JP4504047B2 - Digital certificate management system, digital certificate management apparatus, digital certificate management method and program - Google Patents

Description

  The present invention relates to a digital certificate management system for managing a digital certificate used for authentication processing between one or more clients and one or more servers constituting a client / server system by a digital certificate management apparatus, and Digital certificate management apparatus constituting the system, digital certificate management method for managing the digital certificate in this way, and updating the certification key for confirming the validity of the digital certificate when managing the digital certificate And a program for causing a computer to function as the digital certificate management apparatus.

2. Description of the Related Art Conventionally, a client / server system is configured in which a plurality of computers such as PCs are communicably connected via a network, and at least one is a server device (server) and another at least one is a client device (client). Things have been done.
In such a client / server system, a request is transmitted from the client device to the server device, and the server device performs processing according to the request and returns a response to the client device. Such a client / server system is widely used for so-called electronic commerce in which an order request for a product is transmitted from a client device and the server device accepts the order. In addition, a system has also been proposed in which various electronic devices are connected via a network with the functions of a client device or a server device, and the electronic device is remotely managed by communication between them.

  In such a case, it is important to confirm whether the communication partner is appropriate or whether the transmitted information has been tampered with. In particular, in the Internet, since information often passes through an irrelevant computer until it reaches a communication partner, it is necessary to prevent the contents from being stolen when transmitting confidential information. As a communication protocol that meets such requirements, for example, a protocol called SSL (Secure Socket Layer) has been developed and widely used. By performing communication using this protocol, it is possible to combine a public key cryptosystem and a common key cryptosystem to authenticate a communication partner and to prevent tampering and eavesdropping by encrypting information.

Here, a communication procedure when performing an authentication process using a public key cryptosystem and a digital certificate used at that time will be described. Here, a case where the client device authenticates the server device will be described as an example.
In this case, in order to perform authentication processing, the server private key and the server public key certificate (server certificate) are stored on the server device side, and the root key certificate is stored on the client device side. Here, the server private key is a private key issued to a server device by a certificate authority (CA). The server public key certificate is a certificate obtained by adding a digital signature to the public key corresponding to the private key. In addition, the root key certificate attaches a digital signature to the root key that is the certification public key (hereinafter also referred to as “certification key”) corresponding to the root private key that is the private key for certification used by the CA for the digital signature. It is a digital certificate.

FIG. 53 shows these relationships.
As shown in FIG. 53A, the server public key includes a key body for decrypting a document encrypted using a server private key, an issuer (CA) of the public key, and an issue partner (server Device) and bibliographic information including information such as an expiration date. The CA encrypts the hash value obtained by hashing the server public key using the root private key to indicate that the key body or bibliographic information has not been tampered with, and uses it as a digital signature in the server public key. Attached. At this time, the identification information of the root private key used for the digital signature is added as signature key information to the bibliographic information of the public key. The public key certificate with the digital signature is a server public key certificate.

  When this server public key certificate is used for authentication processing, the digital signature included therein is decrypted using the key body of the root key which is a public key corresponding to the root private key. If this decryption is carried out normally, it can be seen that the digital signature is certainly attached by the CA. Further, if the hash value obtained by hashing the server public key portion matches the hash value obtained by decryption, it is understood that the key itself has not been damaged or tampered. Further, if the received data can be normally decrypted using this server public key, it is understood that the data is transmitted from the server private key owner, that is, the server device. After that, referring to the bibliographic information, whether the authentication is correct or not may be determined based on the reliability of the CA, the presence / absence of registration of the server device, or the like.

  Here, in order to perform authentication, it is necessary to store a root key in advance, and this root key is also used as a root key certificate with a digital signature by the CA, as shown in FIG. Remember. This root key certificate is a self-signed form in which a digital signature can be decrypted with a public key included in the root key certificate. When the root key is used, the digital signature is decrypted using the key body included in the root key certificate, and compared with the hash value obtained by hashing the root key. If they match, it can be confirmed that the root key is not damaged.

When the client device requests communication to the server device in the client / server system constituted by the client device and the server device as described above, each of these devices performs the following processing.
First, the server device generates a random number in response to a communication request from the client device, encrypts it with the server private key, and transmits the encrypted random number together with the server public key certificate to the client device.
Then, the client device that has received this confirms the validity of the received server public key certificate using the root key certificate. This includes a process of confirming that the server apparatus is an appropriate communication partner by referring to the bibliographic information as well as confirming that no damage or tampering has occurred as described above.

If the confirmation can be made, the received random number is decrypted using the server public key included in the received server public key certificate. Here, if the decryption is successful, it can be confirmed that the first random number is certainly received from the server device to which the server public key certificate is issued. Therefore, the server device can be authenticated as a valid communication partner by the above processing.
In addition, if the common key encryption key is exchanged by encrypting with the above public key or private key, the common key is exchanged safely, and a secure communication path is established by encrypting the communication contents with the common key encryption. can do.

By the way, in the public key cryptosystem, although depending on the key length, a private key can be derived from the public key over time. Once the private key is known, a third party can impersonate the owner of the private key, so authentication reliability and communication security cannot be maintained. Therefore, as described above, an increasing number of users adopt a security policy in which an expiration date is set for a key and a set of keys is updated every predetermined period. For this reason, for example, when providing a remote management system or the like using the authentication process as described above, it is necessary to guarantee to the customer that the system can update the key. The same applies to the root key and the root private key. In addition to the arrival of a predetermined expiration date, it is conceivable that the reason for renewing the key is when the leakage of a private key to a third party is found.
As a technique related to such key update, for example, a technique described in Patent Document 1 can be cited.
Japanese Patent Laid-Open No. 11-122238

However, Patent Document 1 has a description about updating a key issued to each device, but there is no description about updating a root key.
In the case of the public key cryptosystem, when a key pair issued to each device is updated, a new public key certificate corresponding to the new private key is stored in the device, and the communication partner is notified. If this is passed, the authentication process as described above can be performed without any trouble.
However, when updating the root key, the new root key cannot decrypt the digital signature attached to the previous digital certificate, so each new root key and the corresponding new root private key are used. If the public key certificate of the device is not recreated and distributed, it will hinder the execution of the authentication process (however, the private key of each device does not necessarily need to be updated).

Further, since there has been no known method for updating such a root key without hindering the authentication process, the root key cannot be securely transmitted to a device that needs to be updated via the network. Therefore, it has been necessary to deliver a root key certificate and a new public key certificate to each device through another secure route. That is, it is necessary to provide a special communication path for updating the root key.
As this route, for example, registered mail is conceivable, and a recording medium such as a memory card or a flexible disk in which certificate data is recorded is sent to the apparatus administrator by registered mail, and the administrator updates the apparatus key. A method is conceivable. However, this method can be applied only when there is an administrator who has sufficient knowledge about each device of the client and the server, and the CA side trusts the administrator of the device for processing after sending the recording medium. There was only. Therefore, if the administrator neglects or mistakes the update process, there is a problem that the authentication process cannot be performed.

On the other hand, the administrator can only judge whether the received certificate is correct or not by trusting the name of the sender described in the envelope or data, etc. There is always a danger of having the certificate stored in the device.
In addition, it is conceivable that a service provider using a CA or client / server system dispatches a service person to the location of each device to update the key. Service bases are required, which increases costs. In addition, education of service personnel, fraud prevention, and management of an administrator ID for update work are also problems. For example, when trying to adopt a simple method for manually entering authentication information, it is necessary to change the authentication information stored in each device in order to cancel the update authority for a retired serviceman. It is difficult to make such a change to a large number of devices installed in the factory.

  After all, in order to secure a secure distribution route for certificates without going through the network, there is no choice but to trust humans, leaving room for fraud. And although it can be managed to reduce this room, it will entail huge costs, and it is not possible to construct a path for distributing certificates that does not take into account the risk of fraud It was not realistic.

In addition, as a special communication path for update, a communication path using a digital certificate for update processing and a root key certificate for update processing different from the digital certificate and root key certificate used for normal communication It is also possible to prepare. However, such a method has a problem in a system in which the client device authenticates the server device.
In other words, in this case, the server device transmits a digital certificate to the client device when a connection request is received from the client device, but the server device can receive a connection request at an arbitrary timing from an unspecified number of client devices. In this case, it is difficult to appropriately determine which digital certificate for normal communication or update processing should be transmitted to the client device.

  If a determination is made, for example, it is conceivable to use a session identifier such as a source endpoint identifier, a destination endpoint identifier, or a URL (Uniform Resource Locator) at the time of a communication request. However, in order to make such a determination, the client device side is provided with a function for switching the session identifier (for example, URL) depending on whether it is normal communication or update communication, or the server device side has a source endpoint identifier and It becomes necessary to provide a function for managing the correspondence with the digital certificate to be transmitted. Providing such a function leads to an increase in cost.

Accordingly, there has been a demand to avoid providing the server device with a function of selecting a digital certificate to be transmitted to the client device based on information before the start of communication such as a session identifier. In addition, when two types of communication paths are provided using the same protocol, there is a problem that when authentication fails, it is difficult to distinguish whether it is due to a digital certificate error or a session identifier error. .
As described above, providing a special communication path for updating the root key increases the cost and burden of management, so it is desirable to update the root key safely without providing such a special communication path. There was a request.

  The present invention solves such problems, and securely updates a certification key used for confirming the validity of a digital certificate in authentication processing in a client / server system without providing a special communication path for updating. The purpose is to be able to.

  In order to achieve the above object, a digital certificate management system according to the present invention comprises one or more clients and one or more servers, and authentication is performed between each client and each server using a digital certificate. And a client / server system configured to perform communication via a communication path established along with the authentication, and a digital certificate management system capable of communicating with each client and each server In the digital certificate management apparatus, a certificate key update means for updating a certificate key for confirming the validity of the digital certificate used by each server for the authentication, and the client / server system are configured. For each node, either the communication partner of that node or the communication partner Update order control means for controlling the update procedure of the certification key by the certification key update means based on information on whether to function, means for acquiring a new certification key for updating in the certification key update means, A means for acquiring a new digital certificate for use in the authentication, the validity of which can be confirmed using the new certification key, and a first transmission means for transmitting the new certification key to the clients, Second transmission means for transmitting a new server certificate, which is a new digital certificate for each of the servers, to the corresponding server, and the update order control means, and the second transmission means Means for controlling the update procedure so that the operation of transmitting the new server certificate to the server is performed after receiving the information indicating that the new certification key has been received from all the clients with which the server communicates. It is intended.

  In such a digital certificate management system, the certification key update means of the digital certificate management device is a digital certificate whose validity can be confirmed using a previous certification key, and includes a certification including the new certification key. Means for obtaining a key certificate, wherein the first sending means is means for sending the new certification key to each client in the form of the certification key certificate, and each of the clients is provided with the digital certificate. When the certification key certificate is received from the management device, the validity of the received certification key certificate is confirmed using the previous certification key, and the certification key contained therein is determined to be appropriate. It is preferable to provide means for storing the certification key.

  Alternatively, the certificate key update unit of the digital certificate management apparatus obtains a first certificate key certificate including the new certificate key, which is a digital certificate whose validity can be confirmed using a conventional certificate key And means for obtaining a second certificate key certificate that can be verified using the new certificate key and includes the new certificate key. Is a means for transmitting the new certification key to each of the clients in the form of the first and second certification key certificates, and each client receives the first certification key from the digital certificate management apparatus. When the certificate is received, the validity of the certificate is confirmed by using the previous certification key, and when it is determined that the certificate is appropriate, the means for storing the certificate and the above digital certificate management Second from the device When a certificate key certificate is received, the validity of the certificate is confirmed using the new certificate key included in the first certificate key certificate, and the second certificate key certificate is appropriate. Means for storing the certificate and deleting the previous certification key certificate and the first certification key certificate when it is determined that the update order control means of the digital certificate management apparatus is provided. That the first transmitting means transmits the second certification key certificate to each of the clients, that the new server certificate has been received from at least all the servers with which the client communicates. It is good also as a means to control after receiving information.

  In addition, the present invention includes one or a plurality of clients and one or a plurality of servers, performs mutual authentication using a digital certificate between each client and each server, and establishes communication along with the authentication. In a digital certificate management system comprising a client / server system configured to perform communication via a path, and a digital certificate management device capable of communicating with each of the clients and the servers, the digital certificate management device includes: A certification key updating means for updating a certification key for confirming the validity of the digital certificate used by each client and each server for the mutual authentication, and each node constituting the client / server system; Information on whether to function as a client or a server between the communication partner of the node and the communication partner Based on the above, an update order control means for controlling the update procedure of the certification key by the certification key update means is provided, and a means for acquiring a new certification key for updating in the certification key updating means, and the new certification key Means for obtaining a new digital certificate for use in the mutual authentication, which can be verified by using, a new client certificate which is a new digital certificate for each client, and the new certificate key Are transmitted to the corresponding server, first transmission means for transmitting the new server certificate, which is a new digital certificate for each of the servers, and a second certificate key to the corresponding server. Transmission means, the update order control means, and the second transmission means for transmitting the new server certificate to the respective servers for all clients that are communication partners of the server. The operation performed after receiving the information indicating that the new certification key has been received from the client and the first transmitting means transmitting the new client certificate to each of the clients is the communication partner of the client. There is also provided a digital certificate management system as means for controlling the update procedure to be performed after receiving information indicating that the new certification key has been received from all servers.

  Alternatively, the present invention includes one or a plurality of clients and one or a plurality of servers, and performs mutual authentication using a digital certificate between each client and each server, and is established along with the authentication. In a digital certificate management system including a client / server system configured to perform communication via a communication path, and a digital certificate management apparatus capable of communicating with each of the clients and the servers, the digital certificate management apparatus includes: With respect to each node constituting the client / server system, certification key update means for updating a certification key for confirming the validity of the digital certificate used by each client and each server for the mutual authentication, Functions as either a client or a server between the communication partner of the node and the communication partner Update order control means for controlling a certification key update procedure by the certification key update means based on the information of the certification key update means, a means for acquiring a new certification key for updating in the certification key update means, Means for obtaining a new digital certificate for use in the mutual authentication that can be verified using a certification key, a new client certificate that is a new digital certificate for each of the clients, and the new First transmitting means for transmitting a certification key to the corresponding client, a new server certificate that is a new digital certificate for each of the servers, and a new certification key are transmitted to the corresponding server. A second transmission unit configured to transmit the new client certificate and the new certification key to the respective clients at the same time. After receiving information indicating that the new certification key has been received from all clients that are communication partners of the server, each stage receives the new server certificate and the new certification key. There is also provided a digital certificate management system as a means for controlling the update procedure so that it is transmitted simultaneously.

Further, in each of the above digital certificate management systems, each server is provided with means for mediating communication between the digital certificate management device and at least one of the clients, and the digital certificate management device and each of the above The client communicates via any of the servers, and the server transmits a new certificate key and / or a new client certificate that the first transmission unit of the digital certificate management apparatus transmits to the client. Alternatively, authentication using a conventional digital certificate may be performed with a destination client, and transmitted to the destination client via a communication path established along with the authentication.
Alternatively, each client is provided with means for mediating communication between the digital certificate management device and at least one server, and the digital certificate management device and each server are connected via any one of the clients. The client sends a new certificate key and / or a new server certificate transmitted from the second transmission means of the digital certificate management apparatus to the server, with the destination server. It is also possible to perform authentication using the digital certificate and to transmit to the destination server via the communication path established along with the authentication.
Furthermore, in each of the digital certificate management systems described above, the authentication performed by the client and the server may be authentication according to an SSL or TLS protocol, and the server certificate may be a public key certificate of the corresponding server. .

  The digital certificate management apparatus according to the present invention is a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client / server system. For each node constituting the client / server system, a certification key updating means for updating a certification key for confirming the validity of the digital certificate used by the server for authentication when establishing communication between the nodes, Provided is an update order control means for controlling the certification key update procedure by the certification key update means based on the communication partner of the node and information on whether the node functions as a client or a server. , A means for acquiring a new certification key for updating in the certification key updating means, and the validity can be confirmed using the new certification key, Means for obtaining a new digital certificate for use in a certificate; first transmission means for transmitting the new certificate key to each client; and a new server certificate which is a new digital certificate for each server. Second transmission means for transmitting the information to the corresponding server, and the update order control means, wherein the second transmission means transmits the new server certificate to each of the servers, It is a means for controlling the update procedure so as to be performed after receiving information indicating that the new certification key has been received from all the clients that are communication partners of the server.

  In such a digital certificate management apparatus, means for acquiring a certification key certificate including the new certification key, which is a digital certificate whose validity can be confirmed using a conventional certification key, in the certification key update means And the first transmitting means may be means for transmitting the new certification key to each client in the form of the certification key certificate.

