Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method

摘要

Provided is a certificate issuing system including a client terminal and a server device. The client terminal derives a first hash value from a first random number using a unidirectional function, generates a secret key and a public key of the client terminal, and transmits the first hash value and the public key of the client terminal to the server device. The server device receives the first hash value and the public key of the client terminal from the client terminal, stores the first hash value, authenticates the client terminal on the basis of the stored first hash value and the derived first hash value, generates a client certificate on the basis of the public key of the client terminal and a secret key of the server device when the authentication succeeds, and transmits the client certificate to the client terminal.

主权项

1. A certificate issuing system comprising:
a client terminal; and a server configured to issue a client certificate to the client terminal, wherein the client terminal and the server are connectable to each other through a network, wherein the client terminal includes
a random number generation processor configured to generate a first random number sequence and a second random number sequence,a first storage configured to store a first random number including the first random number sequence,a first unidirectional function processor configured to derive, using a unidirectional function, a first hash value from the first random number,a data encryptor configured to generate first encrypted data based on a second random number including the second random number sequence and on a public key of the server and to generate second encrypted data based on the first random number and the second random number,a public key pair generation processor configured to generate a secret key and a public key of the client terminal, anda first communicator configured to transmit the first hash value, the first encrypted data, the second encrypted data, and the public key of the client terminal to the server, and to receive the public key of the server from the server, wherein the server includes
a second communicator configured to receive the first hash value, the first encrypted data, the second encrypted data, and the public key of the client terminal from the client terminal and to transmit the public key of the server,a second storage configured to store the first hash value,a data decryptor configured to decrypt, using a secret key of the server, the first encrypted data to acquire the second random number and to decrypt, using the acquired second random number, the second encrypted data to acquire the first random number,a second unidirectional function processor configured to derive, using the unidirectional function, a first derived hash value from the acquired first random number,a first authentication processor configured to authenticate the client terminal on the basis of the stored first hash value and the first derived hash value, anda certificate generation processor configured to generate a client certificate on the basis of the public key of the client terminal and the secret key of the server when the first authentication processor authenticates the client terminal, and wherein the second communicator is configured to transmit the client certificate to the client terminal.