1. Technical Field
The present disclosure relates to an authentication system capable of securely connecting a device to a controller.
2. Description of the Related Art
In recent years, it has been expected to provide a service such that a household electrical appliance or an AV device in a home is connected to a network, and the service is provided based on various kinds of history information collected in a cloud via the network. In this service, a controller is installed in a home, and history information is transmitted from a household electrical appliance to a maker server via the controller. The connection between the controller and the household electrical appliance is set in a secure manner such that communication in the home is controlled so as to prevent leakage of information via wireless communication and prevent a domestic network from being connected by spoofing.
For the above, the Wi-Fi alliance has established standards called Wi-Fi Protected Setup that allow it to easily make a connection between devices (Wi-Fi Alliance, “Wi-Fi CERTIFIED Wi-Fi Protected Setup: Easing the User Experience for Home and Small Office Wi-Fi Networks (2010)” (uploaded December 2010 at URL: http://www.wi-fi.org/ja/file/wi-fi-certified-wi-fi-protected-setup%E2%84%A2-easing-the-user-experience-for-home-and-small-office-wi, searched Jun. 24, 2014). However, in wireless Wi-Fi connection, device interconnectivity is guaranteed only between a household electrical appliance and a device at an access point corresponding to a controller, but authentication is not performed as to whether a connected device is a valid device.
Conventionally, to authenticate validity of a device, it is known to use a public key infrastructure (PKI) (Atsuko Miyaji, Hiroaki Kikuchi, “IT Text Information Security”, Oct., 2003). In the authentication based on the PKI, validity of a device is guaranteed by authenticating that an entity (a household electrical appliance or a controller) has a secret key and a public key certificate issued by a certificate authority. In a case where leakage or the like of a secret key occurs, it is needed to revoke a public key certificate thereof to prevent an unauthorized use of the public key certificate. A typical means of revoking the public key certificate is to use a certificate revocation list (CRL) which is a list of revoked certificates (Atsuko Miyaji, Hiroaki Kikuchi, “IT Text Information Security”, Oct., 2003). The CRL is a list of revoked public key certificates in which IDs or the like of revoked public key certificates are described. The CRL is attached with a signature of the certificate authority that issued the public key certificates and is distributed by the certificate authority. An entity such as a household electrical appliance or a controller checks whether the CRL includes a public key certificate of another entity to be connected. Therefore, the CRL used is needed to be the latest one.
D. Forsberg, et al., RFC5191, “Protocol for Carrying Authentication for Network Access (PANA)” (uploaded May, 2008 at URL: http://www.rfc-editor.org/rfc/pdfrfc/rfc5191.txt.pdf by Internet Engineering Task Force, searched Jun. 24, 2014) is an example of related art.