1. Field of the Invention
The present invention relates to a method and a system for depositing a private key used in an RSA (Rivest Shamir Adleman) cryptosystem, where a private key of a client user is deposited to a reliable organization such as a key management server, and a key to be deposited is changed, for the purpose of providing a security service such as a user authentication or a secret communication using the RSA cryptosystem between a client and a server in a computer network environment of a client-server system.
2. Description of the Background Art
In recent years, in conjunction with a down-sizing of computers and a spread of Internet, many activities have been undertaken in relation to a security in an open computer network environment. For example, the PEM (Privacy Enhanced Mail) has been standardized by the IETF as the first encrypted mail standard which incorporates cryptographic descriptions in Internet, and a specification in a form of RFC (Request For Comments) is currently issued.
In order to realize a safe communication in such a network, it is indispensable to establish a privacy of communication data and an authenticity of a user based a user authentication. The privacy and the authenticity can be realized by utilizing the cryptographic technique.
For instance, the public key cryptosystem is a cryptographic scheme in which a key for encryption (an encryption key) and a key for decryption (a decryption key) are set to be different from each other so as to make it difficult to guess the decryption key from the encryption key. Each user utilizing the public key cryptosystem has individually assigned encryption key and decryption key, and when a sender sends a message to a receiver, the sender encrypts the message by using the publicly disclosed encryption key of the receiver, and the receiver decrypts the received message by using his own decryption key, so as to realize a communication with a sufficient privacy. Also, by reversing an order of the encryption and the decryption, only a person who owns the decryption key (private key) can attach a digital signature to a message, and anyone who knows that person's encryption key (public key) can verify the digital signature of that person.
One of the most widely known examples of the public key cryptosystem is the RSA cryptosystem (see, R. L. Rivest, A. Shamir and L. Adleman: "A Method for Obtaining Digital Signatures and Public-key Cryptosystems", Communications of the ACM, Vol. 21(2), pp. 120-126, February 1978).
However, in a conventional method for realizing a safe communication by utilizing the cryptographic technique as described above, the private key which is unique to each user must be managed safely, and to this end, there are some known schemes including the following.
One scheme is to maintain the private key in a storage medium having a cryptographic processing function such as a smart card, so as to make it hard to take out the key from an external of the card, and to adopt a highly safe measure of outputting only cryptographically processed data obtained from entered input data by using the private key maintained inside the card.
Another scheme is to maintain the private key in an encrypted form obtained by using a key decryption key generated according to a password phrase of a user, where a legitimate user who knows the password can acquire the private key whenever necessary by entering the password, in response to which the same key decryption key is generated again and the encrypted private key is decrypted by using the generated key decryption key. This latter scheme is specified in the PKCS ("Private-Key Information Syntax Standard", Version 1.2, RSA Data Security Inc., November 1993) which is proposed by the RSA Laboratories as a standard implementation in a case of utilizing the public key cryptographic technique.
However, in the former scheme, there is a problem that it is necessary for a user to always carry around the private key as maintained in the storage medium such as a smart card. Also, in the latter scheme, there is a problem that it is possible to pretend the legitimate user by carrying out the cryptanalysis on the encrypted private key.
On the other hand, it is also possible to improve the safety by setting a period for updating the key shorter, but in the public key cryptosystem such as the RSA cryptosystem it is possible to commit an illegal conduct by generating an unauthorized key pair and pretending the other person. For this reason, in order to guarantee the relation between a user and his public key, a public key certificate which is signed by the private key of either a reliable third party organization or another trustworthy user will be issued normally. In a case of carrying out the mutual authentication between users, the public key certificate of the correspondent user is verified by using the public key of that third party organization or another trustworthy user, and his public key is used only after the correctness of the correspondent user's name and public key is confirmed.
However, at a time of the key updating, the public key is also changed when the private key is changed, so that there is a need to modify the public key certificate that has already been issued and publicly disclosed to many users, every time the key updating takes place, and therefore there is a problem that the key management becomes quite tedious.