JP2010251945A - Electronic certificate management system for communication authentication and terminal device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic certificate management system which avoids an impossibility of communication even if a data corruption occurs during communication of a new electronic certificate for update. <P>SOLUTION: A communication management device 11 and an IP line unit 63 are connected with a VPN 21 between center terminals, and an electronic certificate is used for authentication in a VPN connection. An account management server 41 of the communication management device 11 corresponds to a certificate management device, and transmits a new electronic certificate for update to a terminal device. The IP line unit 63 is a terminal device, a controller 101 thereof leaves the electronic certificate before update in a storing portion 103, and causes the storing portion to store a new electronic certificate received. The controller 101 instructs a communication connection using the new electronic certification to a communication connection portion 105. When the communication connection portion 105 fails in a communication connection, the controller 101 instructs the communication connection portion 105 the communication connection using the electronic certificate before update left in the storing portion 103. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an electronic certificate management system for communication authentication in which an electronic certificate assigned to a terminal device for authentication at the time of communication connection is managed by a certificate management apparatus, and more particularly to an electronic certificate update process.

  Conventionally, in a system that monitors a monitoring target such as a store or a factory with a remote monitoring center, a monitoring terminal installed on the monitoring target communicates with the monitoring center. The monitoring terminal transmits a monitoring video, a security-related signal detected by the sensor, and the like to the monitoring center.

  In recent years, it has been proposed to use a broadband line as a communication line of a monitoring system against the background of the development of network technology. However, since the data to be transmitted is data that requires high confidentiality, such as surveillance video and security-related signals, the required level for communication security is also high. Therefore, it has been proposed to construct a VPN (virtual private network) that functions as a virtual dedicated line between the monitoring center and the monitoring terminal to ensure communication security (Patent Document 1).

  When VPN is applied to the monitoring system, it is conceivable that the monitoring center includes a VPN server and each monitoring terminal functions as a VPN client. A VPN tunnel is established between the monitoring center and each monitoring terminal, and a packet of monitoring information is encapsulated and communicated between the monitoring center and the monitoring terminal through the VPN tunnel. With such a configuration, the monitoring center can obtain monitoring information from a plurality of monitoring terminals using VPN.

  When constructing a VPN tunnel, authentication of a monitoring terminal as a client is performed. For this authentication, an electronic certificate assigned to each monitoring terminal is preferably used. A VPN connection request including an electronic certificate is transmitted from the monitoring terminal to the monitoring center, and public key authentication is performed, thereby proving that the monitoring terminal is a legitimate terminal.

  The electronic certificate is used when verifying the validity of an electronic signature or the like and is issued from a trusted third party. Such an electronic certificate usually has an expiration date. For this reason, there has been proposed a system that automatically issues a new electronic certificate when the electronic certificate expires (Patent Document 2).

JP 2006-203313 A JP 2002-215826 A

  However, if automatic renewal of electronic certificates is applied to the VPN-based monitoring system as described above, VPN connection cannot be established if new electronic certificate data is damaged during transmission from the monitoring center to the monitoring terminal. There is a problem that monitoring information cannot be transmitted by VPN.

  More specifically, in the VPN, the VPN client plays a role of requesting the VPN tunnel construction among the VPN client and the VPN server. The VPN client sends a VPN connection request to the VPN server, and a VPN tunnel is established in response to this request. VPN disconnection is also performed by processing on the VPN client side.

  Therefore, when the monitoring center and the monitoring terminal are respectively a VPN server and a VPN client, the monitoring terminal sends a VPN connection request to the VPN server, whereby a VPN connection is established and a VPN tunnel is established. At this time, an electronic certificate is added to the VPN connection request and used for authentication. VPN disconnection is also performed by processing on the monitoring terminal side.

  Now, in such a monitoring system, it is assumed that an electronic certificate expires and a new electronic certificate is downloaded from the monitoring center to the monitoring terminal. As described above, the VPN connection request and disconnection are the role of the monitoring terminal. Therefore, when the monitoring terminal receives a new electronic certificate, it temporarily disconnects the VPN, and then transmits a VPN connection request using the new electronic certificate to the monitoring center to attempt reconnection.

  However, it is assumed that the data of the electronic certificate is damaged for some reason during the download from the monitoring center to the monitoring terminal. The monitoring terminal cannot detect the corruption of the new electronic certificate. Therefore, the monitoring terminal disconnects the VPN even though the new electronic certificate is damaged. Subsequently, the monitoring terminal sends a VPN connection request including a new electronic certificate to the monitoring center and attempts communication connection. However, since the data of the electronic certificate is damaged, the authentication is not successful and the VPN tunnel is not established. . Since the monitoring terminal has disconnected the VPN itself, it cannot even download a new electronic certificate instead via the VPN. As a result, VPN communication between the monitoring terminal and the monitoring center becomes impossible, and monitoring information cannot be transmitted.

  The monitoring system also plays a role of security and the like, and the level of demand for the safety and stability of the system is high. Therefore, it is desired to avoid as much as possible the situation in which communication becomes impossible due to the damage of the electronic certificate as described above.