  Alternatively, the certifying key update means includes a means for obtaining a first certifying key certificate including a new certifying key that is a digital certificate that can be validated using a conventional certifying key; Means for obtaining a second certification key certificate that is a digital certificate that can be validated using a key and includes the new certification key, and wherein the first transmission means includes the new certification key. A means for transmitting to each of the clients in the form of the first and second certification key certificates, and when storing the second certification key certificate in each client, the previous certification key certificate and the above A means for deleting the first certification key certificate, the update order control means, and the operation of the first transmission means transmitting the second certification key certificate to each of the clients at least. Become the communication partner of It may be a means for controlling the update procedure to perform after receiving the information indicating the reception of the new server certificate from a server of Te.

  Further, the present invention establishes communication between each client and each server in a digital certificate management apparatus capable of communicating with one or more clients and one or more servers constituting a client / server system. Key updating means for updating a certification key for confirming the validity of a digital certificate used for mutual authentication at the time, the communication partner of the node and its communication for each node constituting the client / server system Based on information on whether to function as a client or a server with the other party, provided is an update order control means for controlling the certification key update procedure by the certification key update means, the certification key update means, A new digital key for use in mutual authentication, which can be used to obtain a new certification key for renewal and can be verified using the new certification key. Means for acquiring a certificate, first client means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certificate key, to each corresponding client; and each server. And a second transmission means for transmitting the new server certificate, which is a new digital certificate, and the new certification key to the corresponding servers, respectively, and the update order control means for the second transmission The means performs the operation of transmitting the new server certificate to each of the servers after receiving information indicating that the new certification key has been received from all clients that are communication partners of the server, and The first transmitting means transmits the new client certificate to each of the clients, from all servers that are communication partners of the client, the new certificate. Digital certificate management apparatus and means for controlling the update procedure to perform the information of the received key after receiving also provided.

  Alternatively, in a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client / server system, mutual communication between each client and each server is established. A certification key updating means for updating a certification key for confirming the validity of a digital certificate used for authentication, and a communication partner of the node and a communication partner of each node constituting the client / server system Update order control means for controlling the update procedure of the certification key by the certification key update means based on the information as to whether it functions as a client or a server, and the certification key update means A new digital certificate for use in the above mutual authentication, which can be used to obtain a new certification key and the validity can be confirmed using the new certification key. A first sending means for sending a new client certificate, which is a new digital certificate for each client, and the new certification key, to each corresponding client, and each server And a second transmission means for transmitting the new server certificate, which is a new digital certificate, and the new certification key to the corresponding servers, respectively, and the update order control means is defined as the first transmission means. Transmits the new client certificate and the new certification key to each client at the same time, and the second transmission means sends the new client to each server from all clients that are communication partners of the server. After receiving the information indicating that the certification key has been received, digital as a means for controlling the updating procedure so that the new server certificate and the new certification key are transmitted simultaneously Akirasho management device is also provided.

In each of these digital certificate management apparatuses, a communication is performed with each of the clients via any one of the servers, and the new certificate key that the first transmission means transmits to the client is transmitted to the server. And / or a server that authenticates the new client certificate with the destination client using the previous digital certificate and transmits the new client certificate to the destination client through the communication path established along with the authentication. Good.
Further, communication with each of the servers is performed via any one of the clients, and the client transmits a new certification key and / or a new server certificate that the second transmission means transmits to the server. A client that performs authentication using a conventional digital certificate with a destination server and transmits to the destination server through a communication path established along with the authentication may be used.
Further, in each of the digital certificate management devices, the authentication may be authentication according to an SSL or TLS protocol, and the server certificate may be a public key certificate of the corresponding server.

The digital certificate management method according to the present invention also provides a digital certificate used by each of the servers for authentication when establishing communication between one or more clients and one or more servers constituting the client / server system. In a digital certificate management method for managing a certificate by a digital certificate management device capable of communicating with each client and each server, the digital certificate management device is configured for each node constituting the client / server system. Check the validity of the digital certificate used by each server for the authentication according to the update procedure determined based on the communication partner of the node and whether it functions as a client or a server between the communication partner. Update the certification key to update the certification key, and acquire a new certification key for the update. When the procedure for acquiring the new certification key that can validate using the new digital certificate for use in the authentication, and transmitting the new certification key to each client, each server A new server certificate that is a new digital certificate for the server, and a procedure for transmitting the new server certificate to each of the servers. It is determined to be performed after receiving information indicating that the new certification key has been received from all clients that are communication partners of the server.

  In such a digital certificate management method, when the certification key is updated, a certification key certificate including the new certification key, which is a digital certificate whose validity can be confirmed using the previous certification key, is obtained. In the procedure for transmitting the new certification key to each client, the new certification key is transmitted in the format of the certification key certificate, and the certification key certificate is transmitted to each client. The certificate key certificate is verified using the stored previous certificate key, and the certificate key is stored when it is determined that the certificate key contained therein is appropriate. It is good to make it.

  Alternatively, when the certification key is updated, a procedure for obtaining a first certification key certificate including a new certification key that is a digital certificate that can be validated using a previous certification key; A digital certificate that can be validated using the new certification key and obtaining a second certification key certificate that includes the new certification key, and the new certification key is sent to each client. In the sending procedure, the new certification key is sent in the form of the first and second certification key certificates, and the updating procedure is sent to the second certification key certificate to each of the clients. To receive the information indicating that the new server certificate has been received from at least all the servers with which the client communicates, and send the first certification key certificate to each client. To confirm the validity of the certificate using the previous certification key, store the certificate when it is determined to be appropriate, and store the second certification key certificate in each client. At the time of transmission, the validity of the certificate is confirmed using the new certification key included in the first certification key certificate, and it is determined that the second certification key certificate is appropriate. In this case, the certificate may be stored and the previous certification key certificate and the first certification key certificate may be deleted.

  The present invention also provides a digital certificate used for mutual authentication when establishing communication between one or a plurality of clients and one or a plurality of servers constituting a client / server system. In a digital certificate management method managed by a digital certificate management apparatus communicable with a server, the digital certificate management apparatus has a communication partner of the node and a communication partner of each node constituting the client / server system. Certificate for confirming the validity of the digital certificate used by each client and each server for the mutual authentication in accordance with an update procedure determined based on whether the client or server functions as a server Update the key, update the certification key, obtain a new certification key for the update, and A procedure for obtaining a new digital certificate for use in the mutual authentication that can be verified using a new certification key, a new client certificate that is a new digital certificate for each client, and the above A procedure for transmitting a new certificate key to the corresponding client, a new server certificate that is a new digital certificate for each of the servers, and a procedure for transmitting the new certificate key to the corresponding server. The above update procedure is performed, and the procedure for transmitting the new server certificate to each server receives the information indicating that the new certification key has been received from all clients with which the server communicates. And the procedure for sending the new client certificate to each of the above clients Digital certificate management method specified to perform from over server after receiving the information to the effect that has received the new proof key is also provided.

  Alternatively, the present invention provides a digital certificate used for mutual authentication when establishing communication between one or a plurality of clients and one or a plurality of servers constituting a client / server system. In a digital certificate management method managed by a digital certificate management apparatus communicable with each server, the digital certificate management apparatus has a communication partner of the node and its communication for each node constituting the client / server system. For confirming the validity of the digital certificate used by each client and each server for the mutual authentication in accordance with an update procedure determined based on whether the client or server functions as a partner. Update the certification key, update the certification key, and acquire a new certification key And a procedure for obtaining a new digital certificate for use in the mutual authentication that can be verified using the new certification key, and a new client certificate that is a new digital certificate for each client. And a procedure for transmitting the new certification key to the corresponding client, a new server certificate that is a new digital certificate for each of the servers, and a new certification key to the corresponding server. And the updating procedure is determined so that the new client certificate and the new certification key are simultaneously transmitted to the clients, and each server is further connected to the server. After receiving the information indicating that the new certificate key has been received from all the clients that are the other communication partners, the new server certificate and the new certificate key are the same. Digital certificate management method specified to be sent to is also provided.

In each of these digital certificate management methods, the digital certificate management device and each client communicate with each other through any of the servers, and the server is connected to the second and / or digital certificate management device. Alternatively, the new certificate key and / or new client certificate to be transmitted to the client in the third procedure is authenticated with the transmission destination client using the conventional digital certificate, and along with the authentication, It is preferable to transmit to the destination client via the established communication path.
Alternatively, the digital certificate management apparatus and each server communicate with each other via any one of the clients, and the client uses the first and / or fourth procedures to communicate with the server in the digital certificate management apparatus. Authenticate the new certificate key and / or new server certificate to be sent to the server using the previous digital certificate with the destination server, and the destination via the communication path established along with the authentication. You may make it transmit to the server of.
Furthermore, in each of the digital certificate management methods described above, authentication between the client and the server is authentication according to an SSL or TLS protocol, and the server certificate is associated with a public key certificate of the corresponding server. Good.

  In addition, the update procedure determination method of the present invention is stored in one or a plurality of clients and one or a plurality of servers constituting the client / server system, and each of the servers is used for authentication when establishing communication between them. In the update procedure determination method for determining an update procedure when a certification key for confirming the validity of a digital certificate to be used is updated by a digital certificate management device capable of communicating with each client and each server, The update is performed based on the information about whether each certificate constituting the client / server system functions as a client or a server between the communication partner of the node and the communication partner. Procedure for each of the above servers, using a new certification key for renewal for that server to use for the above authentication The procedure for transmitting the new server certificate, which is a new digital certificate that can be verified, is performed after receiving the information indicating that the new certification key has been received from all clients that are communication partners of the server. It is what you specify.

  Further, the program of the present invention provides a computer for controlling a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client / server system between the clients and the servers. Authentication key updating means for updating a certification key for confirming the validity of the digital certificate used by each of the servers for authentication when establishing communication between them, and for each node constituting the client / server system , Function as update order control means for controlling the certification key update procedure by the certification key update means based on the communication partner of the node and information on whether to function as a client or a server with the communication partner In the program for updating the certification key updating means, a means for acquiring a new certification key for updating, and the new certification key updating means. Means for obtaining a new digital certificate for use in the authentication, the authenticity of which can be verified using a clear key; first transmission means for transmitting the new certification key to each client; Provided with a function of a second transmission means for transmitting a new server certificate, which is a new digital certificate, to the corresponding server, wherein the update order control means is provided by the second transmission means for each of the servers. The above update procedure is controlled so that the operation of transmitting the new server certificate is received after receiving the information indicating that the new certification key has been received from all the clients that are communication partners of the server. It is a thing.

In such a program, there is provided a program for causing the computer to function as a means for obtaining a certification key certificate including a new certification key, which is a digital certificate whose validity can be confirmed using a conventional certification key. In addition, the first transmission means may transmit the new certification key to each client in the format of the certification key certificate.
Alternatively, the computer uses the previous certification key to obtain a first certification key certificate that is a digital certificate that can be validated using the previous certification key and includes the new certification key, and uses the new certification key. And further including a program for causing the first transmitting means to function as a means for obtaining a second certification key certificate that is a digital certificate that can be verified and includes the new certification key. When the certification key is transmitted to each of the clients in the form of the first and second certification key certificates, and the second certification key certificate is stored in each client, the previous certification key certificate And a function for deleting the first certification key certificate, wherein the update order control means has at least an operation in which the first transmission means transmits the second certification key certificate to each of the clients. That ku It may be controlled to the update procedure to perform after all servers to be Ianto communication partner receives the information indicating the reception of the new server certificate.

  The present invention also provides a computer that controls a digital certificate management apparatus that can communicate with one or more clients and one or more servers constituting a client / server system between each client and each server. Certification key updating means for updating a certification key for confirming the validity of a digital certificate used for mutual authentication at the time of establishing communication, and communication between the nodes of each node constituting the client / server system In a program for functioning as an update order control means for controlling a certification key update procedure by the certification key update means based on information on whether to function as a client or a server between a counterpart and its communication counterpart The above-mentioned certification key update means has a means for obtaining a new certification key for renewal and a validity using the new certification key. The above-mentioned means for obtaining a new digital certificate for use in mutual authentication, a new client certificate that is a new digital certificate for each client, and the new certificate key A first transmitting means for transmitting to the client; a second server for transmitting a new server certificate, which is a new digital certificate for each server, and the new certification key; The update order control means performs the operation in which the second transmission means transmits the new server certificate to each of the servers. An operation performed after receiving the information indicating that the key has been received, and the first transmitting means transmitting the new client certificate to each of the clients Also it provides programs to control the update procedure is performed after having received the information indicating that receiving the new certificate key from any server to which the communication partner of its clients.

  Furthermore, the present invention provides a computer that controls a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client / server system between each client and each server. A certificate key updating means for updating a certificate key for confirming the validity of a digital certificate used for mutual authentication when establishing communication with each other, and for each node constituting the client / server system, A program for functioning as an update order control means for controlling a certification key update procedure by the certification key update means based on information on whether to function as a client or a server between the communication partner and the communication partner In the certification key update means, a means for acquiring a new certification key for updating, and A new digital certificate for use in mutual authentication, a new client certificate that is a new digital certificate for each client, and a new certificate key. First transmitting means for transmitting to the client, new server certificate as a new digital certificate for each server, and second transmitting means for transmitting the new certification key to the corresponding server. The update order control means, the first transmission means transmits the new client certificate and the new certification key to each client simultaneously, and the second transmission means After receiving the information indicating that the new certification key has been received from all the clients with which the server is communicating with the server, the new server certificate and the new certification key Also it provides programs to control the update procedure to transmit simultaneously.

Further, in each of the above programs, the computer includes a program for causing the computer to function to communicate with each of the clients via any of the above servers. Authenticate the new certificate key and / or new client certificate to be sent to the client using the previous digital certificate with the destination client, and the destination using the communication path established with the authentication It is better to use a server to send to other clients.
Alternatively, a program for causing the computer to function so as to communicate with each of the servers via any of the clients is included, and the second transmission means transmits the client to the server. A client that authenticates a certification key and / or a new server certificate with a transmission destination server using a conventional digital certificate and transmits the authentication key and / or new server certificate to the transmission destination server through a communication path established along with the authentication. It is good.
Furthermore, in each of the above programs, the authentication may be authentication according to an SSL or TLS protocol, and the server certificate may be a public key certificate of the corresponding server.

According to the digital certificate management system, digital certificate management apparatus, and digital certificate management method of the present invention as described above, for authentication used for confirming the validity of the digital certificate in the authentication process in the client / server system. The public key can be safely updated without providing a special communication path for updating.
According to the update procedure determination method of the present invention, since an appropriate procedure for the update process for updating the certification key as described above can be determined, by causing an appropriate update device to perform the update process according to this procedure, Similar effects can be obtained.
Further, according to the program of the present invention, the digital certificate management apparatus can be controlled by a computer to realize the characteristics of such a digital certificate management apparatus, and the same effect can be obtained.

Preferred embodiments of the present invention will be described below with reference to the drawings.
[First Embodiment: FIGS. 1 to 13]
First, a configuration of a first embodiment of a digital certificate management system according to the present invention, which is constituted by a certificate management device which is a digital certificate management device according to the present invention, and a client and a server constituting a client / server system. explain. In this embodiment, each client and server constitutes a client / server system, and this embodiment is an example in which the present invention is applied to the most basic system. FIG. 2 is a functional block diagram showing a functional configuration of a part that is a feature of this embodiment of each apparatus constituting the digital certificate management system. In FIG. 2, illustration of portions not related to the features of this embodiment is omitted.

As shown in FIG. 2, the digital certificate management system includes a certificate management device 10, a server device 30, and a client device 40.
When the client device (client) 40 and the server device (server) 30 authenticate each other as a valid communication partner by an authentication process using SSL, which is an authentication method using public key cryptography and a digital certificate, they communicate with each other. I try to establish it. As described later, this authentication may be mutual authentication in which each other authenticates each other or one-way authentication in which one authenticates the other. In response to the request transmitted by the client device 40, the server device 30 performs a necessary process and returns a response, thereby functioning as a client / server system. The certificate management apparatus 10 is an apparatus for issuing a digital certificate used for the authentication process and managing or updating the digital certificate, and corresponds to a CA.

  In an actual system, the server device 30 may have a client function, or the client device 40 may have a server function. The server device 30 functions as a client and may transmit a request to the client device 40 functioning as a server. In such a case, an operation according to a second embodiment to be described later is performed. You can do it. Therefore, here, a device functioning as a server in a root key update process described later is referred to as a server device, and a device functioning as a client is referred to as a client device.

  In such a digital certificate management system, each node of the certificate management device 10, the server device 30, and the client device 40, including transmission from the client device 40 to the server device 30, is performed by RPC (remote procedure call). In addition, a “request” that is a request for a process for a method of an application program to be mounted on each other can be transmitted, and a “response” that is a result of the requested process can be acquired.

