1. Field of the Invention
The present invention relates to a secure communication method, a terminal device, an authentication server, a computer program, and a computer-readable recording medium and, particularly, to encrypted communication of information. More particularly, the present invention relates to a method for ensuring the security of information communication between processes running on a common platform independent of the operating system (OS). Much more particularly, the present invention relates to a technique preferably used for security of authentication and information communication between service processes and prevention of manipulation in a secure printing function of a multifunction peripheral (MFP).
2. Description of the Related Art
In recent years, confidential information of various levels has been transmitted through communication networks along with progress in computer communication technologies. Such confidential information includes information on resident cards and registers in public offices. In companies, a variety of business confidential information is computerized and the information is shared over computer networks. In these backgrounds, it is extremely important to maintain the confidentiality of electronic information transmitted over networks.
In addition to maintenance of the confidentiality, appropriate countermeasures must be taken against, for example, manipulation of information or data corruption due to various attacks, because the value of the confidential information is lost if the confidential information cannot be utilized, if required.
In order to attain the above objects, encrypted communication methods, such as a secure socket layer (SSL) and a transport layer security (TLS), have been devised and put into practical use in information communication between computers that are client server systems.
In addition to these standard technologies, user authentication adopting a terminal management method, and a mechanism, for example, a Kerberos technology, which has a user authentication function and an encryption-key switching function for realizing the encrypted communication thorough communication channels, have also been devised and put into practical use.
The authentication server generates a secret key (Jk) for use in the encrypted communication between the client and the server in the above Kerberos technology, while the client generates the secret key (Jk) for use in the encrypted communication after the user authentication in some methods.
In the case of office equipment typified by the MFP, one terminal device has multiple functions including scanner, facsimile, printer, storage, and other functions, and the functions are coordinated with each other to attain a copier function or any of the functions can operate independently. In the MFP as a system, multiple service applications installed on a personal computer (PC) are coordinated with each other to communicate information between processes. As a result, some kind of information, for example, authentication information is transmitted to and received from the processes.
As described above, also in the information communication between the processes, multiple service applications run on a single terminal device to transmit and receive confidential information in a level different from that in the information communication between terminals in a client-server system.
Conventionally, in client-server systems, many countermeasures against the security problems including leakage and manipulation of information, described above, have been devised. In contrast, the information communication between service processes seems to be involved in the OS and, therefore, the security is undesirably considered only within the range of the OS.
However, recently, many technologies including JAVA have been developed in order to use a common platform. In this situation, the requirements for the security cannot necessarily be met in a restrictive condition, that is, within the range of the OS.
In other words, since a user can easily create an application independent of the OS and can easily install the application on a common platform, it is technically easy for the service processes provided in the above manner to leak highly confidential information.
The problem of vulnerability of the communication between multiple service processes on a common platform is caused not only in JAVA but also in a case in which information communication specifications designed as an international standard, like a Web service, are applied to multiple service processes. Accordingly, there is an urgent need to resolve such problems. Particularly, when information communication is performed in a standard level independent of the OS or the like, the above problems, which were capable of being resolved by applying the security functions inherent to the OS, cannot be easily resolved.
For example, secure printing in which an MFP does not start printing immediately after the user specifies the printing with his/her client terminal and transmits the print job to the MFP and the MFP restarts to process the print job after the user is authenticated in the MFP is assumed.
In this case, the MFP has a job management process that securely receives the print job and stores the received print job in a memory area in the MFP and a user authentication process that separately performs the user authentication in the MFP and instructs restart of the print job in accordance with the authentication result.
Accordingly, when the user specifies printing with his/her client terminal and transmits the print job to an MFP, the security of the print job must be ensured between the client terminal and the MFP. In addition, the user authentication process performed in the MFP and the transmission of information, such as process restart information used by the job management process to restart the print process based on the user authentication process, between the processes must be securely performed, as in the client-server communication.
As described above, there is a problem in that, in the multiple service applications running on a common platform independent of the OS, it is difficult to ensure the security of the information communicated between the processes of each of the service applications with conventional security functions dependent of the OSs.
Furthermore, when the secure printing function is performed in the MFP in which multiple service processes run and to which a service process can freely added later through a dynamic link, it is difficult to prevent security problem, such as spoofing of an illegal service application that meets the request to restart the suspended print job.