  In the above, the background of the present invention has been described by taking up a VPN-based monitoring system. However, similar problems can occur outside the monitoring system, and can occur outside the VPN. That is, in a system that uses an electronic certificate for authentication of communication, when updating an electronic certificate by communication, as in the above example, there is a problem that communication may be disabled due to data corruption of a new electronic certificate. There is.

  The present invention has been made under the above background, and its purpose is to prevent data corruption during transmission of a new electronic certificate for update to a terminal device in a system that uses an electronic certificate for authentication at the time of communication connection. The purpose is to provide a technology that can prevent communication from being disabled even if it occurs.

  The present invention is an electronic certificate management system for communication authentication in which an electronic certificate assigned to a terminal device for authentication at the time of communication connection is managed by a certificate management device, wherein the certificate management device A new electronic certificate to be used in place of the pre-update electronic certificate stored in the terminal device is transmitted to the terminal device. The terminal device stores the electronic certificate, and the electronic certificate. A communication connection unit that performs communication connection using a certificate, and a control unit that controls the communication connection unit and performs processing for certificate update from the electronic certificate before the update to the new electronic certificate. When the control unit receives the new electronic certificate from the certificate management apparatus, the control unit stores the new electronic certificate while leaving the pre-update electronic certificate in the storage unit, and the communication connection Said new electronic certificate When the communication connection using the new electronic certificate is instructed and the communication connection using the pre-update electronic certificate remaining in the storage unit is instructed to the communication connection unit .

  As described above, according to the present invention, when a new electronic certificate is received, the terminal device stores the new electronic certificate in the storage unit while leaving the electronic certificate before the update in the storage unit. Then, when the communication connection using the new electronic certificate fails, the communication connection is performed using the pre-update electronic certificate remaining in the storage unit. Therefore, it is possible to prevent communication from being disabled even if the data of the electronic certificate is corrupted while the new electronic certificate for update is being transmitted to the terminal device.

  Furthermore, according to the present invention, since a communicable state is secured by using the electronic certificate before update as described above, a new electronic certificate can be transmitted to the terminal device again. To complete the renewal of the electronic certificate.

  Another aspect of the present invention is a terminal device that performs communication that requires an electronic certificate for authentication at the time of communication connection, and communicates using the storage unit that stores the electronic certificate and the electronic certificate. A communication connection unit for connection and a new electronic certificate to be used instead of the electronic certificate before update stored in the storage unit is acquired by communication, the communication connection unit is controlled, and the certificate update A control unit that performs processing, and when the control unit obtains the new electronic certificate by communication, the storage unit stores the new electronic certificate while leaving the electronic certificate before the update, When the communication connection using the new electronic certificate is instructed to the communication connection unit, and the communication connection using the new electronic certificate fails, the electronic certificate before update remaining in the storage unit is used. Instruct the communication connection unit

  Also according to this aspect of the terminal device, when a new electronic certificate is received, the electronic certificate before the update is left in the storage unit, so that the new electronic certificate for update is being transmitted to the terminal device during transmission. It is possible to avoid disabling communication even if damage occurs, and therefore, the same advantages as those of the above-described electronic certificate management system can be obtained.

  In addition, when the communication connection using the new electronic certificate is successful, the control unit may discard the pre-update electronic certificate remaining in the storage unit, and use the new electronic certificate. When the communication connection that has occurred fails, the new electronic certificate may be discarded from the storage unit.

  With this configuration, the unusable electronic certificate is discarded from the state in which the electronic certificate before update and the new electronic certificate coexist in the storage unit, and the usable electronic certificate is left in the storage unit. Appropriate support for the process of using certificates.

  In addition, the communication connection unit may be configured to transmit a VPN connection request including the electronic certificate as a communication connection process, and the control unit is configured to transmit a VPN according to a VPN connection request including the new electronic certificate. When the connection fails, a VPN connection request including the pre-update electronic certificate left in the storage unit may be transmitted to the communication connection unit.

  In this configuration, the present invention is applied to the VPN, and it is possible to prevent the VPN connection from being disabled even if the electronic certificate is broken during transmission to the terminal device. In this regard, when using a new electronic certificate, the VPN terminal device first disconnects the current VPN once, and then sends a VPN connection request including the new electronic certificate to the VPN server. However, if the electronic certificate is damaged, authentication with the VPN server fails and the VPN is not constructed. Even in such a case, according to the present invention, the VPN connection can be secured using the digital certificate before the update, and a new electronic certificate can be supplied again to the terminal device via the VPN.

  The terminal device may be provided as a monitoring target of the monitoring system, the certificate management device may be provided in a remote monitoring center, and the monitoring target and the monitoring center may communicate monitoring information.

  In the above configuration, the present invention is applied to a monitoring system, and more specifically, to a monitoring device (monitoring terminal) connected to a monitoring center. Monitoring information is transmitted from the monitoring device to the monitoring center. And even if data corruption occurs during transmission of a new electronic certificate to the monitoring device, it is possible to avoid a situation in which communication becomes impossible. The monitoring system also plays a role of security and the like, and the level of demand for the safety and stability of the system is high, and the present invention can suitably meet such needs.

