The present disclosure relates to a control method, an information processing device, and a control program.
Distributed identifiers (IDs) managed by distributed network systems such as blockchains enable lower-cost and more flexible operation compared to centralized IDs managed by certification authorities (CAs) due absence of CAs.
On the other hand, in recent years, attacks have emerged that exploit shortcomings of key generation libraries, and there are cases where, once a target hardware security module (HSM) or key generation library is specified, a time to calculate a private key from a public key may be greatly shortened, resulting in rapid compromise of the public key.
Examples of the related art include [Patent Document 1] Japanese Laid-open Patent Publication No. 2018-074205; [Patent Document 2] Japanese Laid-open Patent Publication No. 2018-182487; and [Patent Document 3] U.S. Patent Application Publication No. 2017/0373847.
According to an aspect of the embodiments, there is provided a control method executed by a computer. In an example, the control method includes: detecting a risk to a first public key managed by a public key repository; performing update restriction of the first public key in response to the detection of the risk; authenticating an authenticator associated with the first public key; and releasing, in a case where the authentication of the authenticator succeeds, the update restriction.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention.
However, compared to the centralized IDs, the distributed IDs do not have a control tower like a CA. Thus, when a public key is compromised, the problematic public key remains in a repository for a long time, creating a risk of spoofing occurring in secure communication using the key.
In one aspect, an object is to provide a control method, an information processing device, and a control program capable of suppressing key update by a third party.
Hereinafter, an embodiment of a control method, an information processing device, and a control program disclosed in the present application will be described in detail with reference to the drawings. Note that this disclosure is not limited by this embodiment. Furthermore, each of the embodiments may be appropriately combined within a range without inconsistency.
The information processing device 10 is a device used by a servicer that has Lock/Unlock authority for a public key repository and is, for example, a provider of financial services or the like. The information processing device 10 may be a notebook personal computer (PC), a stationary terminal, or a mobile terminal such as a smartphone or a tablet PC. When the information processing device 10 detects a risk to a public key in the public key repository recorded and managed by a distributed ledger of a blockchain, or the like, the information processing device 10 restricts update of the target public key (Lock). Furthermore, when the authenticator 100 logs in to a service, the information processing device 10 authenticates the authenticator 100, and in a case where the authentication succeeds, releases the update restriction of the public key (Unlock).
The authenticator 100 is a device used by a creator of a public key in the public key repository, who is a legitimate owner of a private key. The authenticator 100 may be a notebook PC, a smartphone, or the like, or may be a USB token that is used by being coupled to a notebook PC or the like. The authenticator 100 receives a request to update a problematic public key from the information processing device 10. Furthermore, the authenticator 100 includes a hardware security module (HSM) and a key generation library, securely generates a public key, and uploads the generated public key to the public key repository.
The user terminal 200 is a terminal used by a user who uses services such as financial services, for example, provided by a servicer. The user terminal 200 may be a notebook PC, a smartphone, or the like. Each of the user terminals 200 stores a ledger of a blockchain, and the public key repository may be recorded by the ledger.
Note that the information processing device 10 and the authenticator 100 may also store the ledger of the blockchain and record the public key repository. Furthermore, processing on the public key repository recorded in the blockchain may be executed by using a smart contract. In this way, by managing the public key repository by the blockchain including the smart contract, security of the public key repository may be enhanced.
[Functional Configuration of Information Processing Device 10]
First, a functional configuration of the information processing device 10 serving as an execution subject of the control method disclosed in the present application will be described.
The communication unit 20 is a processing unit that controls communication with another device, and is, for example, a communication interface such as a network interface card.
The storage unit 30 is an example of a storage device that stores various types of data and a program to be executed by the control unit 40, and is, for example, a memory, a hard disk, or the like. The storage unit 30 stores, for example, history data such as the number of times of authentication used for authentication of the authenticator 100. Furthermore, the storage unit 30 may store a ledger of a blockchain. Note that the storage unit 30 may also store various types of data other than the specific examples described above.
