The present invention relates to techniques in a PKI (Public Key Infrastructure), well suited for authenticating the validity of a public key certificate which serves to verify a signature for an electronic procedure received by a certain terminal and which has been issued by a certification authority different from one trusted by the pertinent terminal.
In various organizations and parties on private and public bases, PKIs (Public Key Infrastructures) have been introduced and made ready for use in order to electronicize manifold procedures which were taken with sheets of paper in the past.
FIG. 12 shows the relationship among a plurality of certification authorities which exist in a prior-art PKI.
As shown in the figure, the certification authorities each issuing and managing public key certificates form a group having a tree structure whose apex is the root certification authority CA1. The group is called “security domain”. The root certification authority CA1 issues public key certificates to the certification authorities CA21-CA2n which are located directly downstream of itself. Besides, each of the certification authorities CA21-CA2n issues public key certificates to the certification authorities CA31-CA3n1 which are located directly downstream of itself. In this manner, each certification authority located directly upstream in the tree issues public key certificates to the certification authorities located directly downstream of itself. Further, each of the certification authorities located at the downmost stream in the tree (hereinbelow, called “terminal admitting certification authorities”) CAS1-CASnm issues public key certificates to user terminals taking electronic procedures (hereinbelow, called “end entities”) EE1-EEx.
The legality of a secret key (signature key) which each of the end entities EE1-EEx uses for the signature of an electronic document is certified by the public key certificate issued by that one of the terminal admitting certification authorities CAS1-CASnm which admits the pertinent end entity itself. In turn, the legality of a secret key which each of the terminal admitting certification authorities CAS1-CASnm uses for the signature of the issued public key certificate is certified by the public key certificate issued by that one of the certification authorities CA(S-1)1-CA(S-1)n(m−1) which admits the pertinent terminal admitting certification authority itself. Accordingly, the secret key which is used for the signature by each of the end entities EE1-EEx is finally certified by the public key certificate issued by the root certification authority CA1. The certification authority which finally certifies the legalities of the keys respectively used for the signatures by the end entities EE1-EEx, in other words, which is trusted by the end entities EE1-EEx, and which is located at the upmost stream in the tree, is called “trust anchor”.
Referring to FIG. 12, the end entity EE1 affixes a signature to an electronic document, such as a written application, to be transmitted to the end entity EEx, by using the secret key of the end entity EE1 itself. Besides, the end entity EE1 attaches to the signed electronic document a public key certificate which pairs with the above secret key and which has been issued by the terminal admitting certification authority CAS1 for admitting this end entity EE1, and it transmits the document and the certificate to the end entity EEx.
The end entity EEx can verify the signature of the electronic document received from the end entity EE1, by employing the public key certificate attached to this electronic document. Since, however, the public key certificate is not one issued by the terminal admitting certification authority CASnm for admitting the end entity EEx, this end entity EEx cannot immediately trust the pertinent public key certificate. In this case, the end entity EEx must authenticate that the validity of the pertinent public key certificate is certified by the root certification authority CA1 which is the trust anchor of end entity EEx itself. A validity authentication process for the public key certificate is executed by the following steps:
(1) Search for Path from Trust Anchor to Certification Authority which is Issue Origin of Public Key Certificate
With a trust anchor (here, the root certification authority CA1) set as a start certification authority, the processing of inspecting the issue destinations of public key certificates issued by the start certification authority and further inspecting if any downstream certification authorities are included among the inspected issue destinations, the issue destinations of public key certificates issued by the downstream certification authorities is continued until a certification authority being the issue origin of a pertinent public key certificate (here, the terminal admitting certification authority CAS1 for admitting the end entity EE1) is included among the further inspected issue destinations. Thus, a path from the trust anchor to the certification authority being the issue origin of the pertinent public key certificate is searched for.
(2) Verification of Detected Path
There are obtained public key certificates issued from the individual certification authorities located on the path detected by the step (1), to the certification authorities located directly downstream of the respective certification authorities on the path. Besides, the processing of verifying the signature of the pertinent public key certificate to be authenticated on its validity (here, the public key certificate issued to the end entity EE1 by the terminal admitting certification authority CAS1), in the light of the public key certificate issued by the certification authority (here, the certification authority CA(S-1)1) located directly upstream of the certification authority (here, the terminal admitting certification authority CAS1) having issued the pertinent public key certificate, and subsequently verifying if the verification holds good, the signature of the public key certificate issued by the certification authority located directly upstream, in the light of the public key certificate issued by the certification authority located directly upstream still further, is continued until the upstream certification authority reaches the trust anchor. In a case where such signature verification has held good up to the trust anchor in due course, the validity of the public key certificate to be authenticated on its validity shall have been authenticated.
The end entity EEx can authenticate the legality of the electronic document received from the end entity EE1, in such a way that the signature of the electronic document is verified using the public key certificate attached to the electronic document, and that the validity of the public key certificate used for verifying the signature of the electronic document is authenticated in accordance with the steps (1) and (2) stated above.
Incidentally, it is premised in the foregoing that the process for authenticating the validity of the public key certificate is executed in the end entity. However, the certificate validity authentication process is heavy in load, and a high processing capability is required of the end entity for the execution of the process. It has therefore been proposed by the IETF that a server for authenticating the validity of a certificate as is connected to the end entity through a network is disposed so as to authenticate the validity of the public key certificate instead of the end entity.