  The present invention is not limited to the above-described electronic certificate management system and terminal device. The present invention may be expressed in the form of other apparatuses or systems, and the present invention may be realized in the form of a method, a program, or a computer-readable recording medium on which the program is recorded.

  As described above, according to the present invention, in a system that uses an electronic certificate for communication authentication, communication is disabled even if data corruption occurs while a new electronic certificate for update is being transmitted to the terminal device. Can be avoided.

It is a figure which shows the whole structure of the monitoring system of this Embodiment. It is a block diagram which shows the structure of a monitoring system more concretely. It is a block diagram which shows the main structures concerning the electronic certificate management system of this invention integrated in the monitoring system. It is a flowchart which shows the process in an account management server. It is a flowchart which shows the process in an IP line unit. It is a figure which shows the operation example of an update process.

  Embodiments of the present invention will be described below. In this embodiment, the electronic certificate management system of the present invention is applied to a monitoring system. In the monitoring system, the monitoring target and the monitoring center communicate monitoring information. The electronic certificate management system includes a terminal device and a certificate management device. In the following embodiment, the terminal device is provided in the monitoring device to be monitored, and the certificate management device is provided in the communication management device of the monitoring center. First, the configuration of the monitoring system will be described.

  FIG. 1 shows the overall configuration of the monitoring system of the present invention. As illustrated, in the monitoring system 1, communication is performed among the monitoring center 3, the monitoring target 5, and the user base 7. Here, the user means a user of the monitoring service of the monitoring target 5 by the monitoring system 1. In the example of the present embodiment, the monitoring target 5 is a store, and the user base 7 is an office of the store owner.

  The monitoring center 3 includes a communication management device 11 and a plurality of center devices 13, and these are connected so as to be communicable. The communication management device 11 and the plurality of center devices 13 may be arranged at geographically distant locations. The plurality of center devices 13 may be respectively arranged in a plurality of assigned areas. Further, the plurality of center devices 13 may share functions. For example, one center device 13 may function as a control center device that processes a security-related signal, and another center device 13 may function as an image center device that mainly processes monitoring video. One center device 13 may be used within the scope of the present invention.

  A monitoring device 15 and a user device 17 are provided in the monitoring target 5 and the user base 7, respectively. The monitoring device 15 and the user device 17 correspond to the terminal of the present invention. The monitoring device 15 sends monitoring information to the center device 13 and the user device 17. The monitoring information is, for example, an image of a monitoring camera and a monitoring signal detected by the monitoring target 5. The monitoring signal is, for example, a guard signal indicating that an abnormality has occurred, and the guard signal is generated based on a detection signal from a sensor installed in the monitoring target 5 or generated when an alarm button (switch) is operated. Is done. In addition, the user device 17 sends a control signal and an audio signal to the monitoring device 15. Such a signal from the user device 17 to the monitoring device 15 is also included in the monitoring information.

  In FIG. 1, one monitoring target 5 and one user base 7 are shown. However, actually, the monitoring center 3 communicates with a plurality of monitoring targets 5 and a plurality of user bases 7. Accordingly, the communication management device 11 also communicates with the plurality of monitoring devices 15 and the plurality of user devices 17. Each monitoring device 15 communicates with an associated user device 17 (store owner's terminal).

  In the monitoring system 1 of FIG. 1, for example, it is assumed that the monitoring device 15 detects an abnormality by a sensor signal or the like. In this case, a guard signal is transmitted as monitoring information to the monitoring center 3 together with the video of the monitoring target 5. In the monitoring center 3, the operator confirms the security signal and video on the monitor of the center device 13, and gives necessary instructions to the security guard. The guard who received the instruction rushes to the monitoring object 5 and deals with the abnormality.

  Further, for example, the monitoring device 15 sends the image of the monitoring target 5 to the user device 17 periodically or according to other settings. For example, when a visitor is detected by the sensor, an image or the like is sent to the user device 17. In addition, transmission of video or the like may be requested from the user device 17. The owner can grasp the state of the store from the video or the like. In addition, the owner can send a voice or the like from the user device 17 to the monitoring device 15 to instruct the store clerk about necessary items.

  Next, a communication form of the monitoring system 1 will be described. The communication management device 11, the monitoring device 15, and the user device 17 are connected to the Internet.

  Furthermore, the communication management device 11 is connected to the monitoring device 15 and the user device 17 by a VPN (Virtual Private Network) 21 between center terminals on the Internet. In order to construct the VPN 21 between center terminals, the communication management device 11 is provided with a VPN server function, and the monitoring device 15 and the user device 17 are provided with a VPN client function. In VPN, a VPN tunnel is constructed, encrypted communication is performed, and high security is realized.

  Further, the monitoring device 15 and the user device 17 perform SIP communication 23 via the communication management device 11. The SIP communication 23 is performed via the center terminal VPN 21 described above. The communication management device 11 has a SIP server function.

