (step S122).

  The transmitted persona identifier and ciphertext (first information) are received by the receiving unit 33b of the access terminal device 230 (FIG. 15A) (step S123) and sent to the authentication information generating unit 231e. The authentication information generation unit 231e reads out the secret key SK0 (second information) associated with the sent persona identifier from the storage unit 32a (step S124). Then, the authentication information generation unit 231e decrypts the transmitted ciphertext (first information) with the secret key SK0 (second information), and generates a key pair (secret key SK6, public key PK6) and public key PK6. A certificate is acquired (step S125). Next, the authentication information generation unit 231e uses the acquired key pair (secret key SK6, public key PK6) and the certificate of the public key PK6, and uses SSL client authentication information (authentication information) having the certificate of the public key PK6. ) Is generated (step S126). For example, the random number generation unit of the authentication information generation unit 231e generates a random number R, the hash calculation unit of the authentication information generation unit 231e generates a hash value H (R) of the random number R, and the encryption unit of the authentication information generation unit 231e Generates a ciphertext En (SK6, H (R)) obtained by encrypting the hash value H (R) using the secret key SK6. In this case, the authentication information generation unit 231 generates SSL client authentication information (authentication information) including the ciphertext En (SK6, H (R)), the random number R, and the certificate of the public key PK6. The generated SSL client authentication information (authentication information) is transmitted from the transmission unit 33a to the authentication device 240 via the network 60 (step S127) and received by the reception unit 33b of the authentication device 240 (FIG. 15B). (Step S128).

The received SSL client authentication information (authentication information) is sent to the authentication information verification unit 241b, and the authentication information verification unit 241b performs the verification. For example, when the SSL client authentication information (authentication information) includes the ciphertext En (SK6, H (R)), the random number R, and the certificate of the public key PK6, first, the authentication information verification unit 241b The public key certificate verification unit reads the public key PK1 from the storage unit 42a, and verifies the certificate of the public key PK6. When this verification is successful, the decryption unit of the authentication information verification unit 241b decrypts the ciphertext En (SK6, H (R)) using the public key PK6 that has passed the verification, and the hash value H (R) Get. Further, the hash calculation unit of the authentication information verification unit 241b obtains the hash value H (R) of the random number R included in the SSL client authentication information (authentication information), and the comparison unit of the authentication information verification unit 241b determines the hash value H It is verified whether or not (R) matches the hash value H (R) obtained by decryption. The authentication information verification unit 241b determines that the verification passes if they match, and determines that the verification fails if they do not match.
Thereafter, the same processing as steps S53 to S62 of the first embodiment is executed.

<Features of this embodiment>
In this embodiment, the key information (secret key SK6, public key PK6) generated by the public key PK0 (encryption key) set separately for each persona identifier and the ciphertext of the public key PK6 certificate are used as the first information. And a secret key SK0 (decryption key) for decrypting the ciphertext as the second information, and a key pair (secret key SK6,) generated by the public key PK0 (encryption key) corresponding to the persona identifier to be authenticated The ciphertext of the certificate of the public key PK6) and the public key PK6 is decrypted using the decryption key (second information) corresponding to the authentication target persona identifier, and the decryption result is used to correspond to the authentication target persona identifier SSL client authentication information (authentication information) is generated (step S126).

  Here, only the ciphertext stored in the storage unit 22a of the persona selection device 220 cannot be used as authentication information. For this reason, the administrator of the persona selection device 220 cannot be a legitimate user. Also, a third party who knows the secret key SK0 cannot use it as authentication information only with the secret key SK0. As described above, impersonation by a third party other than a legitimate user can be prevented.

  In this embodiment, the public key PK0 and the secret key SK0 are set separately for each persona identifier. This prevents a third party from guessing that different personas correspond to the same user from the commonality of the public key PK0 and the secret key SK0.

  In this embodiment, the public key cryptosystem is used as the encryption scheme for generating the ciphertext (first information), but Camellia and AES are used as the encryption scheme for generating the ciphertext (first information). A common key cryptosystem such as the above may be used. In this case, the encryption key and the decryption key are common keys.

