1. Field of the Invention
The present invention relates to a network system that allows an image forming apparatus to perform secure printing via a network, and particularly relates to an image forming apparatus, a secure network system, a method for controlling the image forming apparatus, and a method for updating certificate information.
2. Description of the Related Art
Conventionally, a technology named WSD (Web Services on Devices) has been proposed by Microsoft Corporation to connect an image forming apparatus having an image forming function, such as a printer or a multi-function copier with a network, and to print via the network with a client PC connected to the network. In WSD, a secure WSD specification is defined so that communication can be performed securely. In secure WSD, TLS (Transport Layer Security), which is defined by RFC2246, is used. In TLS, although prevention of spoofing is realized by performing certificate verification in which a client verifies server validity in addition to encryption, an operation is performed in which the encryption can only be performed by storing a self-singed certificate on a server. In this case, a risk of spoofing occurs since the client cannot verify the server validity. To address the risk of spoofing, Japanese Patent Laid-Open No. 2007-334753 (Patent Document 1) proposes the use of proxy authentication. In Patent Document 1, an authentication server is provided on a network, and a client device on the network performing communication performs logging in to the network and controls the login. Then, the client device performs control of a network system such that connected devices can exchange authentication information (certificate information) with each other on the network. Accordingly, in TLS, prevention of spoofing has been tried only with use of a self signature.
For example, in TLS or the like, it is necessary to register, in advance, the certificate information (authentication information) on a server in order for an authentication server to perform authentication for a request of the authentication. Also, security of the network system can be improved by regularly updating the certification information, for example.
However, if a cache mechanism is used in order to suppress network traffic, there is the risk that authentication fails since coordination is not achieved between certificate information that has been cached and certificate information on the authentication server.