IPsec is a protocol by which two apparatuses on the Internet sharing secret data unknown to anybody else perform encryption and authentication on the basis of this secret data. To communicate with each other, these two apparatuses must securely share the secret data, their IP addresses, and the like. Data such as the secret data and IP addresses is called SA (Security Association).
A protocol by which SA is safely shared is called IKE (Internet Key Exchange), and defined in RFC2409 “The Internet Key Exchange (IKE)”. IKE uses a Diffie-Hellman public-key distribution scheme (to be referred to as DH hereinafter) as a secret data sharing method, and four authentication methods are defined. One of them uses a pre-shared key and is not suitable for communicating with many unspecified communication partners. The remaining three authentication methods use a public key cryptography. Since a public key is a random-looking numerical value, a public-key certificate is used to certify the correspondence between a public key and an apparatus.
That is, to execute IPsec with many unspecified communication partners on the Internet using IKE, a public-key certificate must be issued to an apparatus. A private key corresponding to a public key or a key generated by performing IKE needs to be securely generated and managed such that only the apparatus can use the key.
As a method of overcoming constraints on computing performance and storage capacity, there can be considered a method of providing a server which performs IKE by proxy. For example, Japanese Patent Laid-Open No. 2003-179592 describes a method by which a key exchange proxy server performs DH and authentication by proxy. However, in this method, two keys, i.e., a key generated by performing IKE and a private key required to generate a signature payload are known to the key exchange proxy server. That is, a key is not generated and managed such that only an apparatus can use the key.
Currently known methods are as follows. In one method, an apparatus completely supports and independently performs certificate processing and IKE such that a key is unknown to others. In another method, a second apparatus is allowed to know a key and performs certificate and IKE processing by proxy. A method in which an apparatus does not perform processing independently, and a second apparatus performs processing by proxy without knowing a key would make it possible to manufacture an apparatus at lower cost than an existing one and would be preferable in terms of security. However, such method is unknown at the present.
It is difficult for some apparatuses which perform communications on the Internet to perform complicated operation and strict management. These apparatuses do not always have high computing performance and large storage capacity.