[Fifth Embodiment]
This embodiment is a modification of the first embodiment. In this embodiment, the access terminal device generates a key pair of the public key PK4 and the private key SK4 corresponding to the persona identifier to be authenticated, and responds to the certificate generation request information that is a public key PK4 certificate generation request. To generate an electronic signature. The persona selection device stores the electronic signature in the storage unit, generates a certificate of the public key PK4 as first information corresponding to the authentication target persona identifier, and transmits the first information to the access terminal device. The access terminal device uses the secret key SK4, generates a certificate that can be verified by the public key PK4 as second information, and verifies the certificate (first information) of the public key PK4 and the public key PK4. And a data string composed of a document (second information) is transmitted as authentication information to the authentication apparatus.
Below, it demonstrates centering around difference with 1st Embodiment, and abbreviate | omits description about the matter which is common in 1st Embodiment.

<Configuration>
In the authentication system of the fifth embodiment, the authorization device 10 constituting the authentication system 1 of the first embodiment is replaced with an authorization device 310, the persona selection device 20 is replaced with a persona selection device 320, and an access terminal device. 30 is replaced with an access terminal device 330, and the authentication device 40 is replaced with an authentication device 340.

  FIG. 17A is a block diagram showing the configuration of the available device 310 of the fifth embodiment, and FIG. 17B is a block diagram showing the configuration of the persona selection device 320 of the fifth embodiment. . FIG. 18A is a block diagram showing the configuration of the access terminal device 330 according to the fifth embodiment, and FIG. 18B is a block diagram showing the configuration of the authentication device 340 according to the fifth embodiment. FIG. In addition, in each figure, the same code | symbol as 1st Embodiment was attached | subjected about the part which is common in 1st Embodiment.

  As shown in FIG. 17A, the difference between the available device 310 of the present embodiment and the available device 10 of the first embodiment is information stored in the storage unit 12a. Further, as shown in FIG. 17B, the difference between the persona selection device 320 of this embodiment and the persona selection device 20 of the first embodiment is that the information stored in the storage unit 22a and the persona selection device 320 are different. A signature verification unit 321d and a first information generation unit 321e are newly provided. Further, as shown in FIG. 18A, the difference between the access terminal device 330 of this embodiment and the access terminal device 30 of the first embodiment is that the information stored in the storage unit 32a and the access terminal The apparatus 330 further includes a request signature generation unit 331f and a second information generation unit 331g, and the authentication information generation unit 31e is replaced with an authentication information generation unit 331e. As shown in FIG. 18B, the difference between the authentication device 340 of the present embodiment and the authentication device 40 of the first embodiment is that the information stored in the storage unit 42a and the authentication information verification unit 41b authenticate. This is a point that is replaced by the information verification unit 341b.

<Registration process>
Next, the registration process of this embodiment will be described. In this embodiment, a user identifier is assigned to each user, and one or more persona identifiers are assigned to each user identifier. Also, a public key encryption key pair (secret key SK1, public key PK1) is set for the authorization device 10, and a public key encryption key pair (secret key SK5, public key) is set for the persona selection device 320. PK5) is set, and a key pair (secret key SK3, public key PK3) of the public key cryptosystem is set for the authentication device 340.

  The storage unit 12a of the authorization device 310 (FIG. 17A) stores the secret key SK1 and the address (IP address or the like) of the persona selection device 320. Also, the user identifier and the persona identifier that are in a correspondence relationship are stored in the storage unit 22a of the persona selection device 320 (FIG. 17B) in association with each other. The storage unit 22a further stores the public key PK1 of the authorization device 310 and the secret key SK5 of the persona selection device 320.

Further, in the storage unit 32a of the access terminal device 330 (FIG. 18A), the address of the authorization device 310 (authorization device address), the address of the persona selection device 320 (persona selection device address), and the authentication The address of the device 340 (authentication device address) is stored.
Also, the storage unit 42a of the authentication device 240 (FIG. 18B) stores the public key PK1 of the authorization device 310 and the secret key SK3 of the authentication device 340.

