The present invention relates to technology for validating certificates.
When transmitting an electronic data such as an electronic document, the sender's digital signature (hereinafter also referred to as a signature) and a public key certificate (hereinafter also referred to as a certificate) may be attached to the electronic data to be sent. Upon receiving the electronic data with the digital signature and the certificate, the receiver checks validity of the signature and certificate, confirms that the attached electronic data is not falsified, and in addition, confirms the identification of the sender of the electronic data.
The issuing and validation of public key certificates is conducted in a public key infrastructure, the reference specification of which is stipulated in literature such as RFC 5280 (Internet X.509 Public Key Infrastructure Certificate and CRL Profile). As stipulated in RFC 5280, Chapter 6 (Certification Path Validation), the receiver (hereinafter also referred to as the verifier) constructs a certification path to the certificate which is subjected to a validation from a certificate of a reliable certificate authority (hereinafter also referred to as the CA), and then conducts a validation of the constructed certification path.
In the case where a number of CAs involve with a certificate validation and these CAs are respectively coupled by mutual authentications, a configuration for validation of certificates is likely to be complex, and thus, a process managing the construction and validation of a certification path becomes complicated, too. For this reason, a server (hereinafter referred to as a validation server) that provides services for conducting certificate validation processing instead of the verifier's device and then transmitting the validation result to the verifier may be used. The reference protocol for validation servers is stipulated in RFC 5055 (Server-Based Certificate Validation Protocol). Upon receiving a certificate validation request from a verifier, the validation server constructs a certification path between the reliable CA for the verifier and the certificate which is subjected to a validation and then conducts validation of the constructed certification path. The validation server then adds its signature and certificate to the above validation result and transmits the certificate to the verifier. Upon receiving the validation result from the validation server, the verifier validates the signature and certificate of the validation server that are attached to the validation result, thereby confirming that the validation result is trustworthy.
In addition, in a validation server like the above, it is necessary to perform cryptographic calculations while performing certification path validation processing, such as signature validation processing for certificates or certificate revocation lists (hereinafter referred to as CRLs), and processing to generate a validation server signature for the validation result. In order to reduce the processing load of such cryptographic calculations, hardware security modules (hereinafter referred to as HSMs) like those described in the related Literature 1 (SafeNet, “Luna SA 4.2”, [online], SafeNet, P.1, [accessed Jan. 21, 2008], Internet <http://www.safenet-inc.com/library/3/Luna SA.pdf>), Literature 2 (SafeNet, “Luna PCM 2.2”, [online], SafeNet, P.1, [accessed Jan. 21, 2008], Internet <http://www.safenet-inc.om/library/3/LunaPCM.pdf>), and Literature 3 (nCipher, “netHSM”, [online], nCipher, P.1, [accessed Jan. 21, 2008], Internet <http://www.ncipher.com/uploads/resources/nethsm.pdf>) are used.