1. Field of the Invention
The present invention relates to a client apparatus, a server apparatus, and a program that establish a secure session. For example, the present invention relates to a client apparatus, a server apparatus, and a program that can establish a secure session based on entity authentication and biometric authentication without generating any unnecessary path associated with two handshakes.
2. Description of the Related Art
One of the protocols for performing cryptographic communication of information on a network is a TLS (Transport Layer Security) protocol. The TLS protocol is a technology that enables cryptographic communication of data by establishing a secure session after performing entity authentication (see, for example, T. Dierks, C. Allen, “The TLS Protocol Version 1.0”, <URL: http://www.ietf.org/rfc/rfc2246.txt>).
Technologies related to TLS protocols include TLS Inner Application. The TLS Inner Application enables an extension process in Record Layer after establishing a secure session by TLS handshake (see, for example, P. Funk, S. Blake-Wilson, N. Smith, H. Tschofenig, T. Hardjono, “TLS Inner Application Extension (TLS/IA) draft-funk-tls-inner-application-extension-03.txt”, <URL: http://tools.ietf.org/wg/tls/draft-funk-tls-inner-application-extension-03.txt>). In the TLS Inner Application, by performing biometric authentication by this extension process, entity authentication and biometric authentication can be performed (see, for example, Jpn. Pat. Appln. KOKAI Publication Nos. 2003-44436, 2006-11768 and 2003-224562, and S. Santesson, “TLS Handshake Message for Supplemental Data”, <URL: http://www.ietf.org/rfc/rfc4680.txt>).