<Authorization process>
Since it is the same as that of the first embodiment, the description is omitted.

<Authentication process>
Next, the authentication procedure of this embodiment will be described.
19 and 20 are flowcharts for explaining the authentication processing of the fifth embodiment. Hereinafter, the authentication processing of this embodiment will be described with reference to these drawings.
First, the same processing as steps S31 to S39 of the first embodiment is executed. If the authentication process in step S38 is successful, first, the key pair generation unit 31b of the access terminal device 330 (FIG. 18A) has a persona indicated by the selection information input from the input unit 34a. A key pair of the public key PK4 and the secret key SK4 corresponding to the persona identifier (corresponding to “personal identifier to be authenticated”) is generated (persona key generation process / step S150). The generated public key PK4 and secret key SK4 are stored in the storage unit 32a. Next, the request signature generation unit 331f reads the public key PK4 and the secret key SK2 of the access terminal device 330 generated in <authorization process> from the storage unit 32a. Then, the request signature generation unit 331f generates an electronic signature using the secret key SK2 for the certificate generation request information (including the public key PK4) that is a generation request for the public key certificate of the public key PK4 (request). Signature generation process / step S151). The certificate generation request information (including the public key PK4) and its electronic signature are sent to the transmission unit 33a together with the persona identifier to be authenticated, and the transmission unit 33a transmits these to the persona selection device 320 via the network 60 (request). Information transmission process / step S152).

  The transmitted certificate generation request information (including the public key PK4), its electronic signature, and the persona identifier to be authenticated are received by the receiving unit 23b of the persona selection device 320 (FIG. 17B) (step S153). It is sent to the signature verification unit 321d. The signature verification unit 321d reads from the storage unit 22a the public key PK2 included in the permission / certification target information of the authorization setting certificate associated with the same persona identifier as the authentication target persona identifier. Then, the signature verification unit 321d verifies the sent electronic signature with the public key PK2 (step S155). If the verification fails, the process ends with an error (step S156).

  On the other hand, if the verification is successful, the signature verification unit 321d stores the transmitted electronic signature in the storage unit 22a in association with the same persona identifier as the authentication target persona identifier (request signature storage process / step S157). . Next, certificate generation request information (including the public key PK4) is sent to the first information generation unit 321e, and the first information generation unit 321e uses the private key SK5 read from the storage unit 22a to generate the public key PK4. A certificate is generated as first information (first information generation process / step S158). The public key PK4 certificate is a public key certificate that can be verified using the public key PK5. The generated certificate (first information) of the public key PK4 is stored in the storage unit 22a in association with the same persona identifier as the authentication target persona identifier (first information storage process). Further, the certificate (first information) of the public key PK4 is sent to the transmission unit 23a, and the transmission unit 23a sends the certificate (first information) of the public key PK4 to the access terminal device 330 via the network 60. Transmit (first information transmission process / step S159).

