1. Field of the Invention
The present invention relates to authentication of communication partners using electronic certificates. In particular, the present invention relates to techniques for authenticating communication partners using electronic certificates containing personal information.
2. Background Art
In server-client data communications that require secure communication, such as electronic commerce and on-line banking, SSL (Secure Socket Layer) and TLS (Transport Layer Security), which is a technique developed later than SSL and standardized by IETF (Internet Engineering Task Force) as RFC 2246, have conventionally been used.
In SSL/TLS handshake protocols, prior to initiating cryptographic communications, negotiations of various parameters necessary for initiating cryptographic communications between servers and clients are performed. In such handshake protocols, authentication of communication partners is performed first, and then the optimum algorithms are determined from among compression/encryption algorithms commonly available to both the clients and the servers. When the negotiations using handshake protocols are normally completed, cryptographic communications between the server and clients are initiated.
Now, partner authentication using a handshake protocol will be described using an example in which a server apparatus authenticates a client apparatus. In partner authentication of a handshake protocol which adopts public key cryptography, in response to a CertificateRequest message sent from the server apparatus, the client apparatus includes an electronic certificate of the client apparatus in the body of a ClientCertificate message and sends the message to the server apparatus. Upon receiving the electronic certificate, the server apparatus checks the validity of the electronic certificate using a key obtained from a root certificate authority (CA). In addition to the public key, the electronic certificate contains bibliographic information such as information on the holder of a private key corresponding to the public key (i.e., a subscriber of the electronic certificate) and the validity period of the public key. The server apparatus refers to the bibliographic information so as to check that the client apparatus is an appropriate communication partner.
Then, the client apparatus creates a signature by encrypting a digest of content of communication including content from a ClientHello message, which is an initiation message of a handshake protocol, to a ClientKeyExchange message using a private key of the client apparatus. Then, the client apparatus includes the signature in the body of a CertificateVerify message and sends the CertificateVerify message to the server apparatus. The server apparatus decrypts the information included in the body of the CertificateVerify message using the public key contained in the electronic certificate of the client apparatus so as to check that the current communication partner is the holder of the electronic certificate (see, Non-patent Document 1).
Thus, the partner authentication provided by SSL/TLS is very stringent, and can thus be considered to be the most suitable authentication scheme to be employed in electronic governments and electronic corporations, where spoofing and tampering by a third party are of great concern. Recently, a public individual authentication service was inaugurated as a foundation of electronic governments and electronic corporations (see, Non-patent Document 2). In such a public individual authentication service, prefectural governors issue electronic certificates to be used for electronic application/notification services provided by public administrations. Electronic certificates can be issued at low cost to any person living in any region. Thus, it is desirable that electronic certificates issued through public individual authentication service are used as client certificates for SSL/TLS.