  Further, the monitoring device 15 and the user device 17 are directly connected by the inter-terminal VPN 25 without going through the communication management device 11. In order to construct the inter-terminal VPN 25, the user device 17 is provided with a VPN server function, and the monitoring device 15 is provided with a VPN client function.

  Here, the center terminal VPN 21 is always connected and a VPN tunnel is established, and is used for communication between the center device 13, the monitoring device 15, and the user device 17. On the other hand, the inter-terminal VPN 25 is constructed only when necessary.

  Next, the configuration of the monitoring system 1 will be described more specifically with reference to FIG. The communication management apparatus 11 includes a firewall 31, an HTTP server 33, a VPN server 35, a SIP server 37, an account management server 41, and a database 43.

  The firewall 31 is a device that blocks data other than communication data used between the communication management device 11, the monitoring device 15, and the user device 17. The HTTP server 33 is configured for Internet connection. The VPN server 35 is a server that performs authentication and encryption for VPN tunnel construction.

  The VPN server 35 is configured to realize the center terminal VPN 21, constructs a VPN between the communication management device 11 and the monitoring device 15, and constructs a VPN between the communication management device 11 and the user device 17. . A signal from the monitoring device 15 is decrypted by the VPN server 35 and transmitted to the center device 13. A signal from the center device 13 is encrypted by the VPN server 35 and transmitted to the monitoring device 15. Also, when the communication management device 11 sends a signal to the monitoring device 15, encryption is performed by the VPN server 35. In the communication between the communication management device 11 and the user device 17, the VPN server 35 similarly performs encryption and decryption.

  The SIP server 37 performs signaling processing according to the SIP protocol, and connects the monitoring device 15 and the user device 17. The SIP server 37 performs a SIP connection control function when the user device 17 requests connection to the monitoring device 15 or when the monitoring device 15 requests connection to the user device 17.

  In SIP signaling, messages are exchanged. Specifically, an INVITE (invite) message and an OK message are exchanged. Using this message exchange, as described above, an IP address and an electronic certificate are exchanged for establishing a VPN connection.

  The account management server 41 is a server that manages various types of information such as authentication. Information to be managed is stored in the database 43. Information to be managed includes an IP line account, a digital certificate for VPN connection (tunnel construction), and key pair information. In the present embodiment, authentication and authorization are performed for connections between terminals in the course of SIP signaling. Information for this processing is also stored in the database 43 and used by the account management server 41. Note that the SIP server 37 itself can perform authentication and authorization for connection between terminals.

  The center device 13 includes a monitoring console 51 and a line connection device 53. A monitoring console 51 is connected to the communication management device 11 via the line connection device 53. For example, when the center device 13 is an image center, the monitoring video is supplied to the monitoring console 51 and managed by the monitoring console 51. When the center device 13 is a control center, security-related information is supplied to the monitoring console 51. The monitoring video is also suitably displayed on the control center monitor. The monitoring video or the like may be communicated between the center devices.

  Next, the monitoring device 15 will be described. The monitoring device 15 includes a controller 61, an IP line unit 63, a router 65, a peripheral device 67, and a monitoring target PC (personal computer) 71.

  The controller 61 is configured by a computer and realizes a monitoring function in cooperation with the peripheral device 67. The controller 61 is connected to the monitoring center 3 via the IP line unit 63. The controller 61 is also connected to the user device 17 via the IP line unit 63.

  In FIG. 2, a monitoring camera 73, a sensor 75, and an alarm button 77 are illustrated as the peripheral devices 67. The controller 61 performs an image recognition process on the monitoring video to detect an abnormality. The controller 61 detects an abnormality based on the detection signal input from the sensor 75. An abnormality is also detected when the alarm button 77 is pressed. Other peripheral devices may be used for abnormality detection. When an abnormality occurs, the controller 61 communicates with the center device 13 and transmits a security signal and an image signal. A microphone is provided together with the monitoring camera 73, and an audio signal is also transmitted. In this way, the controller 61 realizes the security function of the monitoring target 5.

  The monitoring video and audio are also transmitted when requested by the center device 13. Furthermore, the monitoring video and audio are also sent to the user device 17. Transmission to the user device 17 is performed, for example, periodically, or according to other settings. For example, when a visitor is detected by the sensor 75, an image or the like is sent to the user device 17. Also, when requested by the user device 17, the monitoring device 15 transmits a video or the like.

  The IP line unit 63 constructs a VPN tunnel for the controller 61 to communicate with the communication management apparatus 11. In addition, a VPN tunnel for the controller 61 to communicate with the user device 17 is constructed. The former corresponds to the inter-terminal VPN 21, and the latter corresponds to the inter-terminal VPN 25. In these connections, the IP line unit 63 realizes a VPN client function.

  In FIG. 2, the IP line unit 63 is shown as an internal configuration of the controller 61. This represents a physical arrangement. As a communication configuration, the IP line unit 63 is disposed between the controller 61 and the router 65. The IP line unit 63 is LAN-connected to the controller 61 via Ethernet (registered trademark). The router 65 is a router for a broadband line.