The transmitted certificate (first information) of the public key PK4 is received by the receiving unit 33b of the access terminal device 330 (FIG. 18A) (step S160) and sent to the authentication information generating unit 331e. Further, the second information generation unit 331g generates, as the second information, a certificate that can be verified by the public key PK4 using the secret key SK4 read from the storage unit 32a (second information generation process / step S161). Store in the storage unit 32a (second information storage process). For example, the random number generation unit of the second information generation unit 331g generates a random number R, the hash calculation unit generates a hash value H (R) of the random number R, and the encryption unit uses the secret key SK4 to generate a hash value The ciphertext En (SK4, H (R)) obtained by encrypting H (R) is generated, and the second information generation unit 331g generates information including the ciphertext En (SK4, H (R)) and the random number R. Output as second information. The second information generated by the second information generation unit 331g is sent to the authentication information generation unit 331e, and the certificate information generation unit 331e generates a data string composed of the first information and the second information as authentication information, The data is output to the transmitter 33a (authentication information generation process / step S162). The transmission unit 33a transmits this authentication information to the authentication device 340 via the network 60 (step S163). The transmitted authentication information is received by the reception unit 33b of the authentication device 340 (FIG. 18B) (step S164) and sent to the authentication information verification unit 341b. The authentication information verification unit 341b verifies the certificate of the public key PK4, which is the first information included in the authentication information, using the public key PK5 read from the storage unit 42a, and authenticates using the public key PK4 that has passed the verification. The second information included in the information is verified. For example, when the second information is information including the ciphertext En (SK4, H (R)) and the random number R, the decryption unit of the authentication information verification unit 341b uses the public key PK4 to encrypt the ciphertext En (SK4 , H (R)) to obtain a hash value H (R), and the hash calculation unit of the authentication information verification unit 341b generates a hash value H (R) using the random number R to verify the authentication information. The comparison unit of the unit 341b verifies whether or not these hash values H (R) match. The authentication information verification unit 341b determines that the verification is successful if they match, and determines that the verification fails if they do not match.
Thereafter, the same processing as steps S53 to S62 of the first embodiment is executed.

<Features of this embodiment>
In this embodiment, the persona selection device 320 generates the public key certificate of the public key PK4 as first information corresponding to the authentication target persona identifier, stores it in the storage unit 22a (step S158), and the access terminal device 330. However, using the secret key SK4, a certificate verifiable by the public key PK4 is generated as second information and stored in the storage unit 32a (step S161), and the data string composed of the first information and the second information is authenticated. The information is output (step S162).

  Here, the first information included in the authentication information is a certificate of the public key PK4 certified by the persona selection device 320. This is evidence that the persona selection device 320 has issued the first information for the public key PK4. Therefore, even if the persona selection device 320 illegally generates authentication information, it can be confirmed that the person who issued the information is the persona selection device 320.

  In this embodiment, the access terminal device 330 generates an electronic signature for the certificate generation request information that is a request for generating a certificate for the public key PK4 (step S151), and generates the certificate generation request information and the electronic signature. Is transmitted to the persona selection device 320 (step S152), and the electronic signature is stored in the storage unit 22a of the persona selection device 320.

  As a result, it is claimed that the persona selection device 320 has illegally generated the authentication information even though the user has requested the persona selection device 320 to transmit the first information, generated the authentication information, and performed the authentication process. In this case, the administrator of the persona selection device 320 can prove by the electronic signature stored in the storage unit 22a that the user has requested the persona selection device 320 to transmit the first information.

  In this embodiment, a key pair of the public key PK4 and the secret key SK4 is generated separately for each persona identifier (step S150). Thereby, it is possible to prevent a third party from guessing that different personas correspond to the same user from the commonality of the public key PK4 and the secret key SK4.

[Sixth Embodiment]
This embodiment is a modification of the first embodiment, and only the point that communication between the access terminal device and the service providing device in steps S31 to S36 of <authentication processing> is performed via the persona selection device. It differs from the form. Others are the same as 1st Embodiment. In the following, only the differences from the first embodiment will be described.

FIG. 21 is a flowchart for explaining the <authentication process> of the sixth embodiment.
First, the communication processing unit 31a generates service request information and transmits it to the persona selection device 20 (step S171). This service request information is received by the receiving unit 23b of the persona selection device 20 (FIG. 2B) and transmitted from the transmitting unit 23a to the service providing device 50 (step S172).

  This service request information is received by the receiving unit 53b of the service providing apparatus 50 (FIG. 4B) (step S173) and sent to the communication processing unit 51a. Receiving this, the communication processing unit 51a generates authentication request information, and transmits it to the persona selection device 20 from the transmission unit 53a via the network (step S174). This authentication request information is received by the receiving unit 23b of the persona selection device 20 (FIG. 2B), and transmitted from the transmitting unit 23a to the access terminal device 30 (FIG. 3) (step S175).

