1. Field of the Invention
This invention relates to methods and apparatuses for certification and authentication of users and computers over networks.
2. Description of the Related Art
Conventionally, user IDs and passwords are both used to verify (or authenticate) users over networks, an example of which is described in a book entitled “Introduction To Coding Theory” written by Eishi Okamoto and published by Kyoritsu Shuppan Kabushiki Kaisha in 1993 in Japan (in particular, pages 132-133). Herein, several pieces of information regarding users of personal computers or terminals are registered with servers in advance. That is, the server stores user IDs, which are assigned to users in advance, and passwords that only the users may know in the storage thereof. In order to use online functions over the network, the user inputs his/her identification number (i.e., user ID) and password by operating a terminal connected with the server via the network. Then, the server makes a determination as to whether or not the input information transmitted thereto via the network match the information stored in the storage thereof. Thus, the server can verify the user who is actually and certainly registered therewith.
Recently, electronic certification services using coding techniques (or encryption) are widely spread in the fields of computer communications and networking services, an example of which is described in the aforementioned book (in particular, pages 133 and 134). In order to use the electronic certification service, the user transmits the prescribed information including a public key regarding encryption (or decryption) to an online certification agency (or organization), which in turn issues a digital ID for the user and stores the public key in the storage. When a user wishes another user to be verified the identity of the other via the network, the user transmits to the other user the aforementioned digital ID and public key together with an electronic signature using a private key (or secret key) regarding encryption (or decryption). Then, the other user transmits the received digital ID to the certification agency, which in turn returns the public key that is stored in correspondence with the digital ID. Thus, the other user compares the public key, which is directly received from the user, with the public key that is transmitted thereto from the certification agency. When there is a match, the other user can verify the user as requested.
The aforementioned technology may ensure mutual certification between computers (e.g., server and terminal) over the network. However, there is a problem that certification may not be reliably performed as to whether or not the computers are actually used by the authorized users. In the method using passwords, an unauthorized person, who differs from the authorized user, may be able to obtain an online certification by operating the terminal and inputting private information of the authorized user such as the user ID and password, which may have been obtained unfairly or illegally. That is, there remains a possibility that unauthorized persons may succeed in using online services, which are provided for authorized users, in unfair or illegal ways. In addition, the aforementioned electronic certification using encryption use digital IDs and public (or private) keys, wherein a third party may be able to act as an authorized user by manipulating the computer dishonestly.
In summary, the conventional certification technology may have abilities of certifying computers whose users are registered with servers and the like. However, it cannot reliably perform certification as to whether or not computers are actually being operated by authorized users.