1. Field of the Invention
The present invention relates to a digital certificate management system managing a digital certificate in a digital certificate management apparatus used for authentication processing between one or a plurality of clients and one or a plurality of servers which configure a client and server system, the digital certificate management apparatus, a digital certificate management method for managing the digital certificate, an updating procedure determining method for determining an updating procedure for updating the digital certificate proving validity of the digital certificate concerning the digital certificate management processing, a program causing a computer to function as the digital certificate management apparatus, and a computer readable information recording medium storing the program.
2. Description of the Related Art
There is a client and server system in which a plurality of computers such as PCs are connected together via a communication network in a manner such that each computer is communicatable with any other computers, and at least one thereof acts as a server and at least another one thereof acts as a client.
In such a client and server system, a request is transmitted from the client to the server, which then executes processing according to the request, and then responds to the client. Such a client and server system has been applied to a so-called electronic commerce system in which the client transmits an order request for goods, and the server accepts the order request, for example. Another type of system has also been proposed in which various electronic devices are made to have functions as the clients or the servers, are connected via a communication network and thereby, remote management for the electronic devices is achieved.
In such a case, it is important to confirm whether a communication counterpart is an appropriate one, and also, to confirm whether information transmitted has not been tampered. Furthermore, especially in a case of utilizing the Internet or so, in many cases, information passes through many computers which have no relevance until the information reaches a communication counterpart. Thereby, when secret information is transmitted, it is necessary to take a measure such as to avoid the information from leaking. A communication protocol which solves such a problem, such as a protocol called SSL (secure socket layer) or so has been developed, and has spread widely. When such a protocol is applied for communication, a public key cryptosystem and a private key cryptosystem are combined for performing authentication of a communication counterpart, and also, tamper or wiretap can be avoided effectively since the information is encoded.
A communication procedure performed when the authentication processing is performed with the use of a pubic key cryptosystem, and a digital certificate used there, will now be described. There, it is assumed that a client authenticates a server in this case. In this case, in order to perform authentication processing, a server private key and a server public key certificate (server certificate) are stored in the server, and also, a root key certificate is stored in the client. The server private key is a private key issued by a certificate authority (CA) for the server. The server public key certificate is created in a form of a digital certificate including a public key corresponding to the private key to which the CA attached a digital signature. The root key certificate also has a form of a digital certificate including a root key which is a proof public key (referred to as a ‘proof key’, hereinafter) corresponding to a root private key which is a proof private key used by the CA in the digital signature.
FIGS. 53A and 53B illustrate such relationship. As shown in FIG. 53A, the server public key includes a key body used for decoding a document encoded with the use of the server private key, and bibliographic information including information of an agency (CA) which issued the public key, a part (server) for which public key was issued, validity due date and so forth. In order to show that the key body and the bibliographic information have not been tampered, the CA encodes with the use of the root private key a hash value obtained from hash processing performed on the server public key, and attaches it as a digital signature to the server public key. Further, at this time, identification information used for identifying the root private key used for the digital signature is added to the bibliographic information as signature key information. The server public key certificate is obtained as a public key certificate having the digital signature attached thereto.
When using the server public key certificate in the authentication processing, the digital signature included therein is decoded with the use of the key body of the root key which is the public key corresponding to the root private key. When the decoding has been completed normally, it is positively determined that the digital signature was attached by the CA. Further, when a hash value obtained from performing hash processing on the server public key part and a hash value obtained from the decoding agree with one another, it is determined that the key itself has not been subject to any damage or tamper. Furthermore, when the received data has been normally decoded with the use of the server public key, it is determined that the data is one transmitted from the server which possesses the server private key. After that, with reference to the bibliographic information, authentication is performed based on the given reliability of the CA, whether or not the server is registered, or so.
In order to perform the authentication, it is necessary to previously stores the root key, and this root key is stored in a form of a root key certificate having a digital signature attached thereto by the CA, as shown in FIG. 53B. This root key certificate is in a self signing type such that the digital signature can be decode with the use of a public key which is included in the same certificate. When the root key is used, the digital signature included in the root key certificate is decoded with the use of the key body, and is compared with a hash value obtained from performing hash processing on the root key. When they agree with one another, it can be proved that the root key has not been subject to any damage or such.
When the client requests the server for communication in the client and server system, these respective apparatuses perform the follows processing:
First, the server generates a random number in response to the communication request from the client, and also, encodes it with the use of the server private key. The thus-obtained encoded random number is transmitted to the client together with the server public key certificate. Then, when receiving it, the client proves validity of the received server public key certificate with the use of the root key certificate. This proving processing includes not only processing for proving that it has been subject to neither damage nor tamper but also processing for proving that the server is a proper communication counterpart with the use of the bibliographic information. After the proving is normally completed, the received random number is decoded with the use of the server public key included in the received server public key certificate. When the decoding is completed in success, it can be proved that the random number is one received from the server for which the server public key certificate was issued, positively. Thus, through the above-described processing, the server is authenticated as a proper communication counterpart by the client.
Furthermore, when a key for common key used encoding is exchanged after it is encoded with the use of the private key or the public key, the common key can be exchanged safely, and it is achieved to establish a safe communication path by encoding the communication contents according to the common key used encoding.
In the public key cryptosystem, it is possible to derive the private key from the public key although it requires a considerably long time depending on the key length, in general. Then, when the private key is thus known once, a third person can pretend to be the right holder of the private key (spoofing). If so, reliability in the authentication or safety in communication cannot be secured. Then, in order to solve this problem, there are some users who apply a security policy by which validity due date is given to a key mentioned above, and a set of keys are replaced periodically. As a result, when the above-mentioned remote management system utilizing the above-mentioned authentication processing is provided, it is needed to guarantee, for a customer, that the system has an ability of updating keys. The same discussions should also be made for the root keys and root private keys. A trigger of updating a key is not only expiration of a predetermined validity due date, but also a fact that it is known that the private key has leaked to a third person.
Japanese Laid-open Patent Application No. 11-122238 discloses an art relating to such a manner of updating the key, for example.