| 摘要 |
According to one embodiment, there is provided a VPN connection authentication system including a user terminal that is used by a user, an authentication server that is connected to the user terminal and configured to communicate with the user terminal, a biometric authentication result evidence information verification server that is incorporated in the authentication server or is connected to the authentication server and configured to communicate with the authentication server, an authentication information management DB configured to be writable from the authentication server, and a VPN connection server that is connected to the user terminal by VPN and configured to communicate with the user terminal. |
| 主权项 |
1. A VPN connection authentication system comprising a user terminal that is used by a user, an authentication server that is connected to the user terminal and configured to communicate with the user terminal, a biometric authentication result evidence information verification server that is incorporated in the authentication server or is connected to the authentication server and configured to communicate with the authentication server, an authentication information management DB configured to be writable from the authentication server, and a VPN (Virtual Private Network) connection server that is connected to the user terminal by VPN and configured to communicate with the user terminal,
wherein the user terminal includes: a communication unit configured to perform communication between the user terminal, and the authentication server and the VPN connection server; a display unit configured to display a VPN connection request to the authentication server; an input unit configured to accept an input for deciding the VPN connection request displayed by the display unit; a biometric authentication processing unit configured to receive a challenge value from the authentication server, execute biometric authentication of the user in correspondence with the challenge value, generate biometric authentication result evidence information, and send back the biometric authentication result evidence information to the authentication server; a transmission content generation unit configured to, when authentication by the authentication server succeeds, generate, based on an ID and token received from the authentication server, information in which the ID and the token have a format for requesting authentication to the VPN connection server; and a control unit configured to control the display unit, the input unit, the biometric authentication processing unit, the transmission content generation unit, and a VPN connection unit of the user terminal to execute processes corresponding to a content of communication between the authentication server or the VPN connection server, and the user terminal, and transmit results of executing the processes to the authentication server or the VPN connection server, as needed, the authentication server includes: a communication unit configured to perform communication between the authentication server, and the user terminal and the biometric authentication result evidence information verification server; a challenge value generation unit configured to generate a challenge value to be transmitted to the user terminal in response to a VPN connection request from the user terminal; a token generation unit configured to generate the token when verification by the biometric authentication result evidence information verification server succeeds; a DB processing unit configured to write the token to the authentication information management DB; and a control unit configured to control the challenge value generation unit, the token generation unit, and the DB processing unit of the authentication server to execute processes corresponding to a content of communication between the user terminal or the biometric authentication result evidence information verification server, and the authentication server, and transmit results of executing the processes to the authentication server or the VPN connection server, as needed, the biometric authentication result evidence information verification server includes: a communication unit configured to perform communication between the biometric authentication result evidence information verification server and the authentication server; and a biometric authentication result evidence information verification unit configured to verify biometric authentication result evidence information that is generated by the biometric authentication processing unit of the user terminal and received through the authentication server, and when the verification succeeds, send back a result of the verification and a user identifier included in the biometric authentication result evidence information to the authentication server, the authentication information management DB stores, in correspondence with each user, a user identifier regarding biometric authentication processing, and an ID and token of a user who uses the VPN connection server, and the VPN connection server includes: a communication unit configured to perform communication between the VPN connection server and the user terminal; a DB processing unit configured to read a pair of the ID and the token from the authentication information management DB; a token verification unit configured to verify whether a token received from the user terminal and the token read from the authentication information management DB by using the ID as a key match each other; a VPN connection unit configured to enable VPN communication between the user terminal and the VPN connection server; and a control unit configured to, upon receiving the ID and the token from the user terminal, execute the DB processing unit, the token verification unit, and the VPN connection unit of the VPN connection server, and transmit results of executing the DB processing unit, the token verification unit, and the VPN connection unit of the VPN connection server to the user terminal, as needed. |