This authentication request information is received by the receiving unit 33b of the access terminal device 30 (FIG. 3) and sent to the communication processing unit 31a. In response to this, the login authentication information generation unit 31d generates login authentication information for logging in to the persona selection device 20. The generated login authentication information is sent to the transmission unit 33a together with the persona selection device address read from the storage unit 32a. The transmission unit 33a transmits login authentication information having the header of the persona selection device address and the address of the access terminal device 30 to the persona selection device 20 via the network 60 (step S178). Thereafter, the same processing as steps S37 to S62 of the first embodiment is executed.
In addition, the modification which performs communication between the terminal device for access in S <b> 31 to S <b> 36 of <authentication processing> in the second to fifth embodiments and the service providing device via the persona selection device is also possible.

[Other variations, etc.]
The present invention is not limited to the embodiment described above. For example, the configuration may be such that the access terminal device can select the authentication method of each embodiment. In each of the above-described embodiments, an example in which a plurality of persona identifiers are set for each user has been described. However, one persona identifier may be set for each user. In this case, the IdP key (first information) corresponding to the persona identifier of the user who uses the access terminal device is transmitted from the access terminal device to the persona device instead of the above-described selection information (step S44 and the like). The first information request information for requesting is transmitted. In addition, a modification in which a value obtained by substituting the first information and the second information into a function other than a one-way function (such as an exclusive OR function) is used as authentication information is also possible. Further, in each of the above embodiments, for convenience of explanation, an example is shown in which one persona is selected from the persona list in the access terminal device (step S42 and the like), and authentication information is generated using the first information corresponding thereto. (Step S49, etc.). However, the present invention is not limited to this. In other words, the access terminal device may select two or more personas from the persona list and generate each piece of authentication information corresponding to each selected persona. Other processes in the case where a plurality of pieces of authentication information are generated are the same except that the process described above is executed for each authentication information.

  In addition, the various processes described above are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Needless to say, other modifications are possible without departing from the spirit of the present invention.

  Further, when the above-described configuration is realized by a computer, processing contents of functions that each device should have are described by a program. The processing functions are realized on the computer by executing the program on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. The computer-readable recording medium may be any medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, or a semiconductor memory. Specifically, for example, the magnetic recording device may be a hard disk device or a flexible Discs, magnetic tapes, etc. as optical discs, DVD (Digital Versatile Disc), DVD-RAM (Random Access Memory), CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable) / RW (ReWritable), etc. As the magneto-optical recording medium, MO (Magneto-Optical disc) or the like can be used, and as the semiconductor memory, EEP-ROM (Electronically Erasable and Programmable-Read Only Memory) or the like can be used.

  The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its storage device. When executing the process, the computer reads a program stored in its own recording medium and executes a process according to the read program. As another execution form of the program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer. Each time, the processing according to the received program may be executed sequentially. Also, the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good. Note that the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).

  In this embodiment, the present apparatus is configured by executing a predetermined program on a computer. However, at least a part of these processing contents may be realized by hardware.

  As an application field of the present invention, a system in which a user can use a plurality of identifiers and use a plurality of Internet sites that require strong authentication can be exemplified.