The control unit 40 is a processing unit that is in charge of overall control of the information processing device 10, and is, for example, a processor or the like. The control unit 40 includes a detection unit 41, a restriction unit 42, an authentication unit 43, a release unit 44, a transmission/reception unit 45, and an update unit 46. Note that each of the processing units is an example of an electronic circuit included in the processor or an example of a process executed by the processor.
The detection unit 41 detects a risk to a public key managed by the public key repository. The detection of the risk may be performed based on information regarding vulnerability of the public key repository. Note that, as the information regarding the vulnerability of the repository, for example, which key generation library (algorithm) of which authenticator of which vendor has vulnerability, or the like is disclosed.
The restriction unit 42 performs, in response to the fact that the detection unit 41 has detected a risk to a public key, update restriction of the target public key. This, for example, locks the public key repository and restricts writing to the public key repository. With this configuration, update of the public key by spoofing in which a private key is calculated from the public key may be suppressed.
The authentication unit 43 authenticates the authenticator 100 associated with a public key. The authentication is performed to determine whether or not the authenticator 100 is a legitimate owner of a private key to the public key, and is performed by, for example, asking the authenticator 100 a question regarding the number of times of authentication performed by the authenticator 100 so far, and the like and determining whether or not the answer is correct.
The release unit 44 releases update restriction of a public key associated with the authenticator 100 in a case where authentication of the authenticator 100 by the authentication unit 43 succeeds. This, for example, unlocks the locked public key repository and enables writing to the public key repository. With this configuration, the public key may be updated by a legitimate authority while suppressing update of the public key by spoofing.
The transmission/reception unit 45 transmits a question for authentication of the authenticator 100 to the authenticator 100. Furthermore, the transmission/reception unit 45 receives an answer to the question from the authenticator 100. Note that the question for authentication of the authenticator 100 is created with respect to, for example, at least one of the number of times of past authentication of the authenticator 100, the number of times of registration of a public key in the public key repository by the authenticator 100, and the total number of the public keys associated with the authenticator 100, and is transmitted to the authenticator 100. Furthermore, the question for authentication of the authenticator 100 may be created and transmitted with respect to holding a private key corresponding to the public key. Note that the question for authentication of the authenticator 100 may be created and transmitted for each service using the public key.
Furthermore, the transmission/reception unit 45 transmits a request to update the public key to the authenticator 100 in a case where authentication of the authenticator 100 by the authentication unit 43 succeeds. Furthermore, the transmission/reception unit 45 receives a new public key for updating the old public key from the authenticator 100. Note that the processing of receiving the new public key from the authenticator 100 includes processing of receiving, from the authenticator 100, the new public key using a public key cryptosystem different from a public key cryptosystem used for the old public key. Here, the public key cryptosystem is, for example, RSA encryption or elliptic curve cryptography. By using a different public key cryptosystem each time the public key is updated, security of the public key may be enhanced.
The update unit 46 updates an old public key in the public key repository with a new public key received from the authenticator 100 by the transmission/reception unit 45.
[Details of Processing]
Next, update control of the public key repository will be described in detail. First, update control of a public key repository using a conventional technology will be described.
First, as illustrated in
Next, in a case where a risk to the public key 70 associated with the logged-in authenticator 100 is detected, in other words, in a case where the public key 70 is a problematic key, the information processing device 10 transmits a request to update the public key to the authenticator 100. Note that the authenticator 100 does not know that the public key 70 is a problematic key until the authenticator 100 logs in to the service A and is notified by the information processing device 10. Therefore, the problematic public key 70 remains in an available state in the public key repository 50 for a long time.
Next, when receiving the request to update, the authenticator 100 generates a new public key 71 corresponding to a new private key 61, and writes the generated new public key 71 to the public key repository 50. With this configuration, the problematic public key 70 is updated to the new public key 71. Then, the new public key 71 becomes available in the service A. Furthermore, thereafter, the authenticator 100 logs in to the service A by using the new private key 61.
However, until the old public key 70 in the public key repository 50 is updated, spoofing in which the private key 60 is calculated from the public key 70 may illegally log in to the service A and carry out attacks such as illegally updating the public key 70 in the public key repository 50. During this time, when the problematic public key 70 is deleted from the public key repository 50, a public key needs to be re-registered, which reduces convenience. Therefore, in the first embodiment, in a case where a problem occurs in a public key included in the public key repository 50, authentication strength of the public key repository 50 is increased to suppress key update by a third party.