  The monitoring target PC 71 is a PC installed on the monitoring target 5. In the example of the present embodiment, the monitoring target 5 is a store. Therefore, the monitoring target PC 71 may be a store PC.

  Next, the user device 17 will be described. The user device 17 includes a VPN terminal device (hereinafter referred to as VTE) 81, a router 83, and a user PC (personal computer) 85.

  The VTE 81 is a line termination device for broadband connection. Then, the VTE 81 constructs a VPN tunnel with the VPN server 35 of the communication management apparatus 11 and constructs a VPN tunnel with the IP line unit 63 of the monitoring apparatus 15. In the former, the VTE 81 functions as a VPN client, and in the latter, the VTE 81 functions as a VPN server. The router 83 is a router for a broadband line.

  The VTE 81 is connected to the user PC 85. The VTE 81 transfers the video, audio and control signals received from the controller 61 of the monitoring device 15 to the user PC 85. Further, the VTE 81 transfers the voice and control signal received from the user PC 85 to the controller 61.

  In the present embodiment, the user base 7 is a store owner's office or the like. Therefore, the user PC 85 may be a store owner's PC.

  The overall configuration of the monitoring system 1 has been described above. Next, the structure which concerns on the characteristic of this invention is demonstrated.

  As described above, in the present embodiment, the monitoring device 15 and the communication management device 11 are connected by the VPN 21 between center terminals. In VPN, an electronic certificate is preferably used for authentication of a terminal device. Therefore, in the example of FIG. 1, an electronic certificate is assigned to each monitoring device 15, more specifically, to each IP line unit 63. The electronic certificate is used for authentication when constructing the VPN. Further, the electronic certificate is used as necessary even after the VPN is constructed, and is used, for example, when periodically checking the information of the electronic certificate.

  As described above, the electronic certificate is used when verifying the validity of an electronic signature or the like and is issued from a trusted third party. An expiration date is set for such an electronic certificate. Therefore, it is necessary to update the electronic certificate when the expiration date approaches.

  The present embodiment is configured to appropriately update such an electronic certificate. In particular, the present embodiment assumes that the electronic certificate data is damaged during downloading to the terminal-side IP line unit 63, and can prevent communication from being disabled due to such electronic certificate corruption. Provide technology that minimizes the risk of communication failure.

  In the following description, the current digital certificate before update is referred to as “current certificate”, and the new digital certificate after update is referred to as “new certificate”. The current certificate is an electronic certificate used at the time of constructing the existing VPN 21 between center terminals, and is also an electronic certificate used for checking the key information of the periodic certificate. The new certificate is an electronic certificate that should be used for VPN construction and subsequent processing in place of the current certificate.

  FIG. 3 is a part of the monitoring system 1 and shows a main configuration related to the renewal of the electronic certificate of the present invention. In FIG. 3, the elements described in FIGS. 1 and 2 are denoted by the same reference numerals.

  In FIG. 3, the communication management apparatus 11 and the IP line unit 63 are connected via the center terminal VPN 21. In the electronic certificate update process, the account management server 41 of the communication management apparatus 11 communicates with the IP line unit 63. This communication is performed using the VPN 21 between center terminals via the VPN server 35.

  In the communication management device 11, the account management server 41 manages the electronic certificate allocated to each IP line unit 63. The account management server 41 also manages the expiration date of the current certificate for each IP line unit 63 and schedules the update time. The update time may be set a predetermined period before the expiration date. The schedule for the update time may be stored in the database 43. The account management server 41 refers to the database 43 and sends an update notification to the IP line unit 63 when the update time comes. Then, the account management server 41 responds to the download request from the IP line unit 63 and transmits a new certificate to the IP line unit 63.

  In addition, the account management server 41 sends an instruction for adding a new certificate to the authentication function to the VPN server 35. Here, the common name of the new certificate is transmitted to the VPN server 35. As a result, the VPN server 35 is in a state where it can execute the authentication process of the new certificate.

  Further, even if the VPN server 35 receives the common name of the new certificate, the VPN server 35 does not immediately discard the common name of the current certificate but keeps holding it. As a result, the VPN server 35 is in a state in which both the new certificate and the current certificate can be authenticated. When the VPN server 35 receives the new certificate and succeeds in authenticating it, the VPN server 35 is configured to discard the common name of the current certificate and validate only the new certificate.

  On the other hand, the IP line unit 63 includes a control unit 101, a storage unit 103, and a communication connection unit 105.

  The storage unit 103 stores various types of information processed by the IP line unit 73. In relation to the present embodiment, the storage unit 103 stores an electronic certificate. When the new certificate is downloaded, the storage unit 103 stores the new certificate while leaving the current certificate under the control of the control unit 101.

  The communication connection unit 105 has a configuration on the terminal side that performs VPN connection and disconnection under the control of the control unit 101. The communication connection unit 105 transmits a VPN connection request with an electronic certificate added to the communication management apparatus 11 at the time of communication connection. When the authentication of the electronic certificate is successful in the VPN server 35 of the communication management apparatus 11, a VPN connection is established and a VPN tunnel is established.

