1. Field of the Invention
The present invention generally relates to a managed device, a management system, a method for controlling a managed device, and a medium containing a program to control a managed device.
2. Description of the Related Art
A managed device connects multiple electronic apparatuses, each having its own communication function such as a client function or a server function, via a communication line, and various management systems can be built using such managed devices.
In building a management system, it is important to confirm when communicating whether a communication counterpart is appropriate, or whether information being transmitted has not been tampered with. Moreover, especially when communicating over the Internet, as information often passes through computers that are unrelated before reaching the communication destination, when transmitting secret information, there is also a demand for making sure that the contents are not viewed secretly. A protocol such as SSL (Secure Sockets Layer), for example, as a communication protocol to respond to such a demand is being developed and widely used. Using this protocol to communicate combines public key encrypting methods and common-key encrypting methods for authenticating the communication counterpart as well as preventing tampering and tapping by encrypting information. Moreover, even at the communication destination side, a communication originating apparatus that requests communications is authenticated.
Technologies related to authentication using such SSL and public key encrypting are described in Patent Document 1, JP2002-353959A, and Patent Document 2, JP2002-251492A.
Now, a communication procedure for mutually authenticating according to this SSL is described focusing on the authentication process portion. FIG. 28 is a diagram illustrating a flow of processes executed in each apparatus when communication apparatuses A and B mutually authenticate according to the SSL, along with information used for the process.
As illustrated in FIG. 28, when mutually authenticating according to the SSL, there is a need to first have a root key certificate, a private key, and a public key certificate stored in both of the communication apparatuses. This private key is a private key issued to each apparatus by a CA (Certificate Authority), while the public key certificate is one such that the public key corresponding to the private key is appended with a digital signature by the CA so as to be set as a digital certificate. Moreover, the root key certificate is one such that a root key corresponding to a root private key used in the digital signature is appended with a digital signature so as to be set as a digital certificate.
FIG. 29A and FIG. 29B illustrate these relationships.
As illustrated in FIG. 29A, a public key A is configured from a main body of the key for decrypting text encrypted using a private key A, and property information that includes such information as the issuer (CA) of the public key and validity. Then, to indicate that the main body of the key and the property information are not tampered with, a hash value obtained by hashing the public key A is encrypted using a root private key so as to be applied to a client common key as a digital signature. Moreover, at that time, information identifying the root private key used in the digital signature is added as signature key information to the bibliographical information of the public key A. Then, the public key certificate having this digital signature applied is a pubic-key certificate A.
When using this public-key certificate A for authenticating, the digital signature contained therein is decrypted using a main body of a root key being a public key corresponding to the root-private key. It is understood when this decrypting is performed successfully that the digital signature is certainly applied by the communication apparatus. Moreover, it is understood that when the hash value obtained by hashing the public key A portion and a hash value obtained by decrypting matches that the key itself is also neither damaged nor tampered with. Furthermore, it is understood that when it is possible to successfully decrypt the received data using this public key A that the data is transmitted from the owner of the private key A.
Now, while it is necessary to store in advance a root key for performing authentication, as illustrated in FIG. 29B, this root key is stored as a root key certificate having applied a digital signature by the communication apparatus. This root key certificate is in a self signature format enabled to decrypt the digital signature with a public key contained therein. Then, when using the root key, the main body of the key contained in the root key certificate is used to decrypt the digital signature so as to compare with the hash value obtained by hashing the root key. When there is a match, it is possible to confirm that the root key is not corrupted, for instance.
Now the flowcharts in FIG. 28 (FIGS. 28A, 28B) are described. It is noted that in this diagram, an arrow between the two flow charts represents transferring of data such that the transmitting side performs a transferring process at a step from which the arrow originates, while the receiving side, once the information is received, performs a process of a step to which the arrow points. Moreover, when a process of each of the steps is not successfully completed, at that time a response of having failed authentication is returned so as to suspend the process. The same holds when a response of having failed authentication is received from the counterpart, or upon time out of the process.
