1. Field of the Invention
The present invention relates to a technique for controlling access using a subject name in a personal certificate (hereinafter, referred to simply as a certificate).
2. Description of the Related Art
ITU-T recommendation X.509 defines directory model authentication. A personal certificate in conformity with the directory model authentication is issued from the certificate issuing authority (the certifying authority). The certificate issuing authority receives, from an applicant, information (name, belonging, public key, and so on) needed to issue a certificate, and issues the certificate in accordance with a predetermined policy, thereby storing the certificate into a predetermined certificate storing unit. The applicant can take out the certificate from the certificate storing unit.
When the subject name included in a personal certificate is only seen, it is unclear what right or properties the holder of the certificate has. Various approaches have been employed in order to recognize the right or properties the holder has. For example, the subject name and the right of the certificate are registered into a database, which are inquired to the database for each access using the certificate. The method, however, has the problem of efficiency.
FIG. 10 shows a system example for implementing the abovementioned related art approach. In the figure, the user uses a client terminal 500 to access a web server 502 via a network (e.g., the Internet) 501. The access is performed using the SSL method. A certificate is transmitted from the client terminal 500 to the web server 502 for authentication. Thereafter, the data is encrypted by a symmetric key decided by negotiations, which is then sent/received. The web server 502 uses the subject name in the certificate (an identifier of the authenticated person described in the certificate) sent from the client terminal 500 to make an inquiry to a database server (a directory service) 503, and then, recognizes whether the user of the client terminal 500 has an access right or not. For example, an authorized level of access right for accessing an object (e.g., 0, 1, 2, and so on) and a subject name as an argument are inquired to the database server 503, and a response whether the user with the subject name is of the authorized access right level is received. The database server 503 stores the relation between the user (the subject name) and the authorized access right level. An authorized access right level with a subject name as an argument may be received so that the web server 502 side determines whether an accessed file is within the authorized access right level. Alternatively, a subject name and an accessed file name (a directory name) may be transmitted to the database server 503 for checking.
In the abovementioned related art approach, the access right is checked to the database server 503 via the network 501 for each access, thus increasing the load on the computer. In addition, since the checked data is sent directly to the network 501, there occurs a security problem.
To avoid the foregoing problems, a copy of a set or subset of the access right information of the database server 503 may be locally placed on a site of the web server 500. However, the consistency between the database server 503 and the copy must be maintained and the maintenance management is complicated. Besides, placing the database server on each site will increase the cost.