First, as illustrated in
Next, the information processing device 10 authenticates the authenticator 100, and determines whether or not the authenticator 100 is a legitimate owner of the private key 60. Incidentally, when the authentication here is authentication with the private key 60, there is a possibility that the private key 60 has already been calculated by spoofing. Therefore, the authentication is performed by, for example, asking the authenticator 100 a question regarding the number of times of authentication performed by the authenticator 100 so far, and the like and determining whether or not the answer is correct.
On the other hand,
The information processing device 10 uses the history data as illustrated in
On the other hand, when receiving the question, the authenticator 100 uses the held history data as illustrated in
Note that the authentication of the authenticator 100 may use other authentication methods alternatively or in combination instead of the form of the question and answer described above. For example, the information processing device 10 may authenticate the authenticator 100 by confirming one or a plurality of private keys held by the authenticator 100. Furthermore, the information processing device 10 may authenticate the authenticator 100 by, for example, transmitting a confirmation code that is a random number to the authenticator 100 or another device used by a user of the authenticator 100, and having the confirmation code input via the authenticator 100.
Next, in a case where the authentication of the authenticator 100 succeeds, the information processing device 10 transmits a request to update the public key to the authenticator 100. Note that, similarly to the update control using the conventional technology illustrated in
Next, when receiving the request to update, the authenticator 100 generates a new public key 71 corresponding to a new private key 61. In parallel, in a case where the authentication of the authenticator 100 succeeds, the information processing device 10 unlocks the public key repository 50 and releases the update restriction of the public key 70. Then, the authenticator 100 writes the new public key 71 to the public key repository 50. With this configuration, the problematic public key 70 is updated to the new public key 71. In this way, since timing at which the public key 70 may be updated is a short time from when the authentication of the authenticator 100 succeeds to when the public key 70 is updated to the new public key 71, update of the public key 70 due to spoofing may be suppressed compared to the update control using the conventional technology illustrated in
Note that Lock and Unlock of the public key repository 50 are performed for each servicer that provides a service using a public key. In other words, naturally, it is not possible for the servicer to participate in update of a public key other than the public key used in the service the servicer provides. Therefore, control is performed so that, for example, besides a public key, an identifier of a servicer that has authority to execute update restriction of the public key is stored in a ledger of a blockchain, and only Lock or Unlock from the legitimate servicer that has the authority to execute the update restriction of the target public key is accepted.
[Flow of Processing]
Next, update control processing of the public key repository 50 will be described along a flow of the processing.
First, as illustrated in
Next, update restriction of the public key for which the risk is detected in Step S101 is performed (Step S102). This, for example, transmits a Lock token designating the problematic public key to the public key repository 50.
Next, in a case where the public key repository 50 has not received the Lock token from the information processing device 10 (Step S103: No), the public key repository 50 waits for reception of the Lock token. On the other hand, in a case where the Lock token has been received (Step S103: Yes), the public key repository 50 restricts update of the problematic public key (Step S104).
Next, the authenticator 100 uses a private key associated with the service to log in to the service provided by the information processing device 10 (Step S105).
Next, in a case where the information processing device 10 has not received a login request for the service from the authenticator 100 (Step S106: No), the information processing device 10 waits for reception of the login request. On the other hand, in a case where the login request has been received (Step S106: Yes), the information processing device 10 generates a question for authentication of the authenticator 100, and transmits the question to the authenticator 100 (Step S107). The question for authentication is generated by using history data held by the information processing device 10, such as that illustrated in
Next, in a case where the authenticator 100 has not received the question for authentication from the information processing device 10 (Step S108: No), the authenticator 100 waits for reception of the question for authentication. On the other hand, in a case where the question for authentication has been received (Step S108: Yes), the authenticator 100 outputs the received question for authentication (Step S109).
