1. Field of the Invention
The present invention relates to an information processing system, an information processing apparatus and method, a computer program, and a recording medium and, more particularly, to an information processing system, an information processing apparatus and method, a computer program, and a recording medium that are capable of transferring information quickly, freely, and securely.
2. Description of the Related Art
Recently, the increasing number of access points is available to allow personal computer users to access the Internet when they are away from home or office. A method is proposed in which authentication is executed by use of password and user ID at each access point arranged away from home and office through which a user accesses the Internet (refer to “802.11 High-Speed Wireless LAN Textbook”, pages 334 and 335).
The following describes an operation of an access point to be authenticated by use of password and the user ID with reference to FIG. 1. In a system shown in FIG. 1, the communication between a client 1 and an access point 2 is executed through radio and the communication between the access point 2 and an authentication server 3 is executed in a wired manner.
Before accessing the Internet through an access point away from home or office, each user must make user registration to get a password and a user ID. Then, in step S1, the client 1 sends a connection request to the access point 2.
In step S21, receiving the connection request from the client 1, the access point 2 sends the received connection request to the authentication server 3 in step S22. In step S51, receiving the connection request, the authentication server 3 determines whether a response to this request is enabled now. In step S52, the authentication server 3 outputs a connection response corresponding to the decision to the access point 2.
Receiving the connection response in step S23, the access point 2 sends the received connection response to the client 1 in step S24. In step S2, the client 1 receives the connection response.
In step S53, the authentication server 3 sends a public key and a certificate published beforehand by a certification body, not shown, to the access point 2. In step S25, the access point 2 receives these public key and certificate. In step S26, the access point 2 sends the received public key and certificate to the client 1. In step S3, the client 1 receives the public key and the certificate supplied from the access point 2.
The certificate contains plaintext data, such as specification version, serial number, public key owner, and public key, and a digital signature based on these data. The client 1 can compare the contents obtained by decrypting the digital signature by the public key with the already obtained plaintext specification version, serial number, public key owner, and public key to confirm that the received public key and the certificate thereof are the ones received from a true authentication server, namely, an administrator authenticated by the certification body. Therefore, the user can securely connect to the Internet through that authentication server.
In step S4, the client 1 generates an encryption key to be used for a common key for transmitting and receiving information with the authentication server 3, encrypts the generated encryption key by the public key received from the access point 2, and sends the encrypted encryption key to the access point 2. In step S27, the access point 2 receives this encryption key. In step S28, the access point 2 sends the received encryption key to the authentication server 3. In step S54, the authentication server 3 receives the encryption key, decrypts the received encryption key by a private key corresponding to the public key, and uses the decrypted encryption key as a common key.
On the other hand, in step S5, the client 1 encrypts the user ID by the encryption key and sends the encrypted user ID to the access point 2. In step S6, the client 1 encrypts the password by the encryption key and sends the encrypted password to the access point 2. In step S29, the access point 2 receives the user ID and, in step S31, the password. In step S30, the access point 2 sends the user ID to the authentication server 3 and, in step 32, sends the password to the authentication server 3. In step S55, the authentication server 3 receives the user ID and, in step S56, the password. The authentication server 3 decrypts the received user ID and password by the encryption key received in step S54, thereby confirming that the user ID and the password are ones owned by a registered user.
If the client 1 is found to be an authorized user by the user ID and the password, the client 1 completes the connection procedure with the authentication server 3 via the access point 2 in step 7 and the authentication server 3 completes the connection procedure with the client 1 via the access point 2 in step S57. Subsequently, the client 1 can connect to the Internet via the access point 2 and the authentication server 3 to get various services from the Internet.
The user is able to connect to the Internet through the access point 2 and the authentication server as required to receive the supply of the various service because the access points 2 are arranged at many places.
However, the related-art technology requires each user to make registration beforehand to get an ID and a password for the connection to the Internet by use of an access point. Therefore, it is difficult for service providers to promptly and unrestrainedly provide information, which in turn makes it difficult for users to get information promptly and unrestrainedly.
To overcome the above-mentioned problem, the registration of user ID and password beforehand and the use of a certificate may be skipped, but at the cost of possibility of falling victim to wireless LAN phishing. To be more specific, cases were reported in which a person attempting phishing emits unauthorized radio wave within a service range of an access point to make a user client that has received this radio wave display a fake Web page, thereby causing the client to automatically download computer viruses if the user clicks anywhere on the displayed fake Web page.
Therefore, the present invention addresses the above-identified and other problems associated with related-art technologies and solves the addressed problems by transmitting and receiving information promptly and with little restraint.