FIG. 1 is a diagram illustrating a configuration of an authentication system according to the first embodiment. 2A is a block diagram showing the configuration of the authorization device of FIG. 1, and FIG. 2B is a block diagram showing the configuration of the persona selection device of FIG. FIG. 3 is a block diagram showing a configuration of the access terminal apparatus of FIG. 4A is a block diagram showing the configuration of the authentication device of FIG. 1, and FIG. 4B is a block diagram showing the configuration of the service providing device of FIG. FIGS. 5A and 5B are diagrams exemplifying a relationship among a device identifier, a user identifier, a persona identifier, an IdP key (first information), and a permission certification certificate that are associated in the storage unit of the persona selection device. . FIG. 5C is a diagram illustrating a relationship among a persona identifier, an IdP key (first information), and a master password (second information) associated with each other in the storage unit of the authentication device. FIG. 6 is a flowchart for explaining the authorization process of the first embodiment. FIG. 7 is a flowchart for explaining the authorization process of the first embodiment. FIG. 8 is a flowchart for explaining the authentication processing of the first embodiment. FIG. 9 is a flowchart for explaining the authentication processing of the first embodiment. FIG. 10A is a diagram illustrating a persona management table stored in the storage unit of the persona selection device according to the second embodiment. FIG. 10B is a diagram illustrating a table stored in the storage unit of the authentication device according to the second embodiment. FIG. 11A is a block diagram showing the configuration of the authorization device of the third embodiment, and FIG. 11B is a block diagram showing the configuration of the persona selection device of the third embodiment. FIG. 12A is a block diagram showing the configuration of the access terminal device of the third embodiment, and FIG. 12B is a block diagram showing the configuration of the authentication device of the third embodiment. FIG. 13 is a flowchart for explaining an authentication process according to the third embodiment. FIG. 14A is a block diagram showing the configuration of the authorization device of the fourth embodiment, and FIG. 14B is a block diagram showing the configuration of the persona selection device of the second embodiment. FIG. 15A is a block diagram showing the configuration of the access terminal device of the fourth embodiment, and FIG. 15B is a block diagram showing the configuration of the authentication device of the fourth embodiment. FIG. 16 is a flowchart for explaining an authentication process according to the fourth embodiment. FIG. 17A is a block diagram illustrating a configuration of an available device according to the fifth embodiment, and FIG. 17B is a block diagram illustrating a configuration of a persona selection device according to the fifth embodiment. FIG. 18A is a block diagram showing the configuration of the access terminal device of the fifth embodiment, and FIG. 18B is a block diagram showing the configuration of the authentication device of the fifth embodiment. FIG. 19 is a flowchart for explaining an authentication process according to the fifth embodiment. FIG. 20 is a flowchart for explaining an authentication process according to the fifth embodiment. FIG. 21 is a flowchart for explaining the <authentication process> of the sixth embodiment.

Explanation of symbols

1 Authentication System 10, 110, 210, 310 Authorization Device 20, 120, 220, 320 Persona Selection Device 30, 130, 230, 330 Access Terminal Device

Claims (12)