That is, the server device 30 or the client device 40 can generate a request to the certificate management device 10 and deliver it to the certificate management device 10 to obtain a response to the request. A request to the client / server system side is generated and delivered to the server device 30 to obtain a response to the request. This request includes causing the server device 30 to transmit various requests to the client device 40 and obtaining a response from the client device 40 via the server device 30.
In order to realize RPC, SOAP (Simple Object Access Protocol), HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), COM (Component Object Model), CORBA (Common Object Request Broker Architecture), etc. are known. Protocols (communication standards), technology, specifications, etc. can be used.

The transmission / reception data transmission / reception model is shown in the conceptual diagram of FIG.
(A) is a case where a request for the client device 40 has occurred in the certificate management device 10. In this case, the certificate management apparatus 10 generates a management apparatus side request a, and the client apparatus 40 that receives the request via the server apparatus 30 returns a response a to the request. Note that (A) shows a case in which not only the response a but also a response delay notification a ′ is returned. When the client device 40 receives the management device side request a via the server device 30 and determines that the response to the request cannot be returned immediately, it notifies the response delay notification and temporarily disconnects the connection state. This is because the response to the request is delivered again at the next connection.
Here, since the server device 30 cannot request the client device 40 to communicate, a request to be transmitted from the server device 30 to the client device 40 is connected from the client device 40 to the server device 30. If there is a request, it will be sent as a response to this.

  (B) is a case where a request for the certificate management apparatus 10 has occurred in the client apparatus 40. In this case, the client device 40 generates a client device side request b, and the certificate management device 10 that has received the request b via the server device 30 returns a response b to the request. Even in the case of (B), the response delay notification b ′ is returned in the same manner as in the case of (A) when the response cannot be returned immediately.

Next, the configuration and function of each device constituting the digital certificate management system will be described in more detail.
FIG. 1 is a block diagram showing a hardware configuration of the certificate management apparatus shown in FIG. As shown in this figure, the certificate management apparatus 10 includes a CPU 11, a ROM 12, a RAM 13, an HDD 14, and a communication interface (I / F) 15, which are connected by a system bus 16. The operation of the certificate management apparatus 10 is controlled by the CPU 11 executing various control programs stored in the ROM 12 and the HDD 14, and each means (certification key update means, configuration storage means, update order) will be described later. Control means, first transmission means, second transmission means, and other means).
As hardware of the certificate management apparatus 10, a known computer can be adopted as appropriate. Of course, other hardware may be added as necessary.

  The client device and the server device constituting the client / server system can have various configurations depending on purposes such as remote management of the device and electronic commerce. For example, in the case of remote management, image processing devices such as printers, fax machines, copiers, scanners, digital multifunction devices, network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, gas / water / An electronic device such as a metering system such as electricity may be a server device that is a managed device, and a management device that collects information from these managed devices or sends commands to operate may be a client device. Conceivable.

However, each of the client device and the server device includes at least a CPU, a ROM, a RAM, a communication I / F for communicating with an external device via a network, and storage means for storing information necessary for authentication processing. It is assumed that the device can function as a client or a server by executing a required control program stored in a ROM or the like.
Note that various communication lines (communication paths) capable of constructing a network can be adopted for this communication regardless of wired or wireless. The same applies to communication with the certificate management apparatus 10.

As described above, FIG. 2 shows the functional configuration of the part of each embodiment that is a feature of this embodiment.
First, the certificate management apparatus 10 includes a certification key creation unit 21, a certificate issuance unit 22, a certificate management unit 23, a certificate update unit 24, a communication function unit 25, a configuration storage unit 26, and an update order control unit 27. I have.
The certification key creation unit 21 has a root private key, which is a private key for certification used for creating a digital signature, and a certification public key (certification corresponding to the root private key for confirming the validity of the digital certificate). It has a function of a certification key creation means for creating a root key that is a key.

The certificate issuing unit 22 attaches a digital signature to the client public key and server public key, which are authentication information used for authentication processing between the server device 30 and the client device 40, and is a client public key certificate that is a digital certificate. Certificate issuing means for issuing a certificate and a server public key certificate. The function of the certificate issuing unit 22 is also used to create a client public key, a client private key, a server public key, a server private key, and a root key certificate that is a digital certificate with a digital signature attached to the root key. It is.
The certificate management unit 23 has a function of a certificate management unit that manages the digital certificate issued by the certificate issuing unit 22, the root private key used to create the certificate, and the root key corresponding to the root private key. These certificates and keys are stored together with information such as the expiration date, issue destination, ID, and presence / absence of update.

  When updating the root key, the certificate updating unit 24 creates a new root private key (new root private key) and a corresponding new root key (new root key) for each valid root private key. Are created by the certification key creation unit 21 and have a function of certification key update means for updating them. Further, upon this update, a new client public key certificate (new client public key certificate) digitally signed using a new root private key to the certificate issuing unit 22, a new server public key certificate (new server) Public key certificate) and a new root key certificate (new root key certificate) are issued, and these are transmitted to the server device 30 and the client device 40 by the communication function unit 25. It also has a function for requesting an update of. Although details will be described later, the update order control unit 27 manages the procedures and progress of each process necessary for the update.

The communication function unit 25 has a function of communicating with an external device via a network, and transmits necessary data to the server device 30 and the client device 40 according to an instruction from the certificate management unit 23, and receives received data. To the certificate renewal unit 24.
The configuration storage unit 26 has at least communication partners of the nodes (here, the server device 30 and the client device 40) constituting the client / server system that is the object of which the certificate management device 10 manages digital certificates. And information on whether to function as a client or a server with the communication partner, and has a function of a configuration storage means. Here, it is also assumed that private nodes, public key certificates, and root key certificate IDs used by each node for mutual authentication, and information on the update status of the keys and certificates are also stored.
The update order control unit 27 determines a key or certificate update procedure by the certificate update unit 24 based on the information stored in the configuration storage unit 26 when the root key needs to be updated. The certificate update unit 24 performs an update operation and functions as an update order control unit that controls the update operation.
The functions of these units are realized by the CPU 11 shown in FIG. 1 executing a required control program and controlling the operations of the units of the certificate management apparatus 10.

On the other hand, the server device 30 includes a certificate storage unit 31, a communication function unit 32, and a server function unit 33.
The certificate storage unit 31 has a function of storing keys used for SSL authentication processing. For example, when performing mutual authentication, the certificate storage unit 31 stores a root key certificate, a server private key, and a server public key certificate.
The communication function unit 32 has a function of communicating with an external device via a network, passes received data to the server function unit 33, and transmits data to the external device in accordance with an instruction from the server function unit 33.

The server function unit 33 has a function as a server that performs a required process on the request received from the client device 40 and returns a response. Further, as will be described in detail below, in response to a request for certificate update or the like received from the certificate management apparatus 10, a required process is performed and a response is returned.
The functions of these units are realized by the CPU of the server device 30 executing a required control program and controlling the operations of the units of the server device 30.

The client device 40 includes a certificate storage unit 41, a communication function unit 42, and a client function unit 43.
The certificate storage unit 41 has a function of storing keys used for SSL authentication processing. For example, when performing mutual authentication, the certificate storage unit 41 stores a root key certificate, a client private key, and a client public key certificate.
The communication function unit 42 has a function of communicating with an external device via a network, passes received data to the client function unit 43, and transmits data to the external device in accordance with an instruction from the client function unit 43.

The client function unit 43 transmits a required request to the server device 30 triggered by an operation from the user, a state change detected by a sensor (not shown), or a predetermined time measured by a timer (not shown). When a response to this is received from 30, it has a function as a client that performs processing according to the content. Further, as will be described in detail below, when a request for certificate renewal or the like from the certificate management apparatus 10 is received as a response, a required process is performed and a response is returned.
The functions of these units are realized by the CPU of the client device 40 executing a required control program and controlling the operations of the units of the client device 40.

In this digital certificate management apparatus, the certificate management apparatus 10 can communicate directly only with the server apparatus 30 among the apparatuses constituting the client / server system. A request from the certificate management apparatus 10 to the client apparatus 40 is as follows. The server device 30 relays and sends it. The same applies to the response from the client device 40 to the certificate management device 10.
The server device 30 and the client device 40 store the initial root key at the time of shipment from the factory or at the same time, at least before the user starts the authentication process. At this time, both the public key certificate and the private key may be stored.

Next, a root key update process, which is a process related to the feature of this embodiment in the digital certificate management system shown in FIG. 2 having such basic functions, and a configuration necessary for the process will be described.
In the communication process between the server apparatus 30 and the client apparatus 40 described in the sequence diagram used in the following description, although not shown individually, an authentication process by SSL is performed before the communication is established. Only when it succeeds, data is transferred through the communication path secured by the SSL. A feature of this embodiment is that the root key certificate can be updated so as not to hinder the authentication processing. Note that authentication at the time of update is performed using a root key or public key certificate stored at the time of authentication. That is, authentication is performed using the pre-update before update, and the post-update after update. The same applies to the following embodiments.
Here, the communication between the certificate management apparatus 10 and the server apparatus 30 is performed via a communication path such as a direct communication line that can ensure safety (no data tampering or wiretapping).

Here, first, a communication procedure when the authentication process is performed using the above-described SSL will be described. As this authentication process, mutual authentication in which each other authenticates each other and one-way authentication in which one authenticates the other can be considered, and either method may be adopted in each embodiment. explain.
FIG. 4 is a diagram illustrating a flowchart of processing executed in each device when the client device and the server device perform mutual authentication by SSL, together with information used for the processing.
As shown in FIG. 4, when performing mutual authentication by SSL, first, a root key certificate, a client private key, and a client public key certificate (client certificate) are stored on the client device 40 side. The client private key is a private key issued to the client device 40 by the certificate management device 10. The client public key certificate is a certificate obtained by adding a digital signature to the public key corresponding to the private key by the certificate management apparatus 10. The root key certificate is a root key that is a certification public key (hereinafter also referred to as “certification key”) corresponding to a root private key that is a private key for certification used by the certificate management apparatus 10 for digital signature. This is a digital certificate with a digital signature.

Further, a root key certificate, a server private key, and a server public key certificate (server certificate) are stored on the server device 30 side. The server private key and the server public key certificate are a private key and a public key certificate issued to the server device 30 by the certificate management device 10. Here, it is assumed that the same certificate management apparatus 10 issues a certificate using the same root private key to the client apparatus 40 and the server apparatus 30, and therefore the root key certificate is the client apparatus 40 and the server apparatus 30. It becomes common.
The relationship between these keys and certificates is as described with reference to FIG. 41 in the background art section.

  The description of the flowchart begins. In FIG. 4, the arrow between the two flowcharts indicates data transfer, the transmission side performs the transfer process at the step at the base of the arrow, and the reception side receives the information, the process at the tip of the arrow Shall be performed. In addition, if the process of each step is not completed normally, an authentication failure response is returned at that time and the process is interrupted. The same applies to the case where an authentication failure response is received from the other party or the process times out.

When the CPU of the client device 40 requests the server device 30 to perform communication, the CPU of the client device 40 starts the processing of the flowchart shown on the left side of FIG. 4 by executing a required control program. In step S11, a connection request is transmitted to the server device.
On the other hand, when receiving the connection request, the CPU of the server device 30 starts the processing of the flowchart shown on the right side of FIG. 4 by executing a required control program. In step S21, a first random number is generated, and this is encrypted using the server private key. In step S22, the encrypted first random number and server public key certificate are transmitted to the client device 40.

Upon receiving this, the client device 40 confirms the validity of the server public key certificate using the root key certificate in step S12. This includes processing for confirming that the server device 30 is an appropriate communication partner by referring to the bibliographic information as well as confirming that there is no damage or tampering.
If it can be confirmed, in step S13, the first random number is decrypted using the server public key included in the received server public key certificate. If the decryption is successful, it can be confirmed that the first random number has been received from the server device 30 that is the server public key certificate issuance target. Then, the server device 30 is authenticated as a valid communication partner.

  Thereafter, in step S14, a second random number and a third random number are generated separately. In step S15, the second random number is encrypted using the client private key, and the third random number is encrypted using the server public key. In step S16, these are transmitted to the server device 30 together with the client public key certificate. . The encryption of the third random number is performed so that the random number is not known to devices other than the server device 30.

  Upon receiving this, the server device 30 confirms the validity of the client public key certificate using the root key certificate in step S23. This also includes processing for confirming that the client device 40 is an appropriate communication partner, as in step S12. If it can be confirmed, in step S24, the second random number is decrypted using the client public key included in the received client public key certificate. Here, if the decryption is successful, it can be confirmed that the second random number is certainly received from the client device 40 that is the client public key certificate issuance target. Then, the client device 40 is authenticated as a valid communication partner.

  Thereafter, in step S25, the third random number is decrypted using the server private key. Through the processing so far, the first to third random numbers common to the server side and the client side are shared. And at least the third random number is not known by any device other than the generated client device 40 and the server device 30 having the server private key. If the processing so far is successful, a response of successful authentication is returned to the client device 40 in step S26.

When this is received, the client device 40 generates a common key from the first to third random numbers in step S17, and ends the authentication process as being used for subsequent communication encryption. On the server device 30 side, the same processing is performed in step S27 and the process is terminated. Then, communication is established with the above processing, and thereafter, communication is performed by encrypting data by the common key encryption method using the common key generated in step S17 or S27.
By performing such processing, the client device 40 and the server device 30 can securely exchange a common key after mutually authenticating each other, and can securely communicate with a certain partner.

In the case of one-way authentication, the process shown in FIG. 4 can be simplified as shown in FIG. That is, in this case, it is not essential to encrypt the second random number with the client private key and send the public key certificate A to the communication device B. In this case, the processing of steps S23 and S24 on the server device 30 side is not necessary. In this way, the server device 30 cannot authenticate the client device 40, but this processing is sufficient when the client device 40 only needs to authenticate the server device 30.
In this case, only the root key certificate may be stored in the client device 40, and the client private key and the client public key certificate are unnecessary. Further, it is not necessary for the server device 30 to store the root key certificate. Therefore, in this case, the update process of each root key certificate described below can be simplified to the process of updating only the root key certificate of the client device 40 and the server public key certificate of the server device 30. .

  Next, the description will proceed to the update process of the root key certificate. The root key update process described here is a process according to the first embodiment of the digital certificate management method of the present invention. The processing shown in the sequence diagram of 12 is executed in the order shown in the flowchart of FIG. First, the contents of the processing shown in each sequence diagram of FIGS. 6 to 12 will be described, and then the execution order will be described with reference to FIG. The processing shown in the following drawings is performed by each CPU of the certificate management device 10, the server device 30, and the client device 40 executing a required control program.

First, the root key certificate creation process is shown as process S in the sequence diagram of FIG.
In this process, the certificate management apparatus 10 creates a new root private key / root key pair for a valid root private key in step S101. Here, the “valid” root private key means the root private key currently used for authentication processing in the client / server system. More precisely, the root private key is used to sign a digital signature. It is assumed that the attached certificate is stored in the server device 30 or the client device 40 in a state used for authentication processing. Whether the private key created in the past is valid is stored in the configuration storage unit 26, information on the expiration date of the public key certificate and the root key certificate stored in the certificate management unit 23, and whether or not they are updated. Judgment is based on information such as the ID information of the public key certificate and root key certificate used by each node and the identification information of the root private key used for the digital signature included in the certificate. be able to. Also, the previous key that should be replaced with the new key will be referred to as the “old” key. The same applies to certificates.
In step S102, a digital signature using the previous root private key is attached to the new root key created in step S101, and a distribution root key certificate which is a first certification key certificate is created.
The above is the root key certificate creation process.

Next, the sequence diagram of FIG. 7 shows the root key certificate storage process of the server apparatus as process 1.
In this process, first, in step S111, the certificate management apparatus 10 transmits an update request to the server apparatus 30 together with the distribution root key certificate created in step S102 of FIG. In this process, the CPU 11 of the certificate management apparatus 10 functions as a second transmission unit.

Upon receiving this request, the server device 30 confirms the validity of the distribution root key certificate using the previous root key certificate in step S112. As described above, the distribution root key certificate has a digital signature using the conventional root private key. Therefore, the contents are decrypted using the conventional root key, and the certificate management device is surely used. 10 can be confirmed. At this time, it can also be confirmed that the root key is not damaged or falsified as described in the background art section with reference to FIG. Therefore, by using such a distribution root key certificate, the legitimacy of the received root key can be confirmed without manual intervention.
If this can be confirmed, the distribution root key certificate is stored in the certificate storage unit 31 in the next step S113. At this time, the previous root key certificate is not deleted yet. Accordingly, two root key certificates are stored in the certificate storage unit 31.