  The control unit 101 is configured to control the entire IP line unit 63. The control unit 101 is realized by a computer executing a program for realizing the function of the IP line unit 63. The control unit 101 also executes a certificate update function program according to the present embodiment. Accordingly, the control unit 101 controls the storage unit 103 and the communication connection unit 105 to acquire a new certificate and perform processing for certificate update from the current certificate to the new certificate. The processing of the control unit 101 will be described in detail in the following description.

  Next, processing performed by the account management server 41 and the IP line unit 63 will be described with reference to FIGS.

  FIG. 4 is a flowchart showing the processing of the account management server 41. As described above, the account management server 41 manages the update time of the electronic certificate for each IP line unit 63 as a schedule. When the update time comes, the process of FIG. 4 starts.

  The account management server 41 instructs the VPN server 35 to add a new certificate as an electronic certificate that can be authenticated (S1). Here, the account management server 41 transmits the common name of the new certificate required for the authentication process to the VPN server 35, and sets the new certificate as an electronic certificate that can be authenticated.

  The account management server 41 further sends an update notification to the IP line unit 63 (S3). The renewal notification notifies that the renewal time of the new certificate has arrived. Then, the account management server 41 receives a request for downloading a new certificate from the IP line unit 63 (S5), and transmits the new certificate to the IP line unit 63 (S7).

  After downloading the new certificate, the account management server 41 determines whether or not the terminal side update completion notification has been received from the IP line unit 63 (S9). The update completion notification indicates that the VPN connection using the new certificate has succeeded and the certificate update on the terminal side has been completed. Upon receiving the update completion notification, the account management server 41 records the update completion in the database 43 (S11) and ends the update-related processing.

  If the update completion notification is not received in step 9, the account management server 41 determines whether or not a predetermined waiting time has elapsed from the completion of the download of the new certificate (S13). When Step S13 is No (when the waiting time has not yet elapsed), the process returns to Step S9, and the account management server 41 continues to wait for an update completion notification.

  When the waiting time elapses and Step S13 is Yes, the account management server 41 returns to Step S1. Therefore, the account management server 41 transmits an update notification again and downloads a new certificate to the IP line unit 63.

  The waiting time is set according to the update time. The time required for renewal is a standard time required for VPN connection using a new certificate. The waiting time is suitably set to a time obtained by adding an appropriate margin time to the update time. The waiting time is set to be sufficiently shorter than the time from the renewal time until the expiration date of the current certificate. As a result, the new certificate can be downloaded a plurality of times between the renewal time and the expiration date, and renewal can be completed before the certificate expires.

  FIG. 5 shows processing related to updating of an electronic certificate executed by the control unit 101 of the IP line unit 63. The process of FIG. 5 starts when an update notification is received from the communication management apparatus 11.

  In FIG. 5, when receiving the update notification, the control unit 101 sends a request for downloading a new certificate to the account management server 41 (S21), and downloads the new certificate (S23). The control unit 101 stores the downloaded new certificate in the storage unit 103 (S25). At this time, the control unit 101 adds the new certificate to the storage unit 103 while leaving the current certificate in the storage unit 103.

  Next, the control unit 101 instructs the communication connection unit 105 to disconnect the VPN (S27), and then instructs the communication connection unit 105 to make a VPN connection using the new certificate (S29). Here, specifically, transmission of a VPN connection request including a new certificate is instructed. This VPN connection instruction corresponds to a communication connection instruction in the present invention. The communication connection unit 105 temporarily disconnects the VPN 21 between the center terminals according to the instruction of the control unit 101, and sends a VPN connection request including the new certificate to the VPN server 35 of the communication management device 11.

  Next, the control unit 101 determines whether the VPN connection is successful (S31). This determination is made based on a notification from the VPN server 35. When receiving the VPN connection request including the new certificate, the VPN server 35 authenticates the new certificate using the common name. If authentication fails, the VPN connection also fails. The VPN server 35 sends a notification of whether the VPN connection is successful or unsuccessful to the IP line unit 63. Therefore, the control unit 101 can determine whether or not the VPN connection is successful based on the notification from the VPN server 35.

  When the determination in step S31 is Yes, the control unit 101 discards the current certificate in the storage unit 103 (S33). In addition, the control unit 101 transmits an update completion notification to the account management server 41 (S35). As described above, the update completion notification indicates that the IP line unit 63 has succeeded in the VPN connection using the new certificate.

  On the other hand, if the determination in step S31 is No, the control unit 101 instructs the communication connection unit 105 to make a VPN connection using the current certificate remaining in the storage unit 103 (S37). The communication connection unit 105 sends a VPN connection request including the current certificate to the VPN server 35 in accordance with an instruction from the control unit 101. The VPN server 35 can authenticate not only the new certificate but also the current certificate. For this purpose, the VPN server 35 holds the common name of the current certificate. Therefore, the authentication is successful and the VPN connection is also successful. The control unit 101 discards the new certificate that cannot be used (S39), and ends the process.