A user authentication method for performing user authentication for each persona identifier set to one or more for each user,
A first information storing step of storing first information corresponding to each persona identifier of each user in a storage unit of a persona selection device shared for each persona identifier;
A second information storing step of storing second information corresponding to a certain user in a storage unit of an access terminal device different from the persona selection device;
When the first information request information is transmitted from the access terminal device, the transmission unit of the persona selection device corresponds to an authentication target persona identifier that is at least one persona identifier of the certain user. A first information transmission step of transmitting first information to the access terminal device;
Information determined by the authentication information generation unit of the access terminal device based on the first information transmitted in the first information transmission process and certain second information stored in the storage unit of the access terminal device Generating authentication information and outputting this as authentication information corresponding to the persona identifier to be authenticated,
An authentication information transmission process in which the transmission unit of the access terminal device transmits the authentication target persona identifier and the authentication information to the authentication device;
A user authentication method comprising: The user authentication method according to claim 1,
The authentication information generation process is as follows:
A function value obtained by substituting the first information transmitted in the first information transmission process and certain second information stored in the storage unit of the access terminal device into a one-way function, In the process of outputting as authentication information corresponding to the persona identifier to be authenticated,
The user authentication method characterized by the above-mentioned. The user authentication method according to claim 1,
The first information is
The same for one or more persona identifiers corresponding to the same user;
The authentication information generation process is as follows:
Generating information determined by the first information transmitted in the first information transmission process, the second information stored in the storage unit of the access terminal device, and the persona identifier to be authenticated; In the process of outputting as authentication information corresponding to the persona identifier,
The user authentication method characterized by the above-mentioned. The user authentication method according to claim 3, wherein
The authentication information generation process is as follows:
Obtained by substituting the first information transmitted in the first information transmission process, certain second information stored in the storage unit of the access terminal device, and the authentication target persona identifier into a one-way function. Is a process of outputting the obtained function value as authentication information corresponding to the persona identifier to be authenticated,
The user authentication method characterized by the above-mentioned. The user authentication method according to claim 1,
The first information is
A ciphertext generated by an encryption key set separately for each persona identifier,
The second information is
A decryption key for decrypting the ciphertext,
The authentication information generation process is as follows:
A process of decrypting a ciphertext generated by an encryption key corresponding to the authentication target persona identifier using the decryption key and outputting the decryption result as authentication information corresponding to the authentication target persona identifier.
The user authentication method characterized by the above-mentioned. The user authentication method according to claim 1,
A persona key generation process in which a key pair generation unit of the access terminal device generates a key pair of a public key and a secret key corresponding to the persona identifier to be authenticated;
A request signature generation process in which the request signature generation unit of the access terminal device generates an electronic signature for certificate generation request information that is a certificate generation request for the public key,
A request information transmission process in which the transmission unit of the access terminal device transmits the certificate generation request information and the electronic signature to the persona selection device;
A request signature storage process for storing the electronic signature in a storage unit of the persona selection device;
A first information generation step in which a first information generation unit of the persona selection device generates the public key certificate as first information corresponding to the persona identifier to be authenticated;
A second information generation step of generating, as the second information, a second information generation unit of the access terminal device, using the secret key and generating a certificate that can be verified by the public key;
The authentication information generation process is as follows:
A process of outputting a data string composed of the first information and the second information as authentication information;
The user authentication method characterized by the above-mentioned. The user authentication method according to claim 6, comprising:
The persona key generation process is as follows:
A process for generating a key pair of a public key and a private key separately for each persona identifier.
The user authentication method characterized by the above-mentioned. A user authentication method according to any one of claims 1 to 7,
A login authentication information transmission process in which the transmission unit of the access terminal device transmits login authentication information to the persona selection device;
A login verification process in which the login verification unit of the persona selection device verifies the login authentication information;
Further comprising
The first information transmission process is a process of transmitting the first information to the access terminal device only when the verification result of the login authentication information is acceptable.
The user authentication method characterized by the above-mentioned. A user authentication method according to any one of claims 1 to 8,
A transmission process of the persona selection device, a personalist transmission process for transmitting a persona list including information corresponding to each persona identifier of the certain user to the access terminal device;
A receiving section of the access terminal device, a personalist receiving process for receiving the personalist;
A personalist output process in which the output unit of the access terminal device outputs the personalist; and
A selection information input process in which the input unit of the access terminal device receives input of selection information indicating at least one persona identifier of the certain user;
A selection information transmission process in which the transmission unit of the access terminal device transmits the selection information to the persona selection device;
The receiving unit of the access terminal device further includes a selection information receiving process for receiving the selection information,
The first information request information is the selection information,
In the first information transmission process, when the selection information is transmitted from the access terminal device, the transmission unit of the persona selection device at least has a certain one of the certain user indicated by the selection information. A process of transmitting the first information corresponding to the persona identifier to be authenticated, which is one persona identifier, to the access terminal device;
The user authentication method characterized by the above-mentioned. An access terminal device used for user authentication performed for each persona identifier set to one or more for each user,
A storage unit for storing second information corresponding to a certain user;
A receiving unit for receiving at least first information corresponding to a persona identifier to be authenticated that is one persona identifier of the certain user transmitted from the persona selection device;
Information determined by the first information received by the receiving unit and certain second information stored in the storage unit of the access terminal device is generated, and this is used as authentication information corresponding to the authentication target persona identifier. An authentication information generator that outputs as
A transmission unit for transmitting the authentication target persona identifier and the authentication information to an authentication device;
An access terminal device comprising:   A program for causing a computer to function as the access terminal device according to claim 10.   A computer-readable recording medium storing the program according to claim 11.

Images