If authentication is performed in this state, when verifying the validity of the received public key certificate, it will attempt to check using two root key certificates in sequence, and check using either root key certificate. If is successful, the validity is confirmed. Therefore, it is possible to confirm the validity of a digital certificate with a digital signature using either the old or new root private key. When the distribution root key certificate is used for authentication processing, it can be confirmed that the root key is not damaged or falsified by using the conventional root key certificate. In these steps S112 and S113, the CPU of the server device 30 functions as a second server-side updating unit.
Thereafter, the server device 30 returns a result notification as a response to the update request to the certificate management device 10 in step S114. If the distribution root key certificate has been successfully stored, the server device 30 fails for some reason. If so, communicate that fact. This result notification is information indicating that at least the server device 30 has received the distribution root key certificate. The following result notifications have the same meaning.
The above is the root key certificate storage process of the server device.

Next, the root key certificate storage process of the client apparatus is shown as process 2 in the sequence diagram of FIG.
In this process, first, in step S121, the certificate management apparatus 10 transmits an update request to the client apparatus 40 together with the distribution root key certificate created in step S102 of FIG. Send the requested update request transmission request. In response to this, the server device 30 transmits the distribution root key certificate and its update request to the client device 40, but cannot send a transmission request from the server device 30 side. Therefore, the client device 40 periodically transmits a communication request to the server device 30 at a predetermined timing (S122), and transmits a distribution root key certificate and its update request as a response thereto. (S123).

  The client device 40 may transmit a communication request to the server device 30 as an HTTP request, and a request or data to be transmitted from the server device 30 to the client device 40 may be transmitted as an HTTP response as a response thereto. In this way, even when the client device 40 is installed inside the firewall, data can be transferred from the server device 30 to the client device 40 beyond this.

Means beyond the firewall are not limited to this, and it is also conceivable to use, for example, SMTP (Simple Mail Transfer Protocol) to transmit a mail in which data to be transmitted is described or attached. However, HTTP is superior in terms of reliability.
As a result of the above processing, the distribution root key certificate and its update request are transmitted from the certificate management device 10 to the client device 40 via the server device 30. In the processing of step S121, the certificate The CPU 11 of the management apparatus 10 functions as a first transmission unit.

Upon receiving this request, the client device 40 confirms the validity of the distribution root key certificate using the previous root key certificate in step S124. If this can be confirmed, the distribution root key certificate is stored in the certificate storage unit 41 in the next step S125. At this time, the previous root key certificate is not deleted yet. Details of these confirmations and storages are the same as in steps S112 and S113 of FIG. 7, and in these steps, the CPU of the client device 40 functions as a second client-side updating unit.
Thereafter, the client device 40 returns a result notification as a response to the update request to the certificate management device 10 in step S126. This is first transmitted to the server device 30, and the server device 30 manages the certificate in step S127. Send to the device.
The above is the root key certificate storage processing of the client device.

Next, a public key certificate storage process of the client apparatus is shown as process 3 in the sequence diagram of FIG.
In this process, first, in step S131, the certificate management apparatus 10 attaches a digital signature using the new root private key to the client public key issued to the client apparatus 40, and creates a new client public key certificate. Create Since the client private key is not updated, it is not necessary to update the client public key itself.

In step S132, the certificate management apparatus 10 transmits an update request transmission request for requesting the server apparatus 30 to transmit the update request to the client apparatus 40 together with the new client public key certificate created in step S131. To do. In response to this, the server device 30 transmits a new client public key certificate and its update request as a response to the communication request (S133) from the client device 40, as in steps S122 and S123 of FIG. (S134).
Through the above processing, the new client public key certificate and its update request are transmitted from the certificate management apparatus 10 to the client apparatus 40 via the server apparatus 30. In the process of step S132, certificate management is performed. The CPU 11 of the apparatus 10 functions as a first transmission unit.

  Upon receiving this request, the client device 40 confirms the validity of the new client public key certificate in step S135 using the distribution root key certificate stored in step S125 of FIG. As described above, since the new client public key certificate has a digital signature using the new root private key, the contents are decrypted using the new root key included in the distribution root key certificate. Certainly, it can be confirmed that the certificate is issued to the client device 40 by the certificate management device 10. If this can be confirmed, the new client public key certificate is stored in the certificate storage unit 41 in the next step S136. In these steps S135 and S136, the CPU of the client device 40 functions as a first client-side update unit.

At this time, the previous client public key certificate is not yet deleted. Therefore, the certificate storage unit 41 stores two client public key certificates. When authentication processing is performed in this state and a public key certificate is transmitted to a communication partner, first, a new public key certificate is transmitted.
In this case, if the communication partner has already stored the new root key (as a distribution root key certificate or a new root key certificate described later), the digital signature of the new public key certificate can be decrypted. You can get certified. On the other hand, if the communication partner does not store the new root key, the digital signature of the new public key certificate cannot be decrypted, and a response indicating that the authentication has failed is received. However, even in this case, if the communication is requested again and the previous public key certificate is transmitted at this time, the digital signature attached to the previous root key can be decrypted, so that the authentication can be performed without any problem. Can receive.

Therefore, if two public key certificates are stored, some overhead may occur when the communication partner does not store the new root key, but the authentication process can be performed without any problem. Since the public key bodies included in the two public key certificates are the same, the decryption of the data encrypted using the client private key is the same regardless of which public key certificate is used. It can be carried out.
Thereafter, the client device 40 returns a result notification as a response to the update request to the certificate management device 10 in step S137. This is first transmitted to the server device 30, and the server device 30 manages the certificate in step S138. Send to the device.
The above is the public key certificate storage processing of the client device.

Next, the public key certificate storage process of the server apparatus is shown as process 4 in the sequence diagram of FIG.
In this process, first in step S141, the certificate management apparatus 10 attaches a digital signature using the new root private key to the server public key issued to the client apparatus 40, and creates a new server public key certificate. Create The fact that the server public key itself does not need to be updated is similar to the case of the client public key described above.
In step S142, the certificate management apparatus 10 transmits an update request to the server apparatus 30 together with the new server public key certificate. In this process, the CPU 11 of the certificate management apparatus 10 functions as a second transmission unit.

  Upon receiving this request, the server device 30 confirms the validity of the new public key certificate in step S143 using the distribution root key certificate stored in step S113 of FIG. This is the same as in step S135 of FIG. If this can be confirmed, in the next step S144, the new server public key certificate is stored in the certificate storage unit 41 and replaced with the previous server public key certificate. In these steps S143 and S144, the CPU of the server device 30 functions as a first server-side updating unit.

By the way, in the case of the server device 30, unlike the case of the client device 40, when storing a new public key certificate, it is necessary to replace it instead of adding it to the previous one. The point will be described.
In the case of the server device 30, the public key certificate is transmitted to the client device 40 when there is a connection request from the client device 40, but if a plurality of server public key certificates are stored, One of them will be selected and transmitted. If the server public key certificate that cannot decrypt the digital certificate is transmitted on the client device 40 side, the authentication fails. For example, when the client device 40 transmits a new server public key certificate before storing the new root key.

  Even if it fails, there is an idea that the next server public key certificate should be sent when there is a next connection request, but it can receive a connection request from an unspecified number of client devices at any time In the case of a server device, it is not realistic to select a server public key certificate to be transmitted for each client device. In addition, it is difficult to properly select the server public key certificate to be transmitted first because the server device usually does not know what the client device is until authentication is completed. Therefore, it is necessary to store only one server public key certificate in the server device and always transmit this when a connection request is received from the client device.

Accordingly, since the server server 30 deletes the previous server public key certificate when the new server public key certificate is stored, if this is performed before the client device 40 stores the new root key, The digital signature of the server public key certificate cannot be decrypted on the client device side, and authentication processing cannot be performed. Therefore, the public key certificate storage processing of the server device 30 needs to be performed after the root key certificate storage processing of the client device is completed.
After completion of step S144 as described above, the server device 30 returns a result notification as a response to the update request to the certificate management device 10 in step S145, and if the new server public key certificate has been successfully stored, If it has failed for some reason, tell the fact.
The above is the public key certificate storage processing of the server device.

Next, the process shown in the sequence diagram of FIG.
In this process, first, in step S151, the certificate management apparatus 10 creates a new root key certificate as a second certification key certificate by attaching a digital signature using the new root private key to the new root key. In step S152, the certificate management apparatus 10 transmits an update request to the server apparatus 30 together with the new root key certificate. Also in this process, the CPU 11 of the certificate management apparatus 10 functions as a second transmission unit.

Upon receiving this request, the server device 30 confirms the validity of the new root key certificate using the distribution root key certificate in step S153. As described above, since the digital signature using the new root private key is attached to the new root key certificate, the contents are decrypted using the new root key included in the distribution root key certificate, It can be confirmed that the certificate has been issued by the certificate management apparatus 10.
If this can be confirmed, the new root key certificate is stored in the certificate storage unit 31 in the next step S154. Then, the distribution root key certificate and the previous root key certificate are deleted and discarded, and the root key certificate is rewritten with a new one. In this case, the digital certificate with the digital signature using the conventional root private key cannot be decrypted. However, after the new client public key certificate is stored in the client device 40, the client certificate Since there is no problem in confirming the public key certificate sent from the device 40, there is no problem in the authentication process.

Thereafter, in step S155, the server device 30 returns a result notification to the certificate management device 10 as a response to the update request. If so, inform them.
The above is the root key certificate rewriting process of the server device.

Next, the root key certificate rewriting process of the client apparatus is shown as process 6 in the sequence diagram of FIG.
In this process, first, in step S161, the certificate management apparatus 10 creates a new root key certificate as a second certification key certificate by attaching a digital signature using the new root private key to the new root key. Since this is the same as that created in step S151 in FIG. 11, the one created here may be used. Conversely, in step S151 in FIG. 11, the one created in step S161 may be used.

In step S162, the certificate management apparatus 10 transmits an update request transmission request for requesting the server apparatus 30 to transmit the update request to the client apparatus 40 together with the new root key certificate created in step S161. . In response to this, the server device 30 transmits the new root key certificate and its update request as a response to the communication request (S163) from the client device 40, as in steps S122 and S123 of FIG. (S164).
Through the above processing, the new root key certificate and its update request are transmitted from the certificate management device 10 to the client device 40 via the server device 30. Even in the processing of step S162, the certificate management device. Ten CPUs 11 function as first transmission means.

  Upon receiving this request, the client device 40 confirms the validity of the new root key certificate using the distribution root key certificate in step S165. If this can be confirmed, the new root key certificate is stored in the certificate storage unit 41 in the next step S166. Then, the distribution root key certificate and the previous root key certificate are deleted and discarded, and the root key certificate is rewritten with a new one. These processes are the same as those in steps S153 and S154 in FIG. However, if the new client public key certificate has been stored in the client device 40, the previous client public key certificate may be discarded at the same time in step S166.

Thereafter, the client device 40 returns a result notification as a response to the update request to the certificate management device 10 in step S167. This is first transmitted to the server device 30, and the server device 30 manages the certificate in step S168. Send to the device.
The above is the root key certificate rewriting process of the client device.

The execution timing of each process shown in FIGS. 6 to 12 is managed by creating an update procedure based on the information stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10. To do. The update procedure is as shown in the flowchart of FIG. That is, when the update reason for the root key is detected, the process shown in the flowchart of FIG. 13 is started, the process S shown in FIG. 6 is first executed, and then the processes 1 to 6 are executed. Note that the reason for updating the root key may be a predetermined expiration date, an instruction from the administrator, or the like. As a case where the administrator issues an update instruction, there is a case where leakage of the root private key to a third party is found.
In FIG. 13, the process at the end of the arrow starts after all the processes at the base of the arrow are completed. About the arrow shown with the broken line, although the condition is not essential, it shows that it is more preferable to consider.

  Specifically, the process 1 and the process 2 are started after the process S is completed. The process 3 starts after the completion of the process 2, but it is preferable to start after the process 1 is also completed. Process 4 starts after process 1 and process 2 are completed. Process 5 starts after process 1 and process 3 are completed. Process 6 starts after process 2 and process 4 are completed. Then, when all the processes 3 to 6 are completed, the update of the root key and the public key certificate is finished.

  Note that. Each process may be completed when a response of a successful update to the update request is received. As described above, this response includes information indicating that the certificate to be updated has been received. If an update failure response is received or if the process times out, the same process may be tried again, but if the process fails for a predetermined number of times, the entire update process may have failed.

  Here, as shown in FIG. 7 and the like, when the certificate management apparatus 10 transmits an update request to the server apparatus 30, the server apparatus 30 completes the storage of the received certificate and the like and notifies the result notification. Explained how to return. However, as shown in FIG. 14, when the server device 30 receives an update request, it may return a reception response immediately (S111 ′). In this case, the reception response in step S111 ′ becomes information indicating that the update request and distribution root key certificate transmitted by the certificate management apparatus 10 have been received normally. In addition, the result notification in step S114 is information that conveys the success or failure of the update and the cause thereof. Also for this result notification, the certificate management apparatus 10 may return a reception response (S114 ′). In this way, the server apparatus 30 can also grasp that the result notification has been received normally by the certificate management apparatus 10.

The communication procedure between the server device 30 and the client device 40 is the same procedure. When any request is received, a reception response is immediately returned to the transmission source, and the result notification is also received. In such a case, a reception response should be immediately returned to the transmission source. FIG. 15 shows a sequence in which the above concept is adopted in the sequence shown in FIG.
The reception response in step S123 ′ is information indicating that the client device 40 has received the distribution root key certificate and the update request. In the sequence in which the above concept is simply adopted in the sequence shown in FIG. This information is not transmitted to the certificate management apparatus 10 until the server apparatus 30 notifies the result of step S127.
Therefore, as indicated by a broken line in FIG. 15, after receiving a reception response from the client device 40, the server device 30 may notify the certificate management device 10 of only transmission success / failure as a transmission result notification. Good. In this way, success or failure of transmission to the client device 40 can be promptly notified to the certificate management device 10.

In addition, when the result notification is performed as described above, in the execution timing management of each process as described with reference to FIG. 13, when there is a reception response from the transmission destination such as a certificate, the transmission destination It is also possible to proceed to the previous stage with the expectation that certificate storage and setting will proceed without delay. Specifically, even if the processing 1 is not completely completed, if there is a reception response as shown in step S111 ′ in FIG. 14, it is determined that the processing 1 is completed, and the start time of the processing 4 is determined. You may do it. Even if the processing 2 is not completely completed, if the transmission result notification is received as shown in step SA of FIG. 15, it is assumed that the processing 2 is completed and the start time of the processing 4 is determined. Also good.
Here, FIGS. 14 and 15 only show modified examples of the sequences of FIGS. 7 and 8, respectively. However, the above concept includes those shown in the following examples and modified examples. It can be applied to all processes and sequences.

  When the root key update process is performed according to the procedure shown in FIG. 13 based on the timing management as described above, the server apparatus 30 and the client apparatus 40 can mutually perform the authentication process by SSL at any time of the process. Therefore, even if the update process is interrupted in the middle as described above, communication between the server device 30 and the client device 40 is not significantly hindered. Therefore, even if the update process fails, it takes no time to specify the cause of the failure and then perform the update process again. The same applies to the subsequent embodiments.

  In this digital certificate management system, the root key can be automatically controlled without greatly affecting the authentication process between the server apparatus 30 and the client apparatus 40 by performing the root key update process in such a procedure. Can be updated. Also, authentication is performed using the previous (before update) root key and public key certificate to secure a communication path by SSL, and a new root key and new public key certificate for update are transmitted through the communication path. be able to. Further, after the update is completed, authentication using the new root key or new public key certificate can be performed so that a communication path by SSL can be secured. Therefore, by using such a digital certificate management system, the root key can be updated without preparing a special communication path for updating the root key. The system can be operated at low cost. This also applies to the subsequent embodiments.

  In addition, it is necessary to provide a separate secure communication path between the certificate management apparatus 10 and the server apparatus 30. This is usually performed by updating a public key certificate due to expiration or the like. A common communication path may be used for the necessary processing. In addition, since such a communication path only needs to be provided between the certificate management apparatus 10 and only one apparatus, there is no particular burden. When the certificate management apparatus 10 and the server apparatus 30 are physically close to each other, it is easy to provide such a path by connecting with a dedicated cable, and this embodiment is preferable in such a case. It can be said that it is a thing.

In the processing procedure shown in FIG. 13, this embodiment is characterized by first processing 4 (server device public key certificate storage processing) after processing 2 (client device root key certificate storage processing). That is, it is executed after a response indicating that the distribution root key certificate has been received from the client device 40.
As described above in the description of the processing 4, it is inconvenient for the server device 30 to store two public key certificates at the same time. Therefore, when storing a new server public key certificate, it is necessary to discard the previous one. However, even if such rewriting is performed, the authentication process will not be hindered after the new root key is stored in the client device 40.

Also, after processing 1 (client device public key certificate storage processing) after processing 1 (server device root key certificate storage processing), that is, a response indicating that the distribution root key certificate has been stored from the server device 30 It is better to run after there.
As described above in the description of the processing 3, if the new root key is not stored in the server device 30 when the new client public key certificate is stored in the client device 40, the new root key is stored in the server device 30. This is because an overhead is generated in the communication until the communication efficiency is reduced.