Next, the authenticator 100 inputs an answer to the question (Step S110). The answer to the question is generated based on the received question for authentication, by using history data held by the authenticator 100, such as that illustrated in
Next, in a case where the information processing device 10 has not received the answer to the question from the authenticator 100 (Step S111: No), the information processing device 10 waits for reception of the answer to the question. On the other hand, in a case where the answer to the question has been received (Step S111: Yes), the information processing device 10 determines whether or not the answer is correct based on the received answer, and authenticates the authenticator 100 (Step S112).
In a case where the authentication of the authenticator 100 fails (Step S113: No), an error message indicating the authentication failure is transmitted to the authenticator 100, or the like, and the update control processing of the public key repository 50 illustrated in
On the other hand, in a case where the authentication of the authenticator 100 succeeds (Step S113: Yes), the information processing device 10 transmits, to the authenticator 100, a request to update the problematic public key for which the risk is detected in Step S101 (Step S114).
Next, in a case where the authenticator 100 has not received the request to update the public key from the information processing device 10 (Step S115: No), the authenticator 100 waits for reception of the request to update the public key. On the other hand, in a case where the request to update the public key has been received (Step S115: Yes), the authenticator 100 generates a new public key (Step S116). Note that the new public key may be generated by using a public key cryptosystem different from a public key cryptosystem used for the old public key.
Next, the authenticator 100 uploads the generated new public key to the public key repository 50 (Step S117).
Furthermore, in a case where the authentication of the authenticator 100 succeeds (Step S113: Yes), in parallel with Step S114, the information processing device 10 releases the update restriction of the problematic public key for which the risk is detected in Step S101 (Step S118). This, for example, transmits an Unlock token designating the problematic public key to the public key repository 50.
Next, in a case where the public key repository 50 has not received the Unlock token from the information processing device 10 (Step S119: No), the public key repository 50 waits for reception of the Unlock token. On the other hand, in a case where the Unlock token has been received (Step S119: Yes), the public key repository 50 releases the update restriction of the problematic public key (Step S120).
Next, in a case where the public key repository 50 has not received the new public key from the authenticator 100 (Step S121: No), the public key repository 50 waits for reception of the new public key. On the other hand, in a case where the new public key has been received (Step S121: Yes), the public key repository 50 updates the problematic public key to the received new public key (Step S122). After the execution of Step S122, the update control processing of the public key repository 50 illustrated in
[Effects]
As described above, the information processing device 10 executes processing of detecting a risk to a public key managed by the public key repository 50, performing update restriction of the public key in response to the detection of the risk, authenticating the authenticator 100 associated with the public key, and releasing, in a case where the authentication of the authenticator 100 succeeds, the update restriction of the public key.
With this configuration, since update of the public key is restricted until the authentication of the authenticator 100 succeeds, update of the public key by a third party may be suppressed.
Furthermore, the information processing device 10 further executes processing of transmitting, in a case where the authentication of the authenticator 100 succeeds, a request to update the public key to the authenticator 100, receiving a new public key for updating the public key from the authenticator 100, and updating the public key to the new public key.
With this configuration, since timing at which the public key may be updated is a short time from when the authentication of the authenticator 100 succeeds to when the public key is updated to the new public key, update of the public key by a third party may be suppressed.
Furthermore, the information processing device 10 further executes processing of transmitting a question for authentication of the authenticator 100 to the authenticator 100, and receiving an answer to the question from the authenticator 100. Furthermore, the processing of authenticating the authenticator 100, which is executed by the information processing device 10, includes processing of determining whether or not the answer is correct, and determining, in a case where it is determined that the answer is correct, that the authentication of the authenticator 100 succeeds.
With this configuration, strong authentication may be performed for the public key repository 50, and update of the public key by a third party may be suppressed.
Furthermore, the processing of transmitting the question to the authenticator 100, which is executed by the information processing device 10, includes processing of transmitting, to the authenticator 100, the question regarding at least one of the number of times of past authentication of the authenticator 100, the number of times of registration of the public key, the total number of the public keys associated with the authenticator 100, and holding a private key corresponding to the public key.
With this configuration, stronger authentication may be performed for the public key repository 50, and update of the public key by a third party may be suppressed.
