With the compactness, high performance, and portability of electronic devices, there have been demanded environments where terminals are connected to a network at any location, if necessary, to perform communication. A network that is temporarily established, if necessary, called wireless ad-hoc network technology, has been developed. In a wireless ad-hoc network, no particular access point is provided, and terminals (e.g., computers, personal digital assistances (PDAs), portable phones, etc.) that are independently and dispersedly-located are connected with one another.
In order to prevent unauthorized devices from accessing network resources, typically, authorization management is performed using a terminal-authorization-certificate that is a certificate that serves to authorize a terminal to access a network, i.e., a certificate of privilege. One kind of terminal-authorization-certificate is an attribute certificate, which was newly specified by X.509 ver. 3 in March 2000, and the profiles (definitions of the description in data fields contained in an attribute certificate) were collectively defined in the Standard Track RFC (Request For Comments) in April 2002. An attribute certificate is used as an access license to network resources to check the rights to connect to the network resources, thus allowing only a terminal having access qualifications to connect. In this document, the terminal-authorization-certificate is described in the context of an attribute certificate. However, for example, terminal rights described in an XML language or the like, which are signed by an authorized authority, may function as a terminal-authorization-certificate of the present invention.
In a traditional communication system, data used for authentication is collectively managed by a specific device on a network. For example, there has been suggested a technology in which a single public key management device is shared by a plurality of radio communication exchange systems, and, when a mobile terminal moves into a service area of one of the radio communication exchange systems, the public key management device is requested to send a public key of this mobile terminal (see, for example, Japanese Unexamined Patent Application Publication No. 10-112883 (FIG. 1)).
In a traditional communication system, data used for authentication is collectively managed. In a wireless ad-hoc communication system, however, terminals are always moving, and different terminals set up a network from time to time. Thus, a collective management device does not always exist. Due to the nature of wireless media, a communication path to such a collective management device is not always maintained. Therefore, the wireless ad-hoc communication system is not suitable for collective management.
Accordingly, it is an object of the present invention to independently and dispersedly issue a terminal-authorization-certificate in a wireless ad-hoc communication system. The present invention is particularly useful in a wireless network in which all wireless terminals setting up the network transmit management information (such as a beacon).