1. Field of the Invention
The present invention relates to an electronic certificate issue system and method.
2. Description of the Related Art
Conventionally, there is a system (hereinafter, referred to as “remote monitoring system”) to monitor an image forming apparatus, such as a copy machine, a printer or a multifunction peripheral device installed in an office, through a network by a company providing maintenance services, such as a manufacturer of the image forming apparatus. Such a remote monitoring system generally includes an equipment information collecting apparatus, which collects equipment information from an image forming apparatus, installed on a user side and a server apparatus installed on a maintenance service company side. The equipment information collecting apparatus collects equipment information from an image forming apparatus. The collected equipment information is transferred from the equipment information collecting apparatus to the server apparatus through a network. There is a case where the image forming apparatus directly transfers the equipment information of the image forming apparatus.
Because the equipment information may be used for an accounting operation and may contain confidential information, the equipment information must be transferred through a secure communication. Thus, in order to prevent data tampering or spoofing, mutual authentication by SSL (Secure Socket Layer) and enciphered communication are performed between a client apparatus (the equipment information collecting apparatus or the image forming apparatus) and a server apparatus.
In order to perform the mutual authentication, the client apparatus and the server apparatus need to have a private key, respectively. The private key is a piece of information, which must not be revealed by any means in order to maintain the security of the remote monitoring system. Moreover, it is required that the key is only introduced to clients authorized by the maintenance service company.
In a conventional remote monitoring system, basically, an apparatus used as a client apparatus is provided with a public key certificate and a private key that are unique for each apparatus when delivered from a factory. That is, an apparatus (incorporative apparatus), into which a unique public key certificate and a private key are previously incorporated and which is not a general purpose computer such as a personal computer, is used not only for the image forming apparatus used as a client apparatus but also for the above-mentioned equipment information collecting apparatus.
Therefore, it is possible to record a private key or the like in each client apparatus at the time of factory shipment so that the private key cannot be taken out of the client apparatus, thereby maintaining the uniqueness of the private key and the security.
The above-mentioned conventional system is disclosed, for example, in Patent Document 1.
Patent Document 1: Japanese Laid-Open Patent Application No. 2004-320715
However, the limitation of the apparatus serving as the equipment information collecting apparatus to such an incorporative apparatus deteriorates system flexibility. Thus, it is desired to achieve the function of the equipment information collecting apparatus by using software, which can be installed in a general purpose computer such as a personal computer (PC) or the like.
However, when distributing such a software package through a network or recording media such as a CD-ROM, the software package is produced by copying the software. Accordingly, there is a problem in that it is difficult to safely introduce a private key or the like, which is unique for each software package, into a PC to which the software is installed.
Moreover, when delivering the software package through a network, it is possible even for a malicious person to easily acquire the software. Thus, a risk of attacking the server apparatus using the thus-acquired software may become high.