In general, a public key infrastructure (PKI) is a system that is capable of performing encryption transmissions/receptions of digital documents requiring Internet security using public and private keys between member users authenticated by an authentication system. In other words, the PKI is a system in which the users registered as members in the authentication system are issued with digital certificates from a corresponding certificate authority, which certify that the public key of a certificate is allowed to a certificate user. The PKI users can encrypt digital documents requiring the Internet security using each other's public key and transmit the digital documents by executing digital signatures using their private keys, thereby allowing the digital documents to be reliably transmitted/received between the member-registered users in the authentication system.
Currently, an RFC 2510 Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) is proposed by IETF as a standard protocol in connection with a work/management for the certificate to perform a certificate register, certificate issue, proof of possession of a private key, certificate update, certificate recovery, certificate revocation and so forth in the PKI-based authentication system. The CMP employs an RFC 2511 certificate request message format (CRMF). The CMP prescribes that where there is a message from a user for requesting a certificate validity modification such as certificate suspension or certificate revocation, it is necessarily required to attach a digital signature to the certificate validity modification request message using a private key of the user in order to determine whether the modification request message has been forged.
However, in the conventional PKI-based authentication system, even though the user possesses his/her own private key, the user must personally visit an associated registration authority or certificate authority to recover the certificate. Further, in the conventional PKI-based authentication system, where user private key compromise occurs, so that the user cannot perform the digital signature, the user must personally visit the registration authority or certificate authority to verify his/her identity and personally request the certificate validity modification because it is impossible to process the suspension and revocation of the certificate online.
The above-described certificate validity modification method in the PKI-based authentication system may refer to, for example, Korean Application of Patent No. 1999-0051586, titled “Method for Generating Public Key Certificate for User in Certificate Authority System” and “Research & Development Trends and Domestic Standard on Public Key Infrastructure” described in Telecommunications Review, 10(5): 915-938(2000.10). The “Method for Generating Public Key Certificate for User in Certificate Authority System” discloses just a method for quickly generating a public key certificate for a user in an authentication authority. In the “Research & Development Trends and Domestic Standard on Public key infrastructure”, there are disclosed just trends and standards for implementing public keys, and standards for domestic PKI. As a result, there still exists a problem in that the user must personally visit the corresponding the registration authority or certificate authority to modify the validity of the certificate in the conventional PKI-based authentication system.