Now, with a communication apparatus A requesting communications with a communication apparatus B, when performing this request, the CPU of the communication apparatus A executes a required control program and starts a process of the flowchart illustrated on the left-hand side of FIG. 28A. Then, in step S311, a request for connection is transmitted to the communication apparatus B.
On the other hand, the CPU of the communication apparatus B, once receiving this request for connection, executes a required control program and starts a process of the flowchart illustrated on the right-hand side of FIG. 28A. Then, in step S321 a first random number is generated for encrypting using a private key B. Then, in step S322, the encrypted first random number and a public key certificate B are transmitted to the communication apparatus A.
At the communication apparatus A side, when receiving this information, in step S312 the validity of the public key certificate B is confirmed using a root key certificate.
Then once confirmed, in step S313 the first random number is decrypted using a public key B contained in the received public key certificate B. When the decrypting here is successful, that confirms that the first random number is certainly received from a subject to which the public key certificate is issued. Then, when the confirming as described above is successful, information indicating success of authentication is transmitted to the communication apparatus B.
Moreover, at the communication apparatus B side, upon receiving this information, in step S323, transmission of a public key certificate for authentication is requested from (request sent to) the communication apparatus A.
Then, at the communication apparatus A, based on the above request for transmission, in step S314, a second random number and a common key seed are generated. A common key seed may be generated based on data transacted in previous communications, for example. Then, in step S315 the second random number is encrypted using a private key A, the common key seed is encrypted using the public key B, and in step S316 these are transmitted with a public key certificate A to the communication apparatus B side. Encrypting the common key seed is performed for the purpose of making sure that the random number is not known to apparatuses other than the communications counterpart.
Then, in the next step S317, a common key for use in encrypting subsequent communications is generated from the common key seed generated in step S314.
At the communication apparatus B side, when receiving the noted information, in step S324 the validity of the public key certificate A is confirmed using the root key certificate. Then once confirmed, in step S325, the second random number is decrypted using a public key A contained in the public key certificate A received. When the decrypting here is successful, that confirms that the second random number is certainly received from a subject to which the public key certificate A is issued.
Subsequently, in step S326 the common-key seed is decrypted using a private key B. It can be said that, in the process thus far, the first through the third common key seeds common to the communication apparatus A side and the communication apparatus B side are shared. Then, at least the common key seed does not become known to apparatuses other than the communication apparatus A having generated the number and the communication apparatus B having the private key B. Once the process described thus far succeeds, also at the communication apparatus B side in step S327 a common key for use in encrypting subsequent communications is generated from the common key seed obtained by decrypting.
Then, once the process of step S317 at the communication apparatus A side and the process of step S327 at the communication apparatus B side are terminated, success of authentication and an encrypting method for use in subsequent communications are mutually confirmed for terminating the process regarding authentication assuming that the generated common key is used to conduct the subsequent communications using the encrypting method confirmed as described above. It is noted that the confirming as described above includes a response from the communication apparatus B that authentication has succeeded. The process as described above enables mutually establishing communications so as to subsequently use the common key generated in step S317 or step S327 and to encrypt data according to the common key encrypting method for conducting communications.
Performing such a process as described above enables securely sharing a common key upon the communication apparatus A and communication apparatus B mutually authenticating their counterparts, and establishing a path for communicating securely.
It is noted that in the process as described above, it is not mandatory to encrypt the second random number with the private key A and to transmit the public key certificate A to the communication apparatus B. In this way, the process of steps S323 and S324 at the communication apparatus B side is not required. In this way, while it is not possible for the communication apparatus B to authenticate the communication apparatus A, this process is sufficient when it suffices for the communication apparatus A to only authenticate the communication apparatus B. Then in this case, it is necessary to have only the root key certificate stored in the communication apparatus A so that neither the private key A nor the public key certificate A are needed. Moreover, it is not necessary to have the root key certificate stored in the communication apparatus B.