1. Field of the Invention
The present invention relates to public-key-certificate issuing systems for proving the validity of a public key for use in encrypted data transmission in electronic distribution systems, and data communication methods. In particular, the present invention relates to a public-key-certificate issuing system in which a data-transmission-service entity enables a public key and a public-key certificate to be used for general purposes without having a certificate authority function for issuing a public-key certificate, and to a data communication method.
2. Description of the Related Art
Nowadays, various types of software data (hereinafter referred to as “contents”), such as game programs, audio data, image data, and document-making programs, are distributed via networks such as the Internet. Also, the purchase and sale of goods via a network, such as online shopping, has become gradually popular.
In data communication of the above network type, in general, a data transmitting side and a data receiving side transfer necessary data to each other after verifying that each side is correct, in other words, a data transfer system in which security is taken into consideration is formed. In a technique for realizing a security system in data transfer, encryption processing on data to be transferred and sign processing on data are performed.
By decryption processing based on a predetermined procedure, encrypted data can be restored to decrypted data (plaintext) that is usable. Data encryption and decryption have been well known in which an encryption key is used in encryption processing on the information and a decryption key is used in decryption processing.
There are various types of data encryption and decryption using encryption and decryption keys. One example of the types is a so-called “public key encryption”. In the public key encryption, by using different keys for a transmitter and a receiver, one key is used as a public key that can be used by unspecified users, and the other key is used as a private key that is kept secret. For example, a data encryption key is used as a public key, and a decryption key is used as a private key. Otherwise, the public key encryption is used in a form that uses a certificator generating key as a private key and a certificator decrypting key as a public key.
The public key encryption is advantageous to the management of keys since it differs from a so-called “symmetric-key encryption method” using a symmetric key for decryption in that a particular person needs to have a private key that must be kept secret. However, since the symmetric-key encryption method has a slower data processing speed than that of the public key encryption, it is often used for small-data-amount objects such as a private key delivery, and digital signing. One typical example of the public key encryption is RSA (Rivest-Shamir-Aldleman) encryption. This uses the product of very large prime numbers (e.g., 150 digits), and uses difficulty of factorization processing on the product of the two large prime numbers.
In the public key encryption, a technique is often used which is designed allowing the general public to use a public key and which uses a public-key certificate certificating the validity of a distributed public key. For example, User A generates a pair of a public key and a private key, sends the generated public key to a certificate authority, and obtains a public-key certificate from the certificate authority. User A opens the public-key certificate to the public. By obtaining the public key from the public-key certificate by performing a predetermined procedure, an unspecified user encrypts a document or the like, and sends it to User A. User A is a system that uses the private key to decrypt the encrypted document. User A is also a system that puts a signature on the document by using the private key and that verifies the signature by obtaining the public key from the public-key certificate through a predetermined procedure.
The public-key certificate is described with reference to FIG. 1. The public-key certificate is a certificate issued by a certificate authority or an issuer authority, and is a certificate made such that, by submitting from a user the user's ID, a public key, etc., to the certificate authority, the certificate authority adds information such as the ID of the certificate authority and a revocation date and also puts a certificate authority's signature.
The public-key certificate shown in FIG. 1 includes a certificate version number, a certificate serial number assigned to a certificate user by the certificate authority, algorithm and parameters used for electronic signing, a certificate authority name, a certificate revocation date, a certificate user name (user ID), a public key for the certificate user, and an electronic signature of the certificate user.
The electronic signature is data generated by generating a hash value by applying a hash function to the entirety of the certificate version number, the certificate serial number assigned to the certificate user by the certificate authority, the algorithm and parameters used for electronic signing, the certificate authority name, the certificate revocation date, the certificate user name, the entirety of the public key of the certificate user, and the electronic signature, and using a certificate-authority private key on the hash value.
The certificate authority issues the public key certificate shown in FIG. 1, updates the public-key certificate that has expired, and performs the generation, management, and distribution (these are called “revocation”) of an unauthorized person list for expelling users who have taken unauthorized conducts. The certificate authority also generates a public key and a private key, as required.
When using the public-key certificate, a user uses the certificate authority public key retained by the user to verify the electronic signature on the public-key certificate, extracts the public key from the public-key certificate after succeeding in the verification of the electronic signature, and uses the public key. Accordingly, all users who use the public-key certificate must retain certificate-authority public keys that are common.
In a data transmission system based on the above-described public key encryption using a public-key certificate issued by a certificate authority, if a different public key is used, it is required to newly request a certificate authority to issue a public-key certificate corresponding to the public key, or it is required to construct a certification system having a certificate authority function. In other words, for example, when a service provider that distributes contents or offers a goods providing service starts a new service (new electronic distribution system) and starts to use a new public key, the service provider always must request a certificate authority to perform the issuance and management of a public-key certificate corresponding to the new public key or to construct a certificating system having a certificate authority system, so that problems occur in that a lot of costs and time are required. In addition, when certificates issued by different certificate authorities are used to perform communication, it is required, for verifying issuance authority signatures in the certificates, that a signature verifying key be acquired by establishing a link to a center, and this case is not suitable for offline use.