Conventionally, a relay apparatus, such as a gateway, is employed to connect a local area network (LAN), such as a wired LAN, a wireless LAN or a mobile phone network, to a wide area network (WAN), such as the Internet. This relay apparatus relays communication between a communication terminal, such as a personal computer (PC), a portable information terminal (PDA) or a mobile phone, connected to the LAN and a server, such as a Web server, connected to the WAN.
As methods for exchanging very confidential data between a communication terminal and a server, a method for performing end-to-end encrypted communication between a communication terminal and a server, and a method for performing inter-server encrypted communication between a relay apparatus and a server have been proposed.
To perform end-to-end encrypted communication, a communication terminal encrypts a message and transmits the encrypted message, and a server decrypts the message. Further, the server encrypts a message and transmits the encrypted message, and the communication terminal decrypts the message. For this communication system, a relay apparatus is disclosed that transmits, to a communication terminal, a server public key that the communication terminal employs for encrypting a message, and that transmits, to the server, a communication terminal public key that the server employs for encrypting a message, so that the relay apparatus acts as a proxy for performing a mutual authentication process for the communication terminal and the server (patent document 1). Further, a technique is disclosed whereby a relay apparatus temporarily decrypts an encrypted message to add a change to the message (patent document 2).
On the other hand, for inter-server encrypted communication, normal non-encrypted communication is performed between a communication terminal and a relay apparatus, and encrypted communication is performed between the relay apparatus and a server. Especially for communication between a mobile phone, etc., and a server, the inter-server encryption communication is effective, because a network on the mobile phone side is a closed network that well maintains secrecy, and because, since a relay apparatus performs an encryption process instead of the mobile phone, the communication function is improved. As for this communication system, a technique is disclosed whereby a relay apparatus provides administrative control for the issue of a certificate used for authentication of a communication terminal, and by using this certificate, mutual authentication is performed between servers (patent document 3). Furthermore, a technique is disclosed whereby a certificate for a communication terminal is registered with a certificate administration server, and a communication terminal performs log-in authentication for the certificate administration server, via a relay apparatus, for downloading the certificate to the relay apparatus (patent document 4). In addition, a technique is disclosed whereby the ID of a relay apparatus along a communication path is employed to determine the authenticity of data exchanged by the relay apparatus and a server (patent document 5).
Moreover, a technique is disclosed whereby end-to-end encrypted communication and inter-server encrypted communication are switched, based on whether a server requests a certificate for a communication terminal (patent document 6).
Patent Document 1: Japanese Patent Application Laid-Open No. 2001-134534
Patent Document 2: Published Japanese Translation of PCT Patent Application, No. 2003-503963
Patent Document 3: Japanese Patent Application Laid-Open No. 2002-82907
Patent Document 4: Japanese Patent Application Laid-Open No. 2001-251297
Patent Document 5: Japanese Patent Application Laid-Open No. 2001-244996
Patent Document 6: Japanese Patent Application Laid-Open No. 2002-111747