1. Field of the Invention
The present invention relates to a communication apparatus and the like as a client that receives a service from a server after checking the validity of such server, and particularly to a communication apparatus and the like for verifying a server certificate issued by a certificate authority.
2. Description of the Related Art
In recent years there has been rapid proliferation as well as an expanding use of the Internet, and there are a variety of services utilizing the Internet such as E-mail and Internet shopping. Behind this trend, however, there are problems of tapping and tampering of data such as individual information that is carried over the Internet. In order to prevent attacks from malicious third parties, a variety of security techniques have been conceived and employed. Such security techniques include cryptography for preventing data contents from being leaked, even when such data is tapped while being transmitted, and authentication for checking whether data has not been tampered in the course of transmission.
A technology known as SSL (Secure Sockets Layer) is a security technique that utilizes cryptography and authentication and that is often employed on the Internet. SSL, which is disclosed in U.S. Pat. No. 5,657,390, for example, is a technology for providing a communication that ensures that (1) a server is authenticated, (2) data is not leaked in the course of communication, and (3) the contents of data that the client is to receive has not been tampered in the course of communication.
Referring to FIGS. 1 and 2, a description is given of an overview of an SSL communication method.
FIG. 1 is a diagram illustrating how key information and certificates are prepared in SSL. This drawing shows a server 103 and a client 102 that carry out a secret communication, and a certificate authority 101 that issues a server certificate indicating the validity of the server 103.
A CA public key 104 is a public key corresponding to the private key of the certificate authority 101. A CA private key 105 is the private key of the certificate authority 101. A CA certificate 106 is a certificate indicating that a server certificate issued by the certificate authority 101 is valid. A server public key 107 is a public key corresponding to the private key of the server 103. A server private key 108 is the private key of the server 103. A server certificate 109 is a certificate indicating the validity of the server 103. And a signature 110 is a signature created by the certificate authority 101 on the server certificate 109.
FIG. 2 is a diagram showing an SSL communication protocol. In FIG. 2, a communication common key 201 is a common key to be used in a secret communication.
The certificate authority 101 previously generates a key pair consisting of the CA public key 104 and the CA private key 105, and generates, at the same time, a CA certificate 106 that describes the CA public key 104 and information concerning the certificate authority 101.
Before starting the operation, the server 103 first generates a key pair consisting of the server public key 107 and the server private key 108. Then, the server 103 sends, to the certificate authority 101, the server public key 107 and information concerning the server 103, so as to request for the issue of a server certificate 109.
Using the CA private key 105, the certificate authority 101 creates a signature 110 from information received from the server 103 and other necessary information, and issues, for the server 103, a server certificate 109 that is the result of putting together the information from the server 103, the other necessary information, and the signature 110.
The server 103 stores the received server certificate 109.
Meanwhile, the client 102 previously obtains the CA certificate 106 from the certificate authority 101, and stores it.
The following describes how the client 102 and the server 103 actually carry out a secret communication.
When getting connected to the server 103, the client 102 negotiates with the server 103 which encryption specification to use in the secret communication.
Next, the server 103 sends the server certificate 109 to the client 102.
Then, the client 102 verifies if the server certificate 109 is valid or not using the CA public key 104 which the client 102 stores in itself. When the server certificate 109 is valid, i.e., the signature 110 included in such server certificate 109 is one created by use of the CA private key 105, it is possible for the client 102 to verify the validity of the server certificate 109 using the CA public key 104.
After verifying that the server certificate 109 is valid, the client 102 randomly generates information about common key generation on the client side (hereinafter referred to as “client-side common key generation information), and sends the generated information to the server 103.
Meanwhile, the server 103 randomly generates information about common key generation on the server side (hereinafter referred to as “server-side common key generation information), and sends the generated information to the client 102.
Then, the server 103 and the client 102 generate a communication common key 201 using the above server-side common key generation information and client-side common key generation information.
Through the above operation, it becomes possible for the client 102 and the server 103 to share the communication common key 201.
From then on, by using the communication common key 201 to encrypt and decrypt data to be transmitted, it becomes possible for the client 102 and the server 103 to carry out a secret communication.
Note that the X.509 certificate format defied by the ITU-T (International Telecommunication Union-Telecommunication Standardization Sector) is often employed as the format of a CA certificate 106 and a server certificate 109.
According to the X.509 certificate format, a server certificate 109 needs to describe the validity period. This is because the security of a private key depends on the fact that it takes sufficiently long time to calculate the private key from the public key and communication data, meaning that there is a higher possibility that the private key will be exposed if the same key continues to be used for a longer period of time.
Similarly, a CA certificate 106 is also required to describe the validity period, which is longer than that of a server certificate 109 in general.
Meanwhile, when the validity period of a CA certificate expires, or when the CA private key is exposed due to some cause, it is necessary to immediately generate a new key pair and to issue/obtain a new CA certificate.
For example, in the case where (1) there are a sufficient number of certificate authorities which are available at the same time, (2) a client has a sufficient computer resource such as a PC (Personal Computer), and (3) such client can therefore posses all or a required number of CA certificates of the certificate authorities, it is possible for a server to use a server certificate that was issued by another certificate authority other than a revoked certificate authority. In this case, the client verifies such server certificate by using, one after another, the CA certificates which it possesses. When the client can verify the validity of the server certificate by using any one of such CA certificates, it is possible for the client to verify that such server is an authenticated server.
Meanwhile, when a certificate authority is newly established, the user of a client apparatus can obtain a CA certificate of such certificate authority from the certificate authority itself or from a reliable server, and then installs the obtained CA certificate in its client apparatus.
Also, there are apparatuses and methods for automatically renewing a server certificate when the validity period of the server certificate is close to expiring and when the server certificate gets revoked. Such techniques are disclosed, for example, in Japanese Laid-Open Patent publication No. 2001-197054 and Japanese Laid-Open Patent publication No. 2002-215826.
With the above existing techniques, however, if a client apparatus is a home appliance, for example, that is not equipped with a sufficient amount of resources including a memory, there is a problem that it is difficult for such client apparatus to possess many CA certificates at the same time and to be equipped with a program or a circuit for authenticating a server by use of plural CA certificates.
Furthermore, if a client apparatus does not have a clock (calendar/timer) or any means for setting the clock to the correct time, it is difficult for such client apparatus to check the validity period of a CA certificate, which causes the problem that such client apparatus cannot renew the CA certificate automatically even when the end of the validity period is approaching.
The present invention has been conceived in view of the above problems, and it is an object of the present invention to provide a communication apparatus, an authentication apparatus, and the like which make it possible to verify the validity of a server, with a CA certificate being renewed in a safe and secure manner, even when the communication apparatus is equipped only with a small amount of resources.