  In the above processing, it is assumed that the new certificate has been downloaded normally in step S23. In this case, the VPN connection is successful, the determination in step S31 is Yes, and the update of the electronic certificate is successfully completed through steps S33 and S35.

  On the other hand, it is assumed that the new certificate is not downloaded normally in step S23 and the data of the new certificate is damaged for some reason. The control unit 101 cannot determine whether the new certificate is damaged. Therefore, the control unit 101 instructs the communication connection unit 105 to disconnect the center-terminal VPN 21 in step S27, and further instructs the communication connection unit 105 to make a VPN connection using the damaged new certificate in step S29. End up. Therefore, the VPN connection is unsuccessful, and the determination in step S31 is No.

  In this case, the control unit 101 instructs the communication connection unit 105 to make a VPN connection using the current certificate in step S37. As a result, a communication disabled state is avoided. Thereafter, in the process on the account management server 41 side in FIG. 4, a predetermined waiting time elapses, the determination in step S13 becomes Yes, and the update notification is transmitted again. As a result, the control unit 101 can obtain a new certificate.

  FIG. 6 shows an example of the operation of the entire system. In this example, the first update process fails. Then, the update process again after the waiting time elapses succeeds. In FIG. 6, communication between the account management server 41 and the IP line unit 63 is performed via the VPN server 35.

  In FIG. 6, the account management server 41 sends an instruction to add a new certificate as an authenticable electronic certificate to the VPN server 35 (S51), and sends an electronic certificate update notification to the IP line unit 63 (S53). . The IP line unit 63 sends a request for downloading a new certificate to the account management server 41 (S55), and the new certificate is downloaded to the IP line unit 63 (S57).

  Thus, the first new certificate is downloaded. However, it is assumed that the data of the new certificate is damaged.

  The IP line unit 63 sends a VPN connection request including the new certificate to the VPN server 35 (S59). Since the data of the new certificate is damaged, the authentication with the VPN server 35 has failed, the VPN connection has also failed, and the connection failure is notified to the IP line unit 63 (S61).

  In this case, the IP line unit 63 sends a VPN connection request including the current certificate to the VPN server 35 (S63). This time, the authentication is successful, the VPN connection is also successful, and the connection success is notified to the IP line unit 63 (S65).

  Thus, if the data of the new certificate is damaged, a VPN connection is secured using the current certificate. However, if this is the case, the expiration date of the current certificate will eventually expire. In order to avoid such a situation, the update process is performed again as described below.

  As shown in FIG. 6, after step S65, time elapses and the elapsed time from the download of the new certificate reaches a predetermined waiting time (S67). When the waiting time elapses, the account management server 41 sends again an instruction to add a new certificate as an authenticable electronic certificate to the VPN server 35 (S69), and sends an electronic certificate update notification to the IP line unit 63. Send (S71). Similar to the first update operation, the IP line unit 63 sends a download request for a new certificate to the account management server 41 (S73), and the new certificate is downloaded to the IP line unit 63 (S75). The IP line unit 63 stores the re-downloaded new certificate while storing the current certificate in the storage unit 103.

  Here, the account management server 41 supplies a new certificate different from the previous new certificate to the IP line unit 63. In response to the instruction in step S69, the VPN server 35 overwrites the common name of another new certificate with the common name of the previous new certificate. As a result, the VPN server 35 can authenticate the current certificate and a new certificate different from the previous new certificate.

  It is assumed that the new certificate downloaded again to the IP line unit 63 in step S75 has been successfully downloaded without being damaged. In this case, the IP line unit 63 sends a VPN connection request including the new certificate to the VPN server 35 (S77), the VPN connection is successful, and a success notification is sent to the IP line unit 63 (S79). The VPN server 35 discards the common name of the current certificate and validates only the new certificate. The IP line unit 63 sends an update completion notification to the account management server 41 (S81), and the account management server 41 records the update completion.

  As described above, even if the first update fails, the VPN connection is secured using the current certificate, the update can be performed again, and the update can be completed within the expiration date.

  The electronic certificate management system according to the embodiment of the present invention has been described above. In the present embodiment, the IP line unit 63 is the terminal device of the present invention, and the account management server 41 is the certificate management device of the present invention. According to the present embodiment, when receiving the new certificate, the terminal device stores the new certificate in the storage unit 103 while leaving the current certificate before update in the storage unit 103. Then, when the communication connection using the new certificate fails, the terminal device performs communication connection using the pre-update electronic certificate remaining in the storage unit 103. Therefore, even if the data of the new certificate is damaged during the download, it is possible to prevent communication from being disabled, and the risk of communication failure can be minimized.

  Furthermore, according to the present invention, since a communicable state is ensured by using the current certificate as described above, the new certificate can be transmitted to the terminal device again, whereby the electronic certificate can be transmitted. You can also complete the update.