  The processes 5 and 6 are not essential processes, but if the previous root key certificate and public key certificate are stored indefinitely, the storage capacity is wasted. For storing keys and certificates, it is preferable to use a highly reliable storage means, and therefore the cost per capacity is high, which is a big problem. Further, since the distribution root key certificate is not in a self-signed form, it is necessary to refer to the previous root key certificate when used, and the processing efficiency is poor. Therefore, processing 5 and processing 6 are performed so that the root key certificate is in a self-signed format and the previous certificate is discarded.

  If only the root key certificate is rewritten to a self-signed one, it may be performed immediately after storing the distribution root key certificate, for example, immediately after the completion of the process 1 in the case of the process 5. At this point, the previous root key certificate cannot always be discarded. Since the deletion timing cannot be determined on the server device 30 side, it becomes necessary to make a request to discard the previous root key certificate again after the end of the process 3. Therefore, it is preferable from the viewpoint of simplification of the processing that the processing 5 is performed after the processing 1 and the processing 3 are completed. Processing 6 is also preferably performed after processing 2 and processing 4 are completed for the same reason.

  Note that once the root key is stored, it is generally not necessary to transmit it to the outside, and subsequent damage or tampering is unlikely. Therefore, it is possible to store only the key portion instead of the root key certificate. In such a case, it is only necessary to store the new root key included in the distribution root key certificate, so there is no need to separately transmit the new root key certificate from the certificate management apparatus 10. Therefore, in such a case, in processing 5 and processing 6, it is only necessary to request the disposal of the previous root key without transmitting the new root key certificate. The same applies to the case where the digital signature is not confirmed when the root key is used.

  In this embodiment, the example in which the transmission from the server device 30 to the client device 40 is performed as a response to the communication request from the client device 40 has been described. However, the server device 30 can also function as a client, and the client device 40 may function as a server, and by these functions, data and requests may be transmitted directly from the server apparatus 30 to the client apparatus 40. In such a case, a communication request by the client device 40 is not necessary. This also applies to the following embodiments.

[Second Embodiment: FIGS. 16 to 23]
Next, a second embodiment of the digital certificate management system according to the present invention, comprising a certificate management device which is a digital certificate management device according to the present invention, and a client device and a server device constituting a client / server system. The configuration of the form will be described. Also in this embodiment, each one client and server constitutes a client / server system. This embodiment is an example different from the first embodiment in which the present invention is applied to the most basic system. is there.
FIG. 16 is a functional block diagram corresponding to FIG. 2 showing a functional configuration of a part that is a feature of this embodiment of each apparatus constituting the digital certificate management system. In this figure, parts corresponding to those in FIG.

As can be seen from this figure, in this digital certificate management system, first, the certificate management apparatus 10 can directly communicate with only the client apparatus 40 among the apparatuses constituting the client / server system. The request for the device 30 is different from that of the first embodiment in that the client device 40 relays the request.
In addition, the server function unit 44 is provided in the client device 40 as well, but the server function unit 44 performs a necessary process on the received request and returns a response. It has a function as a server and is provided for communication with the certificate management apparatus 10. If the client device 40 has only the client function unit 43, it is necessary to wait for a communication request from the client device 40 when data or a request is transmitted from the certificate management device 10 to the client device 40.

  However, the root key update process is not frequently performed, for example, once a year. For this reason, if the client device 40 periodically makes a communication request to the certificate management device 10. Most communication will be wasted. Therefore, a server function unit 44 is provided in the client device 40 so that communication can be requested from the certificate management device 10 side. The function of the server function unit 44 is also realized by the CPU of the client device 40 executing a required control program and controlling the operation of each unit of the client device 40.

  However, the client device 40 always functions as a client in relation to the server device 30 constituting the client / server system. Therefore, when mediating communication from the certificate management device 10 to the server device 30, the server function unit 44 receives the data and request received from the certificate management device 10 by the communication function unit 42, and this is received by the client function. Passed to the unit 43, communication with the server device 30 is requested based on an instruction from the client function unit 43 and transmitted to the server device 30. When a response from the server device 30 is returned to the certificate management device 10, the process is reversed.

Although the sequence of the root key update process is changed along with these changes, the other points are the same as those in the first embodiment, and thus description thereof is omitted.
In this case as well, communication between the certificate management apparatus 10 and the client apparatus 40 is performed via a communication path that can ensure safety, such as a direct line. However, in this embodiment, it is possible to use SSL for communication between the certificate management apparatus 10 and the client apparatus 40, but the configuration in this case will be described later as a modification.

  The root key update operation in this digital certificate management system is an operation according to the second embodiment of the digital certificate management method of the present invention, and uses the processing shown in the sequence diagrams of FIGS. 17 to 22 and FIG. The process S described above is executed in the order shown in the flowchart of FIG. First, the contents of the processing shown in each sequence diagram of FIGS. 17 to 22 will be described, and then the execution order will be described with reference to FIG. The processing shown in the following drawings is performed by each CPU of the certificate management device 10, the server device 30, and the client device 40 executing a required control program.

First, in the sequence diagram of FIG. 17, a root key certificate storage process of the server apparatus is shown as process 11.
This process is a process having the same purpose as the process 1 shown in FIG. 7, but here the procedure is slightly different because the apparatus that directly communicates with the certificate management apparatus 10 is the client apparatus 40.

That is, first, in step S211, the certificate management apparatus 10 requests the client apparatus 40 to send an update request to the server apparatus 30 together with the distribution root key certificate created in step S102 of FIG. Send a request transmission request. In response to this, the client device 40 transmits a distribution root key certificate and its update request to the server device 30 (S212). Since the client device 40 can request communication with the server device 30, there is no need to wait for a communication request as in the case of FIG .
With the above processing, the distribution management key key certificate and its update request are transmitted from the certificate management apparatus 10 to the server apparatus 30 via the client apparatus 40. In the process of step S211, certificate management is performed. The CPU 11 of the apparatus 10 functions as a second transmission unit.

  Upon receiving the update request transmitted in step S212, the server device 30 confirms the validity of the distribution root key certificate using the previous root key certificate in step S213. In step S214, the distribution root key certificate is stored in the certificate storage unit 31. These processes are exactly the same as the processes in steps S112 and S113 in FIG.

The server device 30 then returns a result notification as a response to the update request to the certificate management device 10 in step S215, which is first transmitted to the client device 40, and the client device 40 manages the certificate in step S216. Send to the device. The result notification can be transmitted as a response to the update request received from the client device 40, so there is no need to wait for a communication request from the client device 40.
The above is the root key certificate storage processing of the server device in this embodiment.

Next, the root key certificate storage processing of the client apparatus is shown as processing 12 in the sequence diagram of FIG.
This process has the same purpose as the process 2 shown in FIG. 8, but the procedure is slightly different as in the case of the process 11.
In this process, first, in step S221, the certificate management apparatus 10 transmits the distribution root key certificate created in step S102 of FIG. 6 and its update request to the client apparatus 40. In this process, the CPU 11 of the certificate management apparatus 10 functions as a first transmission unit.

The client device 40 receives this request, using conventional root key certificate to verify the validity of the distribution root key certificate in step S222, when it is confirmed, the root key for distribution in the next step S223 The certificate is stored in the certificate storage unit 41. These processes are exactly the same as the processes in steps S124 and S125 of FIG.
Thereafter, the client device 40 returns a result notification to the certificate management device 10 as a response to the update request in step S224.
The above is the root key certificate storage processing of the client device in this embodiment.

  19, the client device public key certificate storage processing is performed as processing 13, the server device public key certificate storage processing is performed as processing 14 in FIG. 20, and the server device root key certificate rewrite processing as processing 15 in FIG. The processing is shown in FIG. 22 as processing 16 as the root key certificate rewriting processing of the client device, which is the same as processing 3 to processing 6 described with reference to FIGS. 9 to 12 in the first embodiment. This is a target process, and the communication procedure is only slightly changed in the same manner as in the case of the process 11 and the process 12 in association with the client apparatus 40 that communicates directly with the certificate management apparatus 10. Therefore, description of these processes is omitted.

Further, the execution timing of each of the processes shown in FIGS. 17 to 22 and the process S shown in FIG. 6 is the information stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10. Create and manage update procedures based on this. The updating procedure is as shown in the flowchart of FIG. That is, when updating the root key, first, the process S shown in FIG. 6 is executed, and then the processes 11 to 16 are executed.
As is apparent from the description of FIG. 23, the root key update processing in the second embodiment performs processing corresponding to the case of the first embodiment shown in FIG. 13 in the same order. And the effect by this is the same as that of the case of 1st Embodiment.

That is, in the digital certificate management system according to the second embodiment, the root key update process is performed according to such a procedure, so that the client device 40 among the devices constituting the client / server system by the certificate management device 10. Even in the case where communication with only the client device is possible, the root key can be updated by automatic control without significantly affecting the authentication process between the server device 30 and the client device 40, as in the case of the first embodiment. . Therefore, by using such a digital certificate management system, it is possible to update the root key without preparing a special communication path for updating the root key. The system can be operated at low cost.
In this embodiment, it is necessary to provide the server function unit 44 in the client device 40. However, since there is no portion that needs to wait for a communication request in the procedure of the root key update process, the process proceeds promptly, and a short period of time. Can be completed with.

[Third Embodiment: FIGS. 24 to 27]
Next, a third embodiment of the digital certificate management system according to the present invention, which is constituted by a certificate management device which is a digital certificate management device according to the present invention, and a client device and a server device constituting a client / server system, is described. The configuration of the form will be described.
This digital certificate management system is different from the digital certificate management system of the first embodiment only in the contents of the root key update process, and the configuration of the apparatus is the same as that of the first embodiment, so that the description thereof will be given. Is omitted.

The root key update operation in this digital certificate management system is an operation according to the third embodiment of the digital certificate management method of the present invention, and the processes shown in the sequence diagrams of FIGS. 24 to 27 are executed in this order. To do. The processes shown in the following drawings are performed by the CPUs of the certificate management apparatus 10, the server apparatus 30, and the client apparatus 40 by executing a required control program.
When the certificate management apparatus 10 of this digital certificate management system detects the reason for updating the root key, it starts the processing shown in the sequence diagram of FIG.

The process illustrated in FIG. 24 is a process T corresponding to the process S illustrated in FIG. 6 in the description of the first embodiment. First, in steps S301 and S302, as in the case of steps S101 and S102 in FIG. 6, a new root private key / root key pair is created for the valid root private key, and the new root key is followed. A digital signature using the root private key is attached to create a distribution root key certificate which is a first certification key certificate.
In step S303, as in step S151 of FIG. 11, a new root key certificate is created as a second certification key certificate by attaching a digital signature using the new root private key to the new root key. To do.

Subsequently, the process 21 shown in the sequence diagram of FIG. 25 is performed. This process corresponds to a process in which the process 2 shown in FIG. 8 and the process 3 shown in FIG. 9 are combined in the description of the first embodiment, and a part of the process 6 shown in FIG. 12 is further added.
Here, first, in step S311, as in step S131 of FIG. 9, the certificate management apparatus 10 creates a new client public key certificate by attaching a digital signature using a new root private key to the client public key. To do.

In step S312, the certificate management apparatus 10 sends to the server apparatus 30 the distribution root key certificate created in step S302 of FIG. 24, the new root key certificate created in step S303 of FIG. Along with the new client public key certificate created in S 311, an update request transmission request for transmitting an update request for these to the client device 40 is transmitted. In response to this, the server apparatus 30 transmits these certificates and update requests for them as a response to the communication request (S313) from the client apparatus 40, as in the case of steps S122 and S123 of FIG. (S314).
As a result of the above processing, the certificate management apparatus 10 transmits the certificates and the update request for them to the client apparatus 40 via the server apparatus 30. In the process of step S312, the certificate The CPU 11 of the management apparatus 10 functions as a first transmission unit.

Upon receiving this request, the client device 40 confirms the validity of the distribution root key certificate using the previous root key certificate in steps S315 and S316, as in steps S124 and S125 of FIG. If this can be confirmed, the distribution root key certificate is stored in the certificate storage unit 41. At this time, the previous root key certificate is not deleted yet.
In step S317, the validity of the new root key certificate is confirmed using the stored distribution root key certificate in the same manner as in step S165 of FIG. If this can be confirmed, the new root key certificate is stored in the certificate storage unit 41 in the next step S318. At this point, the distribution root key may be deleted, but it is stored here.
In these processes of steps S315 to S318, the CPU of the client device 40 functions as a second client-side update unit.

  Next, in steps S319 and S320, as in the case of steps S135 and S136 in FIG. 9, the validity of the new client public key certificate is confirmed, and if this can be confirmed, the new client public key certificate is stored in the certificate storage. Store in the unit 41. However, since the new root key certificate is already stored here, the validity of the new client public key certificate can be confirmed using the new root key certificate instead of the distribution root key certificate. In these steps S319 and S320, the CPU of the client device 40 functions as a first client-side updating unit.

  At this time, the previous client public key certificate is not yet deleted. Accordingly, the certificate storage unit 41 is in a state where two client public key certificates are stored. When a public key certificate is transmitted to the communication partner in this state, a new public key certificate is first transmitted. Here, since the new root key is not stored in the server device 30 yet, the server device 30 cannot decrypt the digital signature of the new public key certificate and receives a response indicating that the authentication has failed. However, even in this case, if communication is requested again and the previous public key certificate is transmitted at this time, the digital signature attached thereto can be decrypted by the previous root key. it can.

Note that the processing in steps S319 and S320 may be performed before the processing in steps S317 and S318. In this case, the validity is confirmed in step S319 using the distribution root key certificate.
Thereafter, in step S321, the client device 40 returns a result notification as a response to the update request to the certificate management device 10, which is first transmitted to the server device 30, and the server device 30 receives the certificate in step S322. It transmits to the management apparatus 10.

Then, the process 22 shown in the sequence diagram of FIG. 26 is subsequently performed. This process corresponds to the process in which the process 1 shown in FIG. 7 and the process 4 shown in FIG. 10 are combined in the description of the first embodiment and a part of the process 5 shown in FIG. 11 is further added.
Here, first, in step S323, as in the case of step S141 in FIG. 10, the certificate management apparatus 10 creates a new server public key certificate by attaching a digital signature using the new root private key to the server public key. To do.

In step S324, the certificate management apparatus 10 sends to the server apparatus 30 the distribution root key certificate created in step S302 of FIG. 24, the new root key certificate created in step S303 of FIG. An update request for these is sent together with the new server public key certificate created in step S323. In the process of step S324, the CPU 11 of the certificate management apparatus 10 functions as a second transmission unit.
Upon receiving this request, the server device 30 confirms the validity of the distribution root key certificate using the previous root key certificate in steps S325 and S326, as in steps S112 and S113 of FIG. If this can be confirmed, the distribution root key certificate is stored in the certificate storage unit 31. At this time, the previous root key certificate is not deleted yet.

Further, in step S327, as in the case of step S153 in FIG. 11, the validity of the new root key certificate is confirmed using the stored distribution root key certificate. If this can be confirmed, in the next step S328, the new root key certificate is stored in the certificate storage unit 31, and the distribution root key certificate and the previous root key certificate are discarded. At this point, since the new client public key certificate has already been stored in the client device 40, the previous root key is unnecessary, and the processing procedure is more likely to be discarded here than to be requested to discard it again. This is for simplicity. Of course, the disposal request may be made again.
In these steps S324 to S328, the CPU of the server device 30 functions as a second server-side updating unit.

  Next, in steps S329 and S330, as in the case of steps S143 and S144 in FIG. 10, the validity of the new server public key certificate is confirmed. If this can be confirmed, the new server public key certificate is stored in the certificate storage. Stored in the unit 31 and replaced with the previous server public key certificate. However, since the new root key certificate is already stored here, the validity of the new client public key certificate can be confirmed using the new root key certificate instead of the distribution root key certificate. In these steps S329 and S330, the CPU of the server device 30 functions as a first server-side updating unit.

At this time, the reason for deleting the previous server public key certificate is as described in the description of FIG. 9 in the first embodiment. Since the new root key is already stored in the client device at the time of step S330, there is no problem with the authentication process if the new server public key certificate is stored.
Note that the processing in steps S329 and S330 may be performed before the processing in steps S327 and S328. In this case, the validity is confirmed in step S329 using the distribution root key certificate.

Thereafter, the server device 30 returns a result notification as a response to the update request to the certificate management device 10 in step S331.
Through the processing shown in FIG. 26, the root key update processing is completed on the server device 30 side.

Subsequently, the process 23 shown in the sequence diagram of FIG. 27 is performed.
Here, first, in step S332, the certificate management device 10 requests the server device 30 to send an old key discard request for requesting the client device 40 to send an old key discard request for discarding an unnecessary digital certificate. Send a request. In response to this, the server apparatus 30 transmits an old key discard request as a response to the communication request (S333) from the client apparatus 40 (S334).
Through the above processing, the old key discard request is transmitted from the certificate management apparatus 10 to the client apparatus 40 via the server apparatus 30.