Furthermore, the processing of transmitting the question to the authenticator 100, which is executed by the information processing device 10, includes processing of transmitting the question for each service using the public key to the authenticator 100.
With this configuration, stronger authentication may be performed for each service for the public key repository 50, and update of the public key by a third party may be suppressed.
Furthermore, the processing of detecting the risk, which is executed by the information processing device 10, includes processing of acquiring information regarding vulnerability of the repository.
With this configuration, in response to the detection of the risk to the public key, update restriction of the target public key may be performed, and update of the public key by a third party may be suppressed.
Furthermore, the processing of receiving the public key from the authenticator 100, which is executed by the information processing device 10, includes processing of receiving, from the authenticator 100, the public key using a public key cryptosystem different from a public key cryptosystem used for the public key.
With this configuration, security of the public key may be enhanced.
Furthermore, in the information processing device 10, the update restriction and the release of the public key in the public key repository 50 is executed in a case where at least the public key and an identifier of authority that has authority to execute the update restriction are stored and the information processing device 10 is determined to be the legitimate authority by using key management data recorded in a ledger of a blockchain.
With this configuration, a servicer may participate only in update of a public key used in a service the servicer provides. In other words, it is possible to perform control so that the target servicer may not participate in update of a public key other than a public key used in the service the servicer itself provides.
Furthermore, the information processing device 10 detects a risk to a public key managed by a public key repository, authenticates the authenticator 100 associated with the public key, transmits, in a case where the authentication of the authenticator 100 succeeds, a request to update the public key to the authenticator 100, receives a new public key for updating the public key from the authenticator 100, and updates the public key to the new public key.
With this configuration, update of the public key by a third party may be suppressed.
[System]
Pieces of information including a processing procedure, a control procedure, a specific name, various types of data, and parameters described above or illustrated in the drawings may be optionally changed unless otherwise noted. Furthermore, the specific examples, distributions, numerical values, and the like described in the embodiment are merely examples, and may be optionally changed.
Furthermore, each component of each device illustrated in the drawings is functionally conceptual, and does not necessarily have to be physically configured as illustrated in the drawings. In other words, specific modes of distribution and integration of the respective devices are not limited to those illustrated in the drawings. That is, all or a part of the devices may be configured by being functionally or physically distributed or integrated in optional units, according to various types of loads, use situations, or the like. For example, the detection unit 41 and the release unit 44 of the information processing device 10 may be integrated.
Moreover, all or an optional part of the respective processing functions performed in each device may be implemented by a CPU and a program analyzed and executed by the CPU, or may be implemented as hardware by wired logic.
[Hardware]
A hardware configuration of the information processing device 10 described above will be described.
The communication unit 10a is a network interface card or the like, and communicates with another server. The HDD 10b stores programs and data that operate the respective functions illustrated in
The processor 10d reads, from the HDD 10b or the like, a program that executes processing similar to that of each processing unit illustrated in
In this way, the information processing device 10 operates as an information processing device that executes each processing by reading and executing the program. Furthermore, the information processing device 10 may also implement functions similar to those of the embodiment described above by reading the program described above from a recording medium with a medium reading device and executing the read program described above. Note that the program referred to in other embodiments is not limited to being executed by the information processing device 10. For example, the present invention may be similarly applied also to a case where another computer or server executes the program, or a case where these computer and server cooperatively execute the program.
Note that this program may be distributed via a network such as the Internet. Furthermore, this program may be recorded in a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, a magneto-optical disk (MO), or a digital versatile disc (DVD), and may be executed by being read from the recording medium by a computer.
Incidentally, while the embodiment of the present disclosure has been described above, the present disclosure may be implemented in a variety of different modes in addition to the embodiment described above.
All examples and conditional language provided herein are intended for the pedagogical purposes of aiding the reader in understanding the invention and the concepts contributed by the inventor to further the art, and are not to be construed as limitations to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although one or more embodiments of the present invention have been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
This application is a continuation application of International Application PCT/JP2020/039719 filed on Oct. 22, 2020 and designated the U.S., the entire contents of which are incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP2020/039719 | Oct 2020 | US |
Child | 18176739 | US |