The present invention relates to electronic certification and authentication methods and systems.
Reliable electronic commerce using cryptographic technology has been implemented in recent years in an open network environment such as Internet.
The enciphering of information involves a cryptographic algorithm and a cryptographic key. The cryptographic algorithm means a process (enciphering) for converting intelligible information that is expressed in plaintext into unintelligible information that is expressed in ciphertext and a process (deciphering) for converting ciphertext into plaintext. The cryptographic key means a control parameter used in the converting processes executed by the cryptographic algorithm. Even if a plaintext message is enciphered using the same cryptographic algorithm, resultant ciphertext messages may be different from one another depending on the cryptographic keys used. Therefore, in order to decipher ciphertext into corresponding plaintext, the same cryptographic key as that used for the enciphering or a cryptographic key that is paired with the cryptographic key used at the time of the enciphering must be used. The cryptographic algorithm requiring that exactly the same cryptographic key used for enciphering be used for deciphering is called "symmetric-key cryptography", or "common-key cryptography" like in the former case, whereas the cryptographic algorithm using different cryptographic keys for enciphering and deciphering is called "asymmetric-key cryptography", or "public-key cryptography." Common-key cryptography implements high-speed processing but entails time and labor in managing keys, whereas public-key cryptography does not implement high-speed processing but is easy in managing keys and, in addition, is advantageous in that it is applicable to digital signature generation.
That is, public-key cryptography, due to asymmetry of two keys used for enciphering and deciphering, allows one of the keys (public key) to be disclosed to the public. As a result, public-key cryptography provides relatively easier cryptographic key management than common-key cryptography, and is also advantageous in that it is applicable to digital signature generation. However, in utilizing public-key cryptography, correspondence between a publicly disclosed public key and the possessor of such public key must be ensured. The reason therefor is as follows. If an illegal user A prepares a public key of a user B under the disguise of the user B and discloses the thus prepared public key as the public key of the user B (the private key corresponding to such public key is possessed by the illegal user A), then a user C might erroneously certify the illegal user A as being the user B by checking the digital signature of the user B forged by the illegal user A through deciphering using the public key of the user B. Moreover, as a result of such erroneous certification, all the information addressed to the user B is leaked to the illegal user A. Therefore, in constructing an environment in which public-key cryptography can be utilized, it is essential to provide a means for ensuring correspondence between a public key and its possessor.
A certification authority is a means for solving such problem in a large-scale open network such as Internet. A framework for certification using a certification authority and a certificate has been specified by CCITT (The International Telegraph and Telephone Consultative Committee) in its resolution X.509. The certificate means a public key of the possessor of the certificate and data that is made unforgeable by enciphering the certificate and other pieces of information using a private key of the certification authority that has issued the certificate, i.e., by putting a digital signature of the certification authority. All the entities using the system can check and certify the authenticity of a public key included in a certificate of other entity only by holding the certificate (public key) of the certification authority safely and checking the digital signature of the certification authority put on the certificate of the other entity.
By the way, electronic commerce in a network environment such as Internet tends to expand from electronic commerce between consumers and malls to electronic commerce between enterprises. Electronic commerce between enterprises will be more and more oriented towards not only attaining transaction security but also providing "authentication service" in which the contents of a transaction and the fact that the transaction was made are certified and in which the evidence of such facts is archived for a predetermined period of time. Further, such authentication service may possibly be expanded to areas other than electronic commerce (i.e., services currently supplied by a notary public at a notary's office, such as administering wills). It may be noted that an invention related to electronic commerce is disclosed in, e.g., U.S. Pat. No. 5,671,279.
However, ISO is standardizing the "non-repudiation" technology, but such standardization is still on a framework level and, therefore, implementation formalities are not yet specified. Further, a service for safekeeping electronic information that is received online (electronic safe deposit box) is available. However, not administered on a transaction basis, such service is not suited to utilize "authentication service". Still further, although the Civil Affairs Bureau of the Ministry of Justice advocates the necessity of an electronic certification and authentication system in electronic commerce, what is envisaged by the Bureau is merely an outline, lacking implementation formalities. It may be noted that the non-repudiation technology is disclosed in, e.g., U.S. Pat. No. 5,615,268.