1. Field of the Invention
The present invention relates to a network system for secure printing via a network.
2. Description of the Related Art
Conventionally, printing can be executed from a client PC via a network connected to a device, such as an image forming device, using communication protocols for web services and the like. There are already standard technologies serving as specifications for executing this processing, such as Web Services on Devices (WSD) *1 proposed by Microsoft Corporation. *1: CHAN, Shannon, et al (February, 2006). Devices Profile for Web Services. Retrieved Aug. 29, 2011 from http://specs.xmlsoap.org/ws/2006/02/devprof/devicesprofile.pdf
Furthermore, specifications *2 for secure WSD have been proposed to preserve the security of network data transmitted from and received by printing means using such web services. Secure WSD employs secure communication using Transport Layer Security (TLS) defined in RFC 2246 and the like. *2: Microsoft Corporation. Secure WSD Device Development. Retrieved Aug. 29, 2011 from http://msdn.microsoft.com/en-us/library/bb204786(v=VS.85).aspx
TLS prevents falsification and sniffing of network data by encrypting the network data, and prevents spoofing through certificate verification. In certificate verification, the validity of a server certificate is ensured by a public certificate authority applying a signature to the server certificate. A client stores a CA certificate of the certificate authority, and a server stores a server certificate. The server transmits the server certificate to the client so that the client verifies the validity of the server.
Although a certificate authority is generally a trusted certificate authority, it is possible to use only the encrypted communication function of TLS with the issuance of a server certificate generated using a self-signature. Furthermore, although a certificate authority is generally a trusted certificate authority, it is possible to verify whether or not the server is a true and correct server by installing, in advance, a CA certificate generated using a self-signature on the client.
In order to verify the validity of a server through certificate verification using TLS, it is necessary for the client to pre-store a CA certificate chained to a server certificate, that is to say, a CA certificate of a certificate authority (CA organization) that issued the server certificate. Therefore, in the case of a client that has many occasions to access servers which conduct verification using self-signatures, the client needs to store CA certificates that match those servers in number. Upon crosschecking a server certificate, the client needs to search a large number of CA certificates for a CA certificate including certificate information that matches the server certificate. This could take time because each one of the CA certificates is checked to determine whether or not it matches the server certificate. In a system where CA certificates are shared in a network by being stored in, for example, a directory server, all the CA certificates of servers accessed by clients belonging to the network are stored in the directory server, and therefore the search is conducted from among a very large number of certificates. The amount of time required for this search could cause delay in crosschecking of the certificates.