1. Field of the Invention
The present invention relates to techniques of authenticating another party in a communication.
2. Description of the Related Art
Due to the rapid spread of Internet use, systems which perform communications based on the Internet are on the increase in recent years. One example of such systems is electronic commerce that conducts buying and selling over the Internet.
In such an Internet-based communications system, it is necessary to make sure that the other party in communication is an authentic participant in the system. This is called authentication. The party referred to here may be a person who operates a device or a device which performs a predetermined procedure. Hereafter, the party is called a device, which is assumed to include both of the above senses. Device authentication means one device authenticates the other device in communication. The device authentication is a concept that involves both “proof” and “verification”. The proof means the other device tries to prove its validity, that is, the other device tries to prove that it is an authentic participant in the system. The verification means the device verifies the validity of the other device.
Cryptography is employed for secret communications of information or the aforementioned authentication in these communications systems. There are mainly two types of cryptography: secret key cryptography and public key cryptography. In secret key cryptography, a same key is used for encryption and decryption. In public key cryptography, meanwhile, different keys are used for encryption and decryption.
It is desirable to use a public key cipher for the aforementioned authentication, for the following reason. In authentication based on a secret key cipher, namely, password authentication, a verifier possesses the same secret information as a prover. This being so, the verifier may impersonate the prover once the authentication has been performed. In authentication based on a public key cipher, on the other hand, a prover provides proof using a private key of the public key cipher, and a verifier performs verification using a public key corresponding to the private key. In the public key cipher, it is impossible to derive the private key from the public key. Therefore, the verifier cannot impersonate the prover after the authentication.
In public key cryptography, a process of generating data (signature text or signature data) to prove validity using a private key is called signature generation, and a process of verifying the validity of the signature data using a public key corresponding to the private key is called signature verification.
For instance, authentication based on a public key cipher is conducted as follows. A first device sends random number data to a second device as challenge data. The second device signs the random number data using a private key of the second device, and sends the result to the first device as response data. Lastly, the first device verifies the signature received from the second device using a public key of the second device. Typically, such public key cipher-based authentication is based on a precondition that the public key is valid in the system.
In general, an organization called a certification authority (CA) issues a “public key certificate” attesting to the validity of a public key of each device in the system, to thereby “endorse” the public key. In detail, the CA generates electronic signature data from a result of concatenating data such as an identifier of the device, an expiration date, and the public key of the device. The CA then generates a public key certificate that contains the concatenation data and the electronic signature data, and issues the generated public key certificate. A device that receives the public key certificate verifies the electronic signature data of the CA, and also checks the contents of the public key certificate based on the device identifier and a current time, to thereby confirm the validity of the public key. Also, a CRL (Certificate Revocation List) is issued to announce public key certificates which have been revoked from the system and are no longer valid. The CRL is a list of information identifying the revoked public key certificates, accompanied by electronic signature data of the CA.
Thus, one device acquires a public key certificate of the other device and checks whether the public key certificate is not listed in the CRL (i.e., has not been revoked), before performing authentication on the other device using a public key of the other device. In this way, communications with unauthorized devices can be avoided. Since CRL formats and implementations can be realized using known techniques in the art, their detailed explanation has been omitted here. As one example, the X.509 standard of ISO/IEC/ITU defines CRL formats, that is, CRL data structures.
Each time a public key certificate is revoked, the CRL is updated by adding an identifier of the revoked public key certificate, and the new CRL is delivered to each device.