Upon receiving this request, the client device 40 discards the distribution root key certificate, the previous root key certificate, and the previous client public key certificate stored in the certificate storage unit 41 in step S335. . At this time, since the new root key certificate and the new server public key certificate are stored in the server device 30, even if these certificates are deleted, the authentication process is not affected.
Thereafter, the client device 40 returns a result notification as a response to the update request to the certificate management device 10 in step S336. This is first transmitted to the server device 30, and the server device 30 manages the certificate in step S337. Transmit to the device 10.
Thus, the root key update process is completed.

  Also in this digital certificate management system, the root key update process is performed in such a procedure, so that the authentication process between the server apparatus 30 and the client apparatus 40 is greatly affected as in the case of the first embodiment. The root key can be updated automatically without giving Therefore, by using such a digital certificate management system, the root key can be updated without preparing a special communication path for updating the root key. The system can be operated at low cost.

In this embodiment, since the new client public key certificate is stored in the client device 40 before the server device 30 stores the new root key, the communication until the server device 30 stores the new root key. There is an overhead due to the server device 30 being unable to decrypt the digital signature of the new client public key certificate. However, on the other hand, the root key can be updated only by transmitting a total of three requests from the certificate management device 10 to the server device 30 (or the client device 40 via the server device 30). Therefore, as compared with the first embodiment that requires six request transmissions, there is an effect that the management of the processing procedure and the design of the program are easy. When the number of server devices and client devices to update the root key certificate is large, this effect becomes even greater, and this embodiment is effective.
Further, in the processing 21 and processing 22, if the validity of each certificate is confirmed and the necessary items are stored in a lump, the number of accesses to the non-volatile memory storing the certificate can be reduced, and the processing can be performed. It is possible to reduce the load and speed up the processing.

[Fourth Embodiment: FIGS. 24, 28 to 30]
Next, a fourth embodiment of the digital certificate management system according to the present invention, comprising a certificate management device which is a digital certificate management device according to the present invention, and a client device and a server device constituting a client / server system. The configuration of the form will be described.
This digital certificate management system differs from the digital certificate management system of the second embodiment only in the contents of the root key update process, and the configuration of the apparatus is the same as that of the second embodiment. Is omitted.

  The root key update operation in the digital certificate management system is an operation according to the fourth embodiment of the digital certificate management method of the present invention. The process T and the process shown in the sequence diagrams of FIGS. 31 to 33 are executed in this order. These processes are performed by the CPUs of the certificate management apparatus 10, the server apparatus 30, and the client apparatus 40 by executing a required control program.

  Further, these processes are the same as those in the third embodiment for the part shown in FIG. 24, and the parts shown in FIGS. 28 to 30 are shown in FIGS. 25 to 27 in the third embodiment. In the second embodiment, the client apparatus 40 is the apparatus that directly communicates with the certificate management apparatus 10 and has been described with reference to FIGS. 17 and 18. Similar to the case of the process 11 and the process 12, the communication procedure is only slightly changed. Therefore, detailed description of these processes is omitted.

  Also in the digital certificate management system of the fourth embodiment, the root key update process is performed according to such a procedure, whereby the certificate management apparatus 10 among the apparatuses constituting the client / server system is the client apparatus 40. Even in the case where communication with only the client device is possible, the root key can be updated by automatic control without significantly affecting the authentication processing between the server device 30 and the client device 40, as in the case of the third embodiment. . Therefore, by using such a digital certificate management system, the root key can be updated without preparing a special communication path for updating the root key. The system can be operated at low cost. In addition, there is an effect that management of processing procedures and program design are easy.

[Fifth Embodiment: FIGS. 31 to 35]
Next, a fifth embodiment of the digital certificate management system according to the present invention, comprising a certificate management apparatus which is a digital certificate management apparatus according to the present invention, and a client apparatus and a server apparatus constituting a client / server system. The configuration of the form will be described.
In this digital certificate management system, as shown in FIG. 31, the client / server system is configured by one server device and a plurality of client devices. Since the configurations of the individual certificate management device 10, server device 30, and client device 40 are the same as those in the first embodiment, detailed illustration and description are omitted, but a plurality of client devices 40-1 to 40-n are omitted. Are provided so as to be able to communicate with the server device 30. Communication between the certificate management device 10 and each client device 40 is performed by the server device 30.

  By the way, in this digital certificate management system, information of each node constituting the client / server system is stored in the configuration storage unit 26 of the certificate management apparatus 10 in the format shown in FIG. That is, for each node, the client communicates with the communication partner together with the node ID, whether or not direct communication with the digital certificate management apparatus (CA) 10 is possible, and the ID of each node that is the communication partner of the node. Information indicating whether the server functions as a server, information on the root key used when communicating with the communication partner, and information indicating the update status of the root key certificate and public key certificate at the communication partner Yes. Here, the “communication partner” refers to a partner with which communication is performed after authentication. Although not shown, the root key certificate and public key certificate ID held by each node may be stored together with the expiration date as information of each node.

  As specific information stored in the format shown in FIG. 32, for example, for the server apparatus 30 shown in FIG. 31, information shown in FIG. 33A is stored. That is, “server device 30” is stored as the node ID, and information indicating that is stored because the certificate management device 10 can be directly communicated. And the information of the client apparatuses 40-1 to 40-n is stored as the information of the node as the communication partner. Further, when communicating with each of these devices, the server device 30 functions as a server, so that information is stored, and “root key A” is stored here as information on the root key to be used. The root key A is in a state that needs to be updated, and information to that effect is also stored.

  For each of the client devices 40-1 to 40-n, both the recording forms shown in FIGS. 33B and 33C can be considered. In the figure, a storage example of the client device 40-1 is shown, but “client device 40-1” is stored as the node ID and communicates directly with the certificate management device 10 via the server device 30. Both are common in that the information indicating that the communication is impossible, but the recording form of the information of the node as the communication partner is different.

That is, in the form (b), the fact that the server device 30 and the client device 40-1 can communicate with each other is recorded in (a) as information related to the server device 30, and the server / client distinction is also the same. Since it can be derived from the information, it is not newly stored as information related to the client device 40-1. On the other hand, in the form (c), information that the server device 30 and the client device 40-1 can communicate separately is stored as information related to the client device 40-1.
In the form (b), the storage capacity of information is small, and in the form (c), it is possible to know the communication partner of the node by referring only to the information about the target node. However, whichever form it takes, the information about the communication partner of each node and whether it functions as a client or a server between the communication partners can be stored. A certification key update procedure can be defined.

Next, root key update processing in the digital certificate management system of the fifth embodiment shown in FIG. 31 will be described. This processing is processing according to the fifth embodiment of the digital certificate management method of the present invention.
In this process, the process S and the processes 1 to 6 described in the first embodiment are basically executed in the order shown in the flowchart of FIG. These processes are performed by each CPU of the certificate management device 10, the server device 30, and the client devices 40-1 to 40-n executing a required control program.
However, in this embodiment, since a plurality of client devices 40 are provided, the processing performed on the client device 40 is slightly different accordingly. That is, it is necessary to transmit and store the distribution root key certificate, the new client certificate, and the new root key certificate for each client device 40 individually.

  FIG. 34 shows a processing sequence as processing 3-1 when the public key certificate storage processing of the client device shown in FIG. 9 is performed on the client device 40-1. As can be seen from this figure, the process flow itself is the same as the process shown in FIG. Each process shown in FIG. 34 corresponds to a process in which the last two digits of the step numbers match among the processes shown in FIG. However, the new client public key certificate created in step S531 is for use by the client device 40-1, and in the update request transmission request in step S532, the client device 40-1 is used as the transmission destination of the update request. It is specified.

  Such processing is naturally performed for the other client devices 40-2 to 40-n. However, if the conditions for the execution time are satisfied, a response to the public key certificate storage processing for the first device is returned. There is no problem even if the public key certificate storage processing for the next device is performed before. Further, the server apparatus is configured such that the public key certificate storage processing for a plurality of apparatuses is summarized, and the new client public key certificate corresponding to each apparatus and the transmission destination of each update request are included in one message in step S532. 30 may be transmitted. Even in this case, the processing of steps S533 to S537 is of course performed for each client device. However, the result notification of step S538 may be sent to each client device, but the result notifications from a plurality of devices are 1 You may make it transmit in the form included in one message.

Although the difference regarding the process 3 has been described here, the same point is different from the process of the first embodiment in the process 2 shown in FIG. 8 and the process 6 shown in FIG. Since only one server device 30 is provided, processes 1, 4 and 5 performed on the server device 30 are the same as those in the first embodiment.
In addition, the number “Process 3-1” is given in the sense of a process corresponding to Process 3 for the client device 40-1. The letter shall be used in the same way. For example, the process corresponding to the process 3 for the client apparatus 40-n is the process 3-n, the process corresponding to the process 6 for the client apparatus 40-1 is the process 6-1.

The execution timing of each process in this digital certificate management system is as shown in the flowchart of FIG. That is, when updating the root key, first, the process S shown in FIG. 6 is executed, and then the processes 1 to 6 are executed.
As is clear from the description in FIG. 35, the root key update process in the fifth embodiment is substantially the same as the execution timing in the first embodiment shown in FIG. However, the processings 2, 3 and 6 are slightly different because the processing needs to be performed on each client device.

Specifically, the process 1 and the processes 2-1 to n are started after the process S is completed. Processes 3-1 to n start after completion of the corresponding process among processes 2-1 to n (for example, process 3-1 starts after completion of process 2-1), but after process 1 is also completed It is preferable to start. Process 4 starts after all of process 1 and processes 2-1 to n are completed. Process 5 starts after all of process 1 and processes 3-1 to n are completed. Process 6 starts after completion of the corresponding process and process 4 among processes 2-1 to n. When the processes 3-1 to n, process 4, process 5, and processes 6-1 to n are all completed, the update of the root key and the public key certificate is completed.
As for the processes 2, 4, and 6, the processes for the respective client devices may be performed in an arbitrary order as long as the respective start conditions are satisfied.

In the processing procedure shown in FIG. 35, this embodiment is characterized by first processing 4 (server device public key certificate storage processing) and processing 2 for all client devices 40 (client device root key certificate). This is executed after completion of the document storage process), that is, after a response indicating that the distribution root key certificate has been stored from all the client devices 40 that are communication partners of the server device 30.
As described in the first embodiment, since it is necessary to discard the previous server device 30 when storing the new server public key certificate, the new route is sent to all the client devices 40 as communication partners. This is because if this is performed before the key is stored, the authentication process will be hindered. In other words, if the new root key is stored in all the client devices 40, the authentication process may be hindered even if the previous server public key certificate of the server device 30 is discarded. Absent.

  Further, the processing 3-1 to n (client device public key certificate storage processing) is performed after the processing 1 (server device root key certificate storage processing), that is, for each of the client devices 40-1 to 40-n. It may be executed after receiving a response indicating that the distribution root key certificate has been stored from all the server devices 30 (only one in this case) as communication partners. As described in the first embodiment, when the new client public key certificate is stored in the client device 40 and the new root key is not stored in the server device 30 that is the communication partner, the server device 30 This is because an overhead is generated in communication until the new root key is stored, and the efficiency is deteriorated.

Other points are slightly different with the provision of a plurality of client devices 40, but are generally the same as in the case of the first embodiment. By performing the root key update process in this procedure, As in the case of the embodiment, the root key can be updated by automatic control without greatly affecting the authentication process between the server device 30 and each of the client devices 40-1 to 40-n.
Therefore, by using such a digital certificate management system, it is possible to update the root key without preparing a special communication path for updating the root key. The system can be operated at low cost.

  Here, the process 5 (the root key certificate replacement process of the server apparatus) is performed after the processes 3-1 to n, that is, the new client release from all the client apparatuses 40-1 to 40-n that are the communication partners of the server apparatus 30. It may be executed after a response indicating that the key certificate has been stored. Further, the processing 6-1 to n (client device root key certificate replacement processing) is performed after the processing 4, that is, for all the client devices 40-1 to 40-n, all server devices 30 (here) It may be executed after a response indicating that the new server public key certificate has been stored.

  The update procedure as shown in FIG. 35 is created and managed based on information stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10. The creation of the update procedure is a process related to the update procedure determination method of the present invention. In the case of this embodiment, referring to the information related to the server device 30 that can directly communicate with the certificate management device 10, the server device 30 functions as a server, and the client device 40- It can be seen that there are 1 to n. It can also be seen that the same root key A is used for communication with all nodes, and updating is necessary. Further, referring to the information about each of the client devices 40-1 to 40-n, it can be seen that there are no more nodes in this client / server system, so an update procedure can be created from these information.

  That is, first, the distribution root key certificate is stored in the server device 30 and the client devices 40-1 to 40-n, and when all of these are completed, the new server public key certificate is stored in the server device 30, and so on. In addition, the execution order of the processes necessary for the update may be determined so as to satisfy the conditions shown in FIG. Alternatively, the execution condition of each process is determined such that the execution of the process 4 requires that all of the process 1 and the processes 2-1 to n are completed, and when this is satisfied, the process is started. Even with control, the update procedure can be defined.

[Modification of Fifth Embodiment: FIGS. 36 to 38]
In the fifth embodiment described above, the example in which the root key update process is performed according to the procedure shown in FIG. 35 has been described. This processing procedure defines only the minimum necessary conditions. However, if only these conditions are obeyed, a large amount of information must be managed in determining the execution order of each process and managing the progress of the process. Therefore, the root key update process may be performed according to the procedure shown in FIG. The meanings of the arrows in these figures are the same as those in FIG.

First, in the example illustrated in FIG. 36, the process 1 and the processes 2-1 to n are started after the completion of the process S, and the processes 3-1 to n are started after the completion of all these processes. Process 4 starts after all of processes 3-1 to n are completed. Then, the process 5 and the processes 6-1 to n are started after the process 4 is completed. Then, when all of the processing 5 and the processing 6-1 to n are completed, the update of the root key and the public key certificate is completed.
In this way, it is not necessary to monitor the execution status of process 1 and process 2 when executing process 5 and process 6. This is because, when the process 4 is completed, it is guaranteed from the execution condition of this process that both the process 1 and the process 2 are completed. Further, even when the process 4 is executed, it is only necessary to confirm the completion of the processes 3-1 to n. Therefore, it is possible to simplify the management of the progress of processing.
When determining the execution order of each process, it is necessary to store the new root key certificate for distribution in all nodes and then store the new public key certificate in the order of client device → server device. Since it is good, processing can be simplified and the development cost of an apparatus or a program can be reduced.

In the example shown in FIG. 37, process S, process 1, processes 2-1 to n, processes 3-1 to n, and process 4 are executed in this order. Start after completion of 4. Then, when all of the processing 5 and the processing 6-1 to n are completed, the update of the root key and the public key certificate is completed.
In this way, the processing can be further simplified as compared with the example shown in FIG.
On the other hand, even in the procedure shown in FIG. 36 and FIG. 37, the conditions of the execution order shown in FIG. From the standpoint of maintenance, it has the same effect as the above-described fifth embodiment.

Note that, when the procedure shown in FIG. 37 is followed, the processing performed on the same client device 40 can be collectively performed for the processing 2 and the processing 3. An example of processing in this case is shown in the sequence diagram of FIG. Here, the process when the root key certificate storage process and the public key certificate storage process are collectively performed on the client device 40-1 is indicated as process 2'-1.
In this processing, the certificate management apparatus 10 creates a new client certificate for the client 40-1 in step S621 as in the case of step S531 in FIG. In step S622, the certificate management apparatus 10 sends the server apparatus 30 the distribution root key certificate created in step S102 of the process S shown in FIG. 6 and the new client public key certificate created in step S621. Then, an update request transmission request for transmitting an update request for these to the client device 40-1 is transmitted.

In response to this, the server device 30 transmits these certificates and an update request for them as a response to the communication request (S623) from the client device 40-1 as in the case of steps S122 and S123 of FIG. (S624).
Through these processes, the certificates and the update requests for them are transmitted from the certificate management apparatus 10 to the client apparatus 40-1 via the server apparatus 30, and in the process of step S622, The CPU 11 of the certificate management apparatus 10 functions as a first transmission unit.
Upon receiving this request, the client device 40 confirms the validity of the distribution root key certificate using the previous root key certificate in steps S625 and S626, as in steps S124 and S125 of FIG. If this can be confirmed, the distribution root key certificate is stored in the certificate storage unit 41. At this time, the previous root key certificate is not deleted yet. In these processes, the CPU of the client device 40-1 functions as a second client-side update unit.

