1. Field of the Invention
The present invention relates to a communication system and to a security assurance device, which are capable of assuring an appropriate level of security during communication with an opposite party.
Priority is claimed on Japanese Patent Application No. 2004-249983, filed Aug. 30, 2004, Japanese Patent Application No. 2004-301902, filed Oct. 15, 2004 and Japanese Patent Application No. 2005-77247, filed Mar. 17, 2005, the content of which are incorporated herein by reference.
2. Description of Related Art
A PKI (Public Key Infrastructure) is an infrastructure technique for authentication during communication with an opposite party over the currently existing internet (for example, refer to “Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations” by Carlisle Adams and Steve Lloyd, from Macmillan Technical Pub, 1999), and it is a technique in which a CA (Certificate Authority or authentication authority) which is trusted upon the social level guarantees the public key of a host which has generated a pair of keys consisting of a public key and a secret key, i.e. guarantees that the host really and certainly did generate that public key. In PKI, a CA which is socially trusted, issues a public key certificate (PKC: Public Key Certificate) upon which a digital signature (of certificate issuance) has been encrypted by applying its own secret key, for the public key in a pair, consisting of a public key and a secret key, which has been generated by the target party for communication (here this party will be termed the server). The receiving side of the communication (here this party is termed the client), in order to check the PKC which has been sent from the target party for communication and which has arrived, verifies the digital signature of the PKC using the public key of the CA, and thereby authenticates the correct identity (the recognizability) of the target party for communication.
The CA receives a public key from the server, which has created a pair of that public key and a secret key, and, after having authenticating the identity of that server off-line, thereafter issues certificate which include that public key. Here by issuance means the procedure of affixing, with the secret key of the CA itself, a digital signature to the entire body of information, including the public key of the server and collateral information. As a representative example of such a certificate, an X.509 certificate may be cited (for example, refer to “Information Technology—Open Systems Interconnection—The Directory Authentication Framework”, ITU-T Recommendation X.509, June 1997 (equivalent to ISO/IEC 9594, 1997), “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, IETF, RFC2459, 1999. and “An Internet Attribute Certificate Profile for Authorization”, IETF, RFC3281, 2002.).
This certificate can be a PKC for certificating the identity and an AC (Attribute Certificate) for certificating attributes which have been linked to the PKC (refer to FIG. 22). It is possible to append attribute information in an extended field of the PKC, or of the AC, including the purpose of using the information and information concerning the owner of the public key, or the like. However, if the attribute is frequently updated, an AC comes to be used, since the updating cost for the PKC becomes a problem. Although the PKC is issued and managed by a CA which is trusted, an AC may be issued and managed by a local AA (Attribute Authority).
FIG. 23 shows the issuance and specification relationship for a PKC and an AC by a CA and an AA. Upon a request from a terminal (EE) 7, a certification authority (CA) 1 issues a public key certificate (PKC) 100 for the terminal 7. In addition, an attribute authentication authority (AA) 6 issues an attribute certificate (AC) 101 which has been linked to the public key certificate of the terminal 7.
It may happen that, due to some reason, it is necessary to revoke the PKC, even though the signature of the PKC is correct and it is before its expiration. PKCs which have been revoked are recorded in a CRL (Certificate Revocation List). The format of such a CRL is shown in FIG. 24.
In a communication system, as systems for enhancing the security of the communication system against attack such as virus attacks and the like, there are per se known an IDS (Intrusion Detection System) and a VDS (Virus Detection System). An IDS is a system which monitors packets which flow upon the network or a log file upon a host, and which alarms if it detects a packet or a log file which matches with an attack pattern file. FIG. 25 shows a model of a network type IDS which monitors packets upon a network, and which watches for improper behavior (for example, refer to “Network intrusion detection” by Keiji Takeda and Hiroshi Isozaki, from Softbank Publishing, June 2000).
In this figure, an IDS 8 monitors packets 200 which flow between a network 11a and a network 11b. In this IDS 8, a packet acquisition section 81 acquires a packet 200 and outputs it to an attack detection section 82. The attack detection section 82 makes a decision, based upon attack patterns which are recorded in an attack pattern file 300, as to whether or not this packet which has been acquired is one which constitutes an attack; and, if it has been decided that this packet is indeed one which constitutes an attack, then, along with recording in a log 301, executes processes such as issuing an alarm or the like.
On the other hand, a VDS is a system which outputs an alarm when it detects code within a file upon the host, or within a file which has been sent or received upon the network, which matches with a pattern file of computer viruses (for example, refer to “Overall Chart for Up-to-date Understanding of Computer Viruses”, Atomic Drop, Gijutsu-Hyohron Co., Ltd, October 2000.). Generally a VDS is provided within a client host or server or network GW (gateway).
However, with a prior art communication system, while it has been possible to authenticate the correct identity of the target party of communication, the security level of this communication has not been guaranteed. Accordingly there has been the problematical point that, if the server of the target party of communication is a malicious server, or a server which has not taken security countermeasures, then the client side may also be attacked.
The present invention has been made in the light of the above described problematical point, and it takes as its objective to provide a communication system, and a security assurance device, which can assure whether or not the target party of communication is implementing security countermeasures.