In recent years, electronic commerce activities in companies for example have increased and there have been rapidly increasing tendencies to protect personal information in companies.
For example, leakage of personal information from a company leads to a considerable loss of social trust in the company, including loss of confidence in company management.
On the other hand, hiring of temporary employees and outsourcing of operations have become prevalent in companies, and the kinds of persons accessing intra-company networks for example and the forms of access to such networks have been diversified. As a result, even in the case of an intra-company network, it is difficult to maintain a computer system in a secure state if only conventional user identifiers (IDs) and passwords are used.
A high level of security is also required, for example, in settlement systems, various management systems in the field of education, public systems related to administrative offices, taxation businesses, distribution systems using electronic money for example, as well as in intra-company systems. Under these circumstances, techniques for individual authentication using hardware tokens typified by IC cards have been adopted to cope with menaces such as “eavesdrop”, “falsification” and “spoofing”.
FIGS. 12(a) and 12(b) are diagrams for explaining a conventional password authentication method using an IC card. FIG. 12(a) shows processing at the time of installation of a certificate, and FIG. 12(b) shows processing at the time of use of the certificate. In the figures are illustrated a computer (PC) 201 which accesses a remote access unit (not shown) via a network such as the Internet, and an IC card 202 connected to the computer 201 by being inserted in an IC card reader/writer for example. A certificate authority 203 connected to the computer 201 via the Internet is also illustrated.
Referring to FIG. 12(a), in the conventional password authentication method, in phase 1, a password (PIN (personal identity number) code) is first set in IC card 202 from computer 201 at the time of installation (also referred to as personalization or initialization) of a certificate. In phase 2, a public key and a secret key combination is created and stored in IC card 202. Thereafter, in phase 3, computer 201 reads out the public key from the IC card 202. In phase 4, computer 201 makes application to certificate authority 203 for enrollment of the public key. In phase 5, certificate authority 203 issues a certificate for this public key to computer 201. In phase 6, computer 201 stores the public key certificate obtained from certificate authority 203 in IC card 202.
Referring to FIG. 12(b), use of the certificate is as follows. In phase 1, IC card 202 is connected to computer 201 and the password is input through computer 201. In phase 2, verification of the password is performed in IC card 202, and in the case where the correct password is input, a reply “OK” indicating that the password is correct is output from the IC card 202 to the computer 201. Password input and verification, or collation, performed in this manner enables authentication that a person who has accessed computer 201 by inserting IC card 202 in the IC card reader/writer and has entered a password is an authorized person. Thereafter, in phase 3, readout of the public key, and in phase 3′, authentication with the secret key and so on, are performed between computer 201 and IC card 202.
Heretofore, a method for implementing individual authentication using a certificate stored in an IC card has been proposed (see, for example, Yoshio Sato, “Individual Authentication by Smart Card” UNISYS TECHNOLOGY REVIEW No. 73, May 2002 (pp 137-139). Sato proposes various approaches for realizing authentication of individuals in order to prevent unauthorized access. That is, Sato proposes prevention of use of an IC card by an unauthorized person, prevention of an unauthorized person from using an IC card, prevention of stealing of a secret key, early detection of unauthorized use, measures to be taken after detection, measures to be taken when an IC card is unusable, and so forth.
In the individual authentication method shown in FIGS. 12(a) and 12(b), an IC card 202 is used to store a digital certificate for a user public key and a corresponding secret key. The combination of the digital certificate and the secret key stored in the IC card 202 is used for authenticating a user when a connection is made to a private network from a remote base or the like by using a VPN (virtual private network) or the like. Conventionally, this is not a method in which a certificate is incorporated in a Web browser on computer 201, but rather is a method in which a certificate is stored in a hardware token such as IC card 202 which can be carried as a “key” (that is, a hardware token) for operating an individual authentication device.
However, there exists a risk that a hardware token such as IC card 202 may be lost or stolen. To address this risk, conventionally, a password is required to access to a hardware token, thus protecting the token from being used or accessed by a third person obtaining the hardware token.
However, a password is not a sufficiently sturdy protection means because it may be stolen, such as through a furtive glance when input by a legitimate user, or may be compromised or leaked by the legitimate user in a note or otherwise. If a smart card is protected against access only by using a password, a security exposure remains. These problems are posed by Sato (supra), and solutions proposed, such as “not to leave on a desk”, “not to use a PIN using the date or birth or the like”, “to enable early detection of unauthorized use by indicating the login date”. These solutions fall far short of being adequate for the purpose of preventing unauthorized use.
There is, therefore, a need in the art for a system and method for improving the security level a hardware token such as an IC card used for authentication.
There is, further, a need in the art for an improved device for enabling a hardware token to be used only in a particular computer.
There is, further, a need in the art for enabling a hardware token to be used only in one or more computers certificated by a particular certificate authority.
It is, therefore, an object of the present invention to provide a hardware token, such as an IC card, having a markedly improved level of security against unauthorized access.