1. Field of the Invention
The present invention relates to a technology for realizing cooperative processing wherein processors present on a network cooperate, and in particular to a security technology associated with cooperative processing.
2. Description of the Related Art
Workflow systems are currently being proposed in which various services can be provided for office functions by connecting to a LAN (Local Area Network) devices such as a scanner, a facsimile machine, a printer, a copier, and a multifunction device having these functions integrated so that these devices can communication with information processors such as personal computers or a mail server.
In recent years, technologies allowing various web applications to cooperate with one other have been proposed. It is highly expected that, if an overall system can be constructed by connecting various application services and service providers accessible through the Internet and provided, the cost for developing a system can be significantly reduced because existing services can be utilized. In connection with this, languages such as XML (extensible Markup Language) or the like also are attracting attention as a common platform enabling such cooperative services.
Examples of conventional workflow systems include those disclosed in, for example, Japanese Patent Laid-Open Publications Nos. Hei 8-123744, 2002-99686, and 2001-282970.
In a workflow system, a request for a service in each of processors forming the flow is made by sequentially transmitting instruction data from one processor to another. Where there is a risk of falsification or “spoofing”, there may arise cases wherein the level of security cannot be maintained at a level required by the processor.
This problem becomes particularly significant when a processor located outside of an internal network(such as intranet) is to be incorporated into the workflow. Examples of an external processor incorporated into the workflow include various processors such as, for example, a time stamp server for providing a presence authentication of data as a third party agent and an accounting server (for example, a settlement processor of a credit card company) for collecting money on behalf of a service provider.
In order to prevent such falsification of data or spoofing, an electronic signature system such as PKI (Public Key Infrastructure) is used. Such an electronic signature system can be used for communication of instruction data between processors.
However, in the case when data is transmitted between a processor located inside an internal network and another processor located outside that network, verification of the electronic signature becomes difficult. This is due to the following reasons.
Certificate authorities (“CA”) in general include certificate authorities of various levels, and range from those that with a high level of public trust, such as those provided by national governments or recognized corporations such as the Verisign Corporation, to those especially built within a company or a division of a company. When a workflow combining processors within the intranet of a company and processors present on the Internet is to be performed, it is likely that the CAs issuing public key certificates to the processors differ from each other. In order to address this issue, the CA publicizes the public key certificate of each user (in PKI, each processor is also a user) through a web server or an LDAP (Lightweight Directory Access Protocol) server so that a party who wishes to verify an electronic signature obtains the public key certificate necessary for the verification from these servers. When instruction data electronically signed by a processor within a company (within an intranet) using a secret key of the public key certificate of a in-house CA is transmitted to a processor outside the company (outside the intranet), the external processor may sometimes be blocked by a firewall and be unable to obtain the public key certificate from the in-house CA.
If, on the other hand, the system is configured such that a processor outside the company can obtain the public key certificate issued by the in-house CA, a problem remains that the public key certificate issued by the in-house CA commonly includes information such as the name of the owner of the certificate and their job location. If this information is transmitted outside the company, the organization within the company may be made known.
In connection with these problems, Japanese Patent Laid-Open Publication No. 2002-164884 discloses a signature proxy server used for providing electronic signature when documents are exchanged between devices within different intranets. On behalf of a device within the intranet, the signature proxy server provides an electronic signature on a document originating from a device within the intranet and verifies the electronic signature on a document from outside to a device within the intranet.
Japanese Patent Laid-Open Publication No. 2002-164884 does not, however, consider electronically signed documents within the intranet. In other words, in the configuration disclosed in this reference, a device within the intranet does not attach an electronic signature to the data originating from the device and the signature proxy server attaches an electronic signature to the data to be transmitted from a device within the intranet to the outside without verifying the authenticity of the data.