Next, in steps S627 and S628, as in steps S135 and S136 in FIG. 9, the validity of the new client public key certificate is confirmed using the distribution root key certificate. The client public key certificate is stored in the certificate storage unit 41. At this time, the previous client public key certificate is not yet deleted. In these processes, the CPU of the client device 40-1 functions as a first client-side update unit.
Thereafter, in step S629, the client device 40-1 returns a result notification to the certificate management device 10 as a response to the update request. This is first transmitted to the server device 30, and the server device 30 in step S630. It transmits to the certificate management apparatus 10.

  As described above, processing 2 and processing 3 are collectively performed for each client device 40, and processing 2 'is performed, so that processing procedure management and program design are easy as in the case of the third embodiment. There is. Here, since the processing on the client device side is not summarized, this effect is smaller than in the case of the seventh embodiment to be described later. However, after the new root key is stored in the server device, the client device 40 discloses the new client. Since the key certificate is stored, communication overhead can be prevented.

[Sixth Embodiment: FIGS. 39 to 42]
Next, a sixth embodiment of the digital certificate management system according to the present invention, comprising a certificate management apparatus which is a digital certificate management apparatus according to the present invention, and a client apparatus and a server apparatus constituting a client / server system. The configuration of the form will be described.
In this digital certificate management system, as shown in FIG. 39, a client / server system is composed of one client device and a plurality of server devices. Since the configuration of each certificate management device 10, server device 30, and client device 40 is the same as that of the second embodiment, a detailed illustration and description are omitted, but a plurality of server devices 30-1 to 30-n. Are provided as communication partners of the client device 40. Communication between the certificate management apparatus 10 and each server apparatus 30 is performed by the client apparatus 40.

When the client / server system is configured as described above, the information of each node constituting the client / server system stored in the configuration storage unit 26 of the certificate management apparatus 10 is as shown in FIG. .
That is, first, information as shown in FIG. 40A is stored for the client device 40. Here, “client device 40” is stored as the node ID, and since it can communicate directly with the certificate management device 10, information to that effect is stored. And the information of server apparatus 30-1-n is each memorize | stored as information of the node used as a communicating party. Further, since the client device 40 functions as a client when communicating with each of these devices, the client device 40 stores that fact, and “root key A” is stored here as information on the root key to be used. The root key A is in a state that needs to be updated, and information to that effect is also stored.

As with each of the server apparatuses 30-1 to 30-n, the recording forms of both (b) and (c) of FIG. In the figure, a storage example of the server device 30-1 is shown, but “server device 30-1” is stored as the node ID and communicates directly with the certificate management device 10 via the client device 40. Information indicating that it is impossible is stored.
Then, the update order control unit 27 of the certificate management apparatus 10 can determine the certification key update procedure with reference to these pieces of information.
In the case of the client device 40, it is conceivable that the root key used for the authentication process is different for each server device of the communication partner. In this case, the update process is performed for each group using the common root key. Shall. That is, by applying the first to eighth embodiments and their modifications including those described later for each group, the update process can be performed independently for each group.

Next, root key update processing in the digital certificate management system of the sixth embodiment shown in FIG. 39 will be described. This process is a process according to the sixth embodiment of the digital certificate management method of the present invention.
In this process, basically, the process S and the processes 11 to 16 described in the second embodiment are executed in the order shown in the flowchart of FIG. These processes are performed by each CPU of the certificate management device 10, the server devices 30-1 to 30-n, and the client device 40 executing a required control program.
However, in this embodiment, since a plurality of server devices 30 are provided, the processing performed on the server device 30 is slightly different accordingly. That is, it is necessary to transmit and store the distribution root key certificate, the new client certificate, and the new root key certificate for each server device 30 individually.

FIG. 41 shows a processing sequence as processing 14-1 when the public key certificate storage processing of the server device shown in FIG. 20 is performed on the server device 30-1. As can be seen from this figure, the process flow itself is the same as the process shown in FIG. Each process shown in FIG. 41 corresponds to a process in which the last two digits of the step numbers match among the processes shown in FIG. However, the new client public key certificate created in step S741 is for use by the server device 30-1. Even in the update request transmission request in step S742, the server device 30-1 is used as the transmission destination of the update request. It is specified.
Thus, the correspondence between the processing 14 shown in FIG. 19 and the processing 14-1 shown in FIG. 41 is the same as the correspondence between the processing 3 and the processing 3-1 described in the fifth embodiment. Other differences when compared with the process 14 are the same as those described for the process 3-1 in the fifth embodiment.

Note that the processing 11 shown in FIG. 17 and the processing 15 shown in FIG. 21 are also different from the second embodiment in the same point. Since only one client device 40 is provided, the processes 12, 13, and 16 performed on the client device 40 are the same as those in the second embodiment.
Further, the number of the process 14-1 is given in the meaning of the process corresponding to the process 14 for the server apparatus 30-1, and in the following description, the number of the process is attached to the code attached to the apparatus. The letter shall be used in the same way.

The execution timing of each process in this digital certificate management system is as shown in the flowchart of FIG. That is, when updating the root key, first, the process S shown in FIG. 6 is executed, and then the processes 11 to 16 are executed.
As is apparent from the description of FIG. 42, the root key update processing in the sixth embodiment is substantially the same as the execution timing in the second embodiment shown in FIG. However, the processings 11, 14, and 15 need to be performed for each server device, and therefore are slightly different.

Specifically, the processes 11-1 to n and the process 12 are started after the process S is completed. The process 13 is started after the completion of the process 12, but is preferably started after the processes 11-1 to 11-n are all completed. Processes 14-1 to 14-n start after completion of the corresponding process among processes 12 and 11-1 to 11-n (for example, process 14-1 starts after completion of process 11-1). The process 15 starts after completion of the corresponding process and the process 13 among the processes 11-1 to 11-n. The process 16 starts after the processes 12 and 14-1 to 14-n are all completed. When the processing 13, the processing 14-1 to n, the processing 15-1 to n, and the processing 16 are all completed, the update of the root key and the public key certificate is completed.
This process is basically different depending on whether the apparatus directly communicating with the certificate management apparatus 10 is the client apparatus 40 and whether a plurality of server apparatuses 30 are provided instead of the client apparatus 40. The steps corresponding to those in the fifth embodiment shown in FIG. 35 are performed in the same order. And the effect by this is the same as that of the case of 5th Embodiment.

  That is, in the digital certificate management system according to the sixth embodiment, the root key update process is performed according to such a procedure, whereby the certificate management apparatus 10 among the apparatuses constituting the client / server system is the client apparatus 40. Even in the case where a plurality of server devices are provided, the root key can be used without greatly affecting the authentication processing between the server device 30 and the client device 40, as in the case of the fifth embodiment. Can be updated automatically. Therefore, by using such a digital certificate management system, the root key can be updated without preparing a special communication path for updating the root key. The system can be operated at low cost.

Further, since there is no portion that needs to wait for a communication request in the route key update processing procedure, the processing can be advanced promptly and completed in a short period of time, as in the case of the second embodiment.
In addition, the same modification as that of the fifth embodiment can be applied to the sixth embodiment.

[Seventh embodiment: FIG. 43]
Next, a seventh embodiment of the digital certificate management system according to the present invention, comprising a certificate management apparatus which is a digital certificate management apparatus according to the present invention, and a client apparatus and a server apparatus constituting a client / server system. The configuration of the form will be described.
This digital certificate management system differs from the digital certificate management system of the fifth embodiment only in the contents of the root key update process, and the configuration of the apparatus is the same as that of the fifth embodiment, so that the description thereof will be given. Is omitted.

The root key update operation in this digital certificate management system is an operation according to the seventh embodiment of the digital certificate management method of the present invention. In this process, the process T shown in FIG. 24 and the processes 21 to 23 shown in FIGS. 25 to 27 described in the third embodiment are basically executed in this order. These processes are performed by each CPU of the certificate management device 10, the server device 30, and the client devices 40-1 to 40-n executing a required control program.
However, in this embodiment, since a plurality of client devices 40 are provided, the processing performed on the client device 40 is slightly different accordingly. That is, as in the case of the fifth embodiment, it is necessary to transmit and store a distribution root key certificate, a new client certificate, and a new root key certificate for each client device 40 individually. It is.

  Specifically, the process 21 shown in FIG. 25 and the process 23 shown in FIG. 27 are performed for each client device. The process change contents and process designations associated therewith are the same as the correspondence relationship between the process 3 and the process 3-1 described in the fifth embodiment, and are not shown. For example, in the process 21-1 The new client public key certificate created in the process corresponding to step S311 of the process 21 shown in FIG. 25 is for use by the client device 40-1, and also in the update request transmission request in the process corresponding to step S312. The client apparatus 40-1 is designated as the update request transmission destination.

In the root key update process, each process is performed at the timing shown in the flowchart of FIG.
That is, the process T is started first, and after the completion, the processes 21-1 to 21-n are started in an arbitrary order. After all these are completed, the process 22 is started, and after the completion, the processes 23-1 to 23-n are started in an arbitrary order. Then, when all of these are completed, the update of the root key and the public key certificate is completed.

Such an update procedure is created and managed based on information stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10. The creation of the update procedure is a process related to the update procedure determination method of the present invention. In the case of this embodiment, referring to the information about each node, it can be seen that the nodes functioning as clients in the client / server system are the client devices 40-1 to 40-n. After the completion, an update procedure may be determined so as to perform an update process for the server device 30 functioning as a server. Then, after the update process on the server side is completed, the old key discard process on the client side may be performed.
By performing the update process according to the above procedure, a part of communication overhead occurs as in the case of the third embodiment. However, compared to the case of the fifth embodiment, the management of the process procedure and the program are performed. There is an effect that the design is easy. This effect becomes more significant when the number of nodes to update the root key certificate is large, and this embodiment is effective.

[Eighth embodiment: FIG. 44]
Next, an eighth embodiment of the digital certificate management system according to the present invention, comprising a certificate management apparatus which is a digital certificate management apparatus according to the present invention, and a client apparatus and a server apparatus constituting a client / server system. The configuration of the form will be described.
This digital certificate management system is different from the digital certificate management system of the sixth embodiment only in the contents of the root key update processing, and the configuration of the apparatus is the same as that of the sixth embodiment, so that Is omitted.

The root key update operation in this digital certificate management system is an operation according to the eighth embodiment of the digital certificate management method of the present invention. In this process, the process T and the processes 31 to 33 described in the fourth embodiment are basically executed in this order. These processes are performed by each CPU of the certificate management device 10, the server devices 30-1 to 30-n, and the client device 40 executing a required control program.
However, in this embodiment, since a plurality of server devices 30 are provided, the processing performed on the server device 30 is slightly different accordingly. That is, as in the case of the sixth embodiment, it is necessary to transmit and store the distribution root key certificate, the new client certificate, and the new root key certificate for each server device 30 individually. It is.

Specifically, the process 32 shown in FIG. 29 is performed for each server device. The process change contents and process designations associated therewith are the same as the correspondence relationship between the process 14 and the process 14-1 described in the sixth embodiment, and are not shown. For example, in the process 32-1, The new server public key certificate created in the process corresponding to step S420 of the process 32 shown in FIG. 29 is for use by the server device 30-1, and even in the update request transmission request in the process corresponding to step S421. The server apparatus 30-1 is designated as the update request transmission destination.
In the root key update process, each process is performed at the timing shown in the flowchart of FIG.
That is, the process T is started first, and the process 31 is started after the process T is completed. Then, after this process is completed, the processes 22-1 to 2-n are started in an arbitrary order, and after all the processes are completed, the process 23 is started. When this processing is completed, the update of the root key and public key certificate is completed.

Such an update procedure is created and managed based on information stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10. The creation of the update procedure is a process related to the update procedure determination method of the present invention. In the case of this embodiment, referring to the information about each node, it can be seen that the node functioning as a client in the client / server system is the client device 40. What is necessary is just to define an update procedure so that the update process about server apparatus 30-1-n which functions as a server which is a communication partner of the client apparatus 40 may be performed. Then, after all the update processing on the server side is completed, the old key discard processing on the client side may be performed.
By performing the update process according to the above procedure, some communication overhead occurs as in the case of the fourth embodiment. However, compared to the case of the sixth embodiment, the management of the process procedure and the program There is an effect that the design is easy. This effect becomes more significant when the number of nodes to update the root key certificate is large, and this embodiment is effective.

[Modifications of Fifth to Eighth Embodiments: FIGS. 45 to 48]
In the fifth to eighth embodiments described above, an example in which a client / server system is configured by one node that directly communicates with the certificate management apparatus 10 and a plurality of nodes that are communication partners of the node has been described. . However, in the present invention, as shown in FIGS. 45 and 46, a plurality of servers and clients constituting the client / server system are provided, and among these nodes, a plurality of nodes communicate directly with the certificate management apparatus 10. It can also be applied when possible.
Here, a procedure for updating the root key in such a case will be described. In the client / server system shown in FIG. 45 or 46, it is assumed that the same root key is used for the authentication processing between the nodes.

First, FIG. 45 shows an example in which a plurality of server devices 30 capable of directly communicating with the certificate management device 10 are provided, but all the client devices 40 have only one server device 30 as a communication partner. ing. In such a case, the update processing can be performed assuming that there is a separate client / server system for each server device.
That is, in the example shown in FIG. 45, the client / server system is configured by the server device 30-1 and the client devices 40-1 to 40-3, and the server device 30-2 and the client devices 40-4 to 5 are configured. The root key update process may be performed independently for the client / server system. Since authentication processing across systems is not performed, even in this case, if update processing is performed for each client / server system according to the update procedure described in the fifth or seventh embodiment. It is possible to update the root key without causing any significant trouble in the authentication process between the nodes.

  FIG. 46 shows an example in which there is a client device (client device 40-3) having a plurality of server devices as communication partners. In such a case, it is necessary to perform the update process on the assumption that a single client / server system is configured by all nodes. However, even in such a case, the process of storing the new server certificate in each server device is performed after storing the new root key for all the client devices that are communication partners of the server device. What should be done is the same as in the fifth and seventh embodiments.

FIG. 47 shows the start conditions for each process necessary for the update process in this example. In this figure, the meaning of each arrow and process number is the same as in the case of FIG. 35 used in the description of the fifth embodiment. As the configuration of the client / server system becomes complicated, the contents of the start condition also become considerably complicated as compared with FIG. However, for example, the process 4-1 which is a public key certificate storage process for the server apparatus 30-1 is a root key certificate for the server apparatus 30-1 itself and the client apparatuses 40-1 to 40-3 as communication partners. The start condition of each process is based on the same rule as that in the case of FIG. 35, such as starting after the process 1-1 and the processes 2-1 to 3 being the storage process are completed. The process 3-3, which is a public key certificate storage process for the client apparatus 40-3, is a root key certificate storage process for the server apparatus 40-3 itself and the server apparatuses 30-1 and 30-2 that are communication partners. It can be derived from the same rule as in the case of FIG. 35 that the process 2-3 and the processes 1-1 and 2 may be started after all the processes are completed.
However, since it is not originally assumed that authentication processing will not succeed for nodes that do not communicate with each other, such as the server device 30-1 and the client device 40-4, the mutual certificate storage status is appropriate. It is not necessary to maintain a simple relationship, and it is not always necessary to manage the processing order.

Also, as in the case of the seventh embodiment, when the root key certificate and the public key certificate are stored together in each node, the start condition of each process is as shown in FIG. This figure corresponds to FIG. 43, and such a processing procedure is similar to the case of FIG. 43, in which the update process for the server apparatus is performed for all client apparatuses that are communication partners of the server apparatus. It can be determined according to the condition of starting after completion.
47 and 48 are stored in the configuration storage unit 26 by the update order control unit 27 of the certificate management apparatus 10 as in the case of the fifth or seventh embodiment. Create and manage based on information. 46, even if the configuration of the client / server system is as shown in FIG. 46, the communication partner of each node and its function are grasped by referring to the information related to each node stored in the configuration storage unit 26. Therefore, an update procedure can be created based on that.

Here, when creating an update procedure, a request to a node that can communicate with a plurality of server devices 30 such as the client device 40-3 may be made via either server device 30.
In the modification described here, the example in which the node capable of directly communicating with the certificate management apparatus 10 is the server apparatus has been described. However, the same modification can be applied even if this is a client apparatus. In this case, the above-described modification is applied to the sixth or eighth embodiment.

[Another modification of each embodiment described above: FIG. 49]
In the embodiment described above, an example in which the client apparatus 40 and the server apparatus 30 perform the authentication process by SSL as described with reference to FIGS. 4 and 5 has been described. However, the present invention is effective even if the authentication processing is not necessarily such.
TLS (Transport Layer Security) improved from SSL is also known, but it is naturally applicable to the case where authentication processing based on this protocol is performed.