  Further, according to the present embodiment, the terminal device discards the current certificate remaining in the storage unit 103 when the communication connection using the new electronic certificate is successful. Further, the terminal device discards the new certificate from the storage unit 103 when the communication connection using the new certificate fails. As a result, from the state where the current certificate and the new certificate coexist in the storage unit 103, the unusable electronic certificate is discarded, the usable electronic certificate is left in the storage unit, and the electronic certificate is used thereafter. It is possible to respond appropriately to the processing.

  Further, according to the present embodiment, the present invention is applied to VPN. In order to use the new certificate, the VPN terminal device first disconnects the VPN once, and then sends a VPN connection request including the new certificate to the server. However, if the electronic certificate is damaged, authentication with the VPN server fails and the VPN is not constructed. Even in such a case, according to the present invention, the VPN connection can be secured using the current certificate, and a new electronic certificate can be supplied again to the terminal device via the VPN.

  In the present embodiment, the present invention is applied to the monitoring system 1. And even if data corruption occurs during communication of the new certificate to the monitoring device 15, it is possible to avoid a situation in which communication becomes impossible. The monitoring system 1 also plays a role such as security, and has a high level of demand for system safety and stability, and the present invention can suitably meet such needs.

  In the above embodiment, the present invention is applied to the update of the electronic certificate of the IP line unit 63. However, the present invention may also be applied to updating the electronic certificate of the VTE 81.

  Further, within the scope of the present invention, the present invention may be applied to other than the monitoring system, and may be applied to communications other than VPN. However, in the monitoring system, the required level of system security is high as described above. In the VPN, the terminal device temporarily disconnects the VPN when the electronic certificate is updated. Therefore, if the present invention is not applied, VPN reconnection becomes impossible. Therefore, it can be said that the present invention is particularly useful in a VPN utilization type monitoring system.

  Although the preferred embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments, and it goes without saying that those skilled in the art can modify the above-described embodiments within the scope of the present invention. is there.

  The electronic certificate management system according to the present invention is useful in a system that uses an electronic certificate for communication authentication, and is suitably applied to, for example, a monitoring system.

DESCRIPTION OF SYMBOLS 1 Monitoring system 3 Monitoring center 5 Monitoring object 7 User base 11 Communication management apparatus 13 Center apparatus 15 Monitoring apparatus 17 User apparatus 21 VPN between center terminals
23 SIP communication 25 VPN between terminals
33 HTTP server 35 VPN server 37 SIP server 41 Account management server 43 Database 61 Controller 63 IP line unit 65, 83 Router 73 Surveillance camera 81 VPN terminator (VTE)
85 User PC
101 Control unit 103 Storage unit 105 Communication connection unit

Claims (5)

An electronic certificate management system for communication authentication in which an electronic certificate assigned to a terminal device for authentication at the time of communication connection is managed by a certificate management device,
The certificate management device transmits a new electronic certificate to be used instead of the pre-update electronic certificate stored in the terminal device to the terminal device,
The terminal device
A storage unit for storing the electronic certificate;
A communication connection unit for performing communication connection using the electronic certificate;
A control unit that controls the communication connection unit and performs processing for certificate update from the digital certificate before the update to the new electronic certificate;
When the control unit receives the new electronic certificate from the certificate management apparatus, the control unit stores the new electronic certificate while leaving the pre-update electronic certificate in the storage unit, and causes the communication connection unit to store the new electronic certificate. The communication connection using the new electronic certificate is instructed, and when the communication connection using the new electronic certificate fails, the communication connection using the pre-update electronic certificate left in the storage unit is An electronic certificate management system for communication authentication, characterized by instructing a communication connection unit. A terminal device that performs communication that requires an electronic certificate for authentication during communication connection,
A storage unit for storing the electronic certificate;
A communication connection unit for performing communication connection using the electronic certificate;
A new electronic certificate to be used in place of the pre-update electronic certificate stored in the storage unit by communication, the communication connection unit is controlled, and a control unit that performs processing for certificate update is provided. And
When the control unit acquires the new electronic certificate by communication, the control unit stores the new electronic certificate while leaving the pre-update electronic certificate in the storage unit, and stores the new electronic certificate in the communication connection unit. When the communication connection using the new electronic certificate fails, the communication connection unit using the pre-update electronic certificate remaining in the storage unit is instructed to the communication connection unit. A terminal device.   When the communication connection using the new electronic certificate is successful, the control unit discards the electronic certificate before update that is left in the storage unit, and the communication connection using the new electronic certificate is established. The terminal device according to claim 2, wherein when it fails, the new electronic certificate is discarded from the storage unit. The communication connection unit is configured to transmit a VPN connection request including the electronic certificate as a communication connection process,
The control unit causes the communication connection unit to transmit a VPN connection request including an electronic certificate before update remaining in the storage unit when a VPN connection by a VPN connection request including the new electronic certificate fails. The terminal device according to claim 2 or 3, wherein   5. The terminal device is provided in a monitoring target of a monitoring system, the certificate management device is provided in a remote monitoring center, and the monitoring target and the monitoring center communicate monitoring information. The terminal device in any one of.