  In the above-described embodiment, the example in which the certificate management apparatus 10 is provided separately from the server apparatus 30 or the client apparatus 40 has been described. However, the provision of the certificate management apparatus 10 integrally with the server apparatus 30 or the client apparatus 40 is not prevented. In this case, components such as a CPU, ROM, and RAM for realizing the function of the certificate management apparatus 10 may be provided independently. However, as hardware resources, the CPU, ROM, and client of the server apparatus 30 or the client apparatus 40 are used. You may make it function as the certificate management apparatus 10 by using RAM etc. and making the CPU execute appropriate software.

In such a case, for the communication between the certificate management apparatus 10 and the server apparatus 30 or the client apparatus 40 integrated therewith, a process for causing hardware to function as the certificate management apparatus 10; In addition, inter-process communication with a process for causing hardware to function as the server device 30 or the client device 40 is included.
Further, in each of the above-described embodiments, the certificate management device 10 has created an example of creating a certificate key or a digital certificate and acquiring the certificate key. However, the certificate key creating unit 21 illustrated in FIGS. And the function of the certificate issuing unit 22 may be provided in a device different from the certificate management device 10 so that the certificate management device 10 obtains the certificate key and the digital certificate received from the device. Good.

  The certificate management device 10 may be configured to be able to directly communicate with both the server device 30 and the client device 40. In this case, the communication sequences shown in FIG. 7 to FIG. 12 and the like differ depending on the fact that direct communication with both apparatuses is possible, but the processing order is the same as in the above-described embodiments. It is. Even if it does in this way, the effect of each embodiment mentioned above can be acquired.

Further, as described above, in the second and fourth embodiments, when performing communication between the certificate management apparatus 10 and the client apparatus 40, authentication processing by SSL can be performed. .
In order to do this, as shown in FIG. 49, the client device 40 has a client private key, a client public key certificate, and a root key certificate used for authentication processing with the server device 30 (as described in the embodiment). Separately, another set of private key, public key certificate and root key certificate ("second client private key", "second client public key certificate" and "second root key certificate") May be stored and used for authentication processing with the certificate management apparatus 10.

In this case, the certificate management apparatus 10 also stores the management apparatus private key, the management apparatus public key certificate, and the second root key certificate, and uses them for the authentication process. The contents of the second client public key certificate and the management apparatus public key certificate can be confirmed by the second root key included in the second root key certificate. That is, the digital signature is attached using the root private key (second root private key) corresponding to the second root key.
In this way, the authentication process between the certificate management apparatus 10 and the client apparatus 40 and the authentication process between the client apparatus 40 and the server apparatus 30 can be performed completely independently.

As described with reference to FIG. 16, the client device 40 in the second and fourth embodiments uses the server function unit 44 for communication with the certificate management device 10 and the client function unit 43 for communication with the server device 30. Is performed via the communication function unit 42. Accordingly, the communication requested from the certificate management apparatus 10 and the communication requested from the server apparatus 30 can be clearly distinguished, so that authentication processing using different keys and certificates is performed between them. Can be done.
In such a case, even if the root key certificate or public key certificate used for the authentication process between the client device 40 and the server device 30 is updated in response to a request from the certificate management device 10, the certificate management There is no effect on the authentication process between the device 10 and the client device 40.

As described above, if the update process is performed according to the procedure described in each embodiment, the update process can be performed without greatly affecting the authentication process between the client apparatus 40 and the server apparatus 30. It can be said that the root key can be updated while maintaining the authentication process between the nodes by adopting the configuration shown in FIG.
When the second root key certificate is to be updated, update processing may be performed according to the procedure of any of the above-described embodiments using the certificate management apparatus 10 as a client and the client apparatus 40 as a server. Even if such update processing is performed, there is no influence on the authentication processing between the client device 40 and the server device 30.
Even in the case where a plurality of server devices 30 are provided as in the sixth and eighth embodiments, the same measures can be taken.

In each of the above-described embodiments, the root key certificate and the public key certificate stored in both the client device 40 and the server device 30 that are necessary when the client device 40 and the server device 30 perform mutual authentication. An example of updating a document was explained. However, as described with reference to FIG. 5 , if the client device 40 only needs to authenticate the server device 30, the client device 40 stores the public key certificate and the server device 30 stores the root key certificate. That's enough. Therefore, it is sufficient to update only these.
Therefore, for example, the update process of the root key certificate shown in the first embodiment can be simplified as follows. 52, the root key certificate creation process (process S) shown in FIG. 6, the root key certificate storage process (process 2) of the client apparatus shown in FIG. 8, and the server apparatus shown in FIG. The public key certificate storage process (process 24) and the root key certificate rewrite process (process 26) of the client apparatus shown in FIG. 51 may be executed in this order.

In these processes, the process 24 corresponds to the process 4 shown in FIG. 10. However, when the root key certificate is not stored in the server apparatus 30, the process 24 receives from the certificate management apparatus 10 in step S 144. The new server public key certificate is trusted and the previous server public key certificate is replaced as it is. Also, the distribution root key certificate may be transmitted in step S142 ′, and the validity of the new server public key certificate may be confirmed using this (S143). In this case, if the same root key certificate as that on the client device 40 side is stored on the server device 30 side, the validity of the distribution root key certificate can be confirmed using the same. it can.
The process 26 corresponds to the process 6 shown in FIG. 12, and since the public key certificate is not updated on the client device 40 side, the process of discarding the public key certificate from step S166 ′ is excluded. The only difference is the processing 6.

Even in the above processing, the operation of transmitting the new server public key certificate to the server device 30 is performed after receiving the information indicating that the new root key certificate has been received from the client device 40. Absent. By doing this, as in the case of the first embodiment, the root key is updated by automatic control without greatly affecting the authentication process between the server device 30 and the client device 40. Can do.
It goes without saying that such modifications can be similarly applied to the other embodiments.
Of course, the techniques described in the above embodiments and modifications may be used in combination.

  In addition, the program according to the present invention allows each function (configuration storage means, update order control means, certification key update) to a computer capable of communicating directly or indirectly with a plurality of devices constituting a client / server system via a network. Means, first transmission means, second transmission means, functions as other means), and the above-described effects can be obtained by causing a computer to execute such a program. Can do.

Such a program may be stored in a storage means such as a ROM or HDD provided in the computer from the beginning, but a non-volatile recording such as a CD-ROM or flexible disk, SRAM, EEPROM, memory card or the like as a recording medium. It can also be recorded on a medium (memory) and provided. Each procedure described above can be executed by installing a program recorded in the memory in a computer and causing the CPU to execute the program, or causing the CPU to read and execute the program from the memory.
Furthermore, it is also possible to download and execute an external device that is connected to a network and includes a recording medium that records the program, or an external device that stores the program in the storage unit.

As described above, according to the digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method, and program of the present invention, the validity of the digital certificate can be determined by the authentication process in the client / server system. The public key for authentication used for confirming the security can be updated safely without providing a special communication path for updating.
Therefore, by applying the present invention to management of a certificate used for authentication processing in a client / server system, a system capable of updating the authentication public key safely can be provided at low cost.

It is a block diagram which shows the hardware constitutions of the certificate management apparatus which is embodiment of the digital certificate management apparatus of this invention. It is a functional block diagram which shows the function structure of the part used as the characteristic of each apparatus which comprises 1st Embodiment of the digital certificate management system of this invention. It is a conceptual diagram which shows the data transmission / reception model in the digital certificate management system shown in FIG. It is a figure which shows the flowchart of the process performed in each apparatus at the time of a client apparatus and a server apparatus performing mutual authentication by SSL with the information used for the process. It is a figure which shows the flowchart of the process performed in each apparatus at the time of a client apparatus and a server apparatus performing one-way authentication by SSL with the information used for the process. It is a sequence diagram which shows a root key certificate production process among the root key update processes in the digital certificate management system shown in FIG. It is a sequence diagram which similarly shows the root key certificate storage process of a server apparatus. It is a sequence diagram which similarly shows the root key certificate storage process of the client device. It is a sequence diagram which similarly shows the public key certificate memory | storage process of a client apparatus. It is a sequence diagram which similarly shows the public key certificate storage process of a server apparatus.

It is a sequence diagram which similarly shows the root key certificate rewriting process of a server apparatus. It is a sequence diagram which similarly shows the root key certificate rewriting process of a client apparatus. 13 is a flowchart showing the execution order of each process shown in the sequence diagrams of FIGS. 6 to 12 in the root key update process of the first embodiment. It is a figure which shows the modification of the sequence shown in FIG. It is a figure which shows the modification of the sequence shown in FIG. It is a functional block diagram which shows the function structure of the part used as the characteristic of each apparatus which comprises 2nd Embodiment of the digital certificate management system of this invention. FIG. 17 is a sequence diagram showing a root key certificate storage process of the server device in the root key update process in the digital certificate management system shown in FIG. 16. It is a sequence diagram which similarly shows the root key certificate storage process of the client device. It is a sequence diagram which similarly shows the public key certificate memory | storage process of a client apparatus. It is a sequence diagram which similarly shows the public key certificate storage process of a server apparatus.

It is a sequence diagram which similarly shows the root key certificate rewriting process of a server apparatus. It is a sequence diagram which similarly shows the root key certificate rewriting process of a client apparatus. FIG. 23 is a flowchart showing the execution order of each process shown in the sequence diagrams of FIGS. 6 and 17 to 22 in the root key update process of the second embodiment. It is a sequence diagram which shows a part of root key update process in 3rd Embodiment of the digital certificate management system of this invention. FIG. 25 is a sequence diagram illustrating processing subsequent to FIG. 24. FIG. 26 is a sequence diagram illustrating processing subsequent to FIG. 25. FIG. 27 is a sequence diagram illustrating processing subsequent to FIG. 26. FIG. 25 is a sequence diagram showing a continuation process of FIG. 24 in the route key update process in the fourth embodiment of the digital certificate management system of the invention. FIG. 29 is a sequence diagram illustrating processing subsequent to FIG. 28. FIG. 30 is a sequence diagram illustrating processing subsequent to FIG. 29.

It is a block diagram which shows the relationship of each apparatus which comprises 5th Embodiment of the digital certificate management system of this invention. It is a figure which shows the example of the storage format of the information of each node memorize | stored in the structure memory | storage part 26 shown in FIG. FIG. 33 is a diagram illustrating a description example when information is described in the format illustrated in FIG. 32 for the server device 30 and the client device 40-1 illustrated in FIG. 31. It is a figure for demonstrating the changed point in the case of applying the process demonstrated in 1st Embodiment to 5th Embodiment. It is a flowchart corresponding to FIG. 13 which shows the execution order of each process in the root key update process of 5th Embodiment. It is a flowchart which shows the execution order of each process in the root key update process of the modification. It is a flowchart which shows the execution order of each process in the root key update process of the another modification. FIG. 38 is a sequence diagram showing processing when the root key certificate storage processing and the public key certificate storage processing of the client device are collectively performed in the processing shown in FIG. 37. It is a block diagram which shows the relationship of each apparatus which comprises 6th Embodiment of the digital certificate management system of this invention. It is a figure which shows the example of description at the time of describing information in the format shown in FIG. 32 about the client apparatus 40 and server apparatus 30-1 shown in FIG.

It is a figure for demonstrating the changed point in the case of applying the process demonstrated in 2nd Embodiment to 6th Embodiment. It is a flowchart corresponding to FIG. 23 which shows the execution order of each process in the root key update process of 6th Embodiment. It is a flowchart which shows the execution order of each process in the root key update process of 7th Embodiment. It is a flowchart which shows the execution order of each process in the root key update process of 8th Embodiment. It is a block diagram which shows the relationship of each apparatus which comprises the modification applied to 5th thru | or 8th embodiment of the digital certificate management system of this invention. It is a block diagram which shows the relationship of each apparatus which comprises the another modification. FIG. 47 is a diagram showing start conditions for each process constituting the route key update process in the digital certificate management system having the configuration shown in FIG. 46. Similarly, it is a figure which shows the start conditions of each process in the case where a root key certificate and a public key certificate are stored together in each node. It is a figure for demonstrating the storage state of a key and a certificate in another modification, and the root key update process in that case. It is a sequence diagram which shows the public key certificate storage process of the server apparatus in the modification of each embodiment. It is a sequence diagram which similarly shows the root key certificate rewriting process of a client apparatus. It is a flowchart which similarly shows the execution order of each process. FIG. 5 is a diagram for explaining a relationship among a root key, a root private key, and a server public key in the authentication process illustrated in FIG. 4.

Explanation of symbols

10: Certificate management device 11: CPU
12: ROM 13: RAM
14: HDD 15: Communication I / F
16: System bus 21: Certificate key generation unit 22: Certificate issuing unit 23: Certificate management unit 24: Certificate update unit 25, 32, 42: Communication function unit 30: Server device 31, 41: Certificate storage unit 33, 44: Server function unit 40: Client device 43: Client function unit

Claims (33)

One or a plurality of clients and one or a plurality of servers are provided, authentication is performed using a digital certificate between each client and each server, and communication is performed using a communication path established along with the authentication. A digital certificate management system comprising: a client / server system; and a digital certificate management apparatus capable of communicating with each of the clients and the servers,
In the digital certificate management device,
A certification key update means for updating a certification key for confirming the validity of the digital certificate used by each server for the authentication;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the authentication, the validity of which can be confirmed using the new certification key;
First transmitting means for transmitting the new certification key to each client;
Second transmission means for transmitting a new server certificate, which is a new digital certificate for each server, to the corresponding server, respectively.
The update order control means indicates that the second transmission means has received the new certification key from all the clients that are communication partners of the server, the operation of transmitting the new server certificate to the respective servers. A digital certificate management system, characterized in that it is means for controlling the update procedure to be performed after receiving information. The digital certificate management system according to claim 1,
In the certification key update means of the digital certificate management device,
Provided means for obtaining a certification key certificate including a new certification key, which is a digital certificate whose validity can be confirmed using a conventional certification key;
The first transmission means is means for transmitting the new certification key to each client in the form of the certification key certificate;
For each of the clients,
When the certification key certificate is received from the digital certificate management device, the validity of the received certification key certificate is confirmed using the previous certification key, and the certification key included therein is appropriate. A digital certificate management system comprising means for storing the certification key when it is determined that The digital certificate management system according to claim 1,
In the certification key update means of the digital certificate management device,
Means for obtaining a first certification key certificate that is a digital certificate that can be validated using a conventional certification key and includes the new certification key;
Means for obtaining a second certification key certificate that is a digital certificate that can be validated using the new certification key and includes the new certification key;
The first transmission means is means for transmitting the new certification key to each of the clients in the form of the first and second certification key certificates,
For each of the clients,
When the first certificate key certificate is received from the digital certificate management apparatus, the validity of the certificate is confirmed using a conventional certificate key, and when it is determined that the certificate is appropriate Means for storing the certificate;
When the second certificate key certificate is received from the digital certificate management device, the validity of the certificate is confirmed using the new certificate key included in the first certificate key certificate, Means for storing the certificate and deleting the previous certification key certificate and the first certification key certificate when it is determined that the second certification key certificate is appropriate;
The update order control means of the digital certificate management apparatus has an operation in which the first transmission means transmits the second certification key certificate to each of the clients. A digital certificate management system, characterized in that it is a means for performing control after receiving information indicating that the new server certificate has been received from a server. One or a plurality of clients and one or a plurality of servers are provided, mutual authentication is performed between each client and each server using a digital certificate, and communication is performed using a communication path established with the authentication. A digital certificate management system comprising: a client / server system; and a digital certificate management apparatus capable of communicating with each of the clients and the servers,
In the digital certificate management device,
A certification key update means for updating a certification key for confirming the validity of the digital certificate used by each client and each server for the mutual authentication;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Providing a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means indicates that the second transmission means has received the new certification key from all the clients that are communication partners of the server, the operation of transmitting the new server certificate to the respective servers. An operation is performed after receiving the information, and the first transmitting means transmits the new client certificate to each of the clients. The new certification key is received from all the servers with which the client communicates. A digital certificate management system, characterized in that it is means for controlling the update procedure so as to be performed after receiving information to that effect. One or a plurality of clients and one or a plurality of servers are provided, mutual authentication is performed between each client and each server using a digital certificate, and communication is performed using a communication path established with the authentication. A digital certificate management system comprising: a client / server system; and a digital certificate management apparatus capable of communicating with each of the clients and the servers,
In the digital certificate management device,
A certification key update means for updating a certification key for confirming the validity of the digital certificate used by each client and each server for the mutual authentication;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Providing a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means, the first transmission means simultaneously transmits the new client certificate and the new certification key to the respective clients, and the second transmission means transmits the respective servers to the respective servers. The update procedure is controlled so that the new server certificate and the new certificate key are transmitted at the same time after receiving the information indicating that the new certificate key has been received from all the clients that are communication partners of the server. A digital certificate management system characterized by being a means. Each server is provided with means for mediating communication between the digital certificate management device and at least one of the clients,
The digital certificate management device and each client communicate via any of the servers,
The server sends a new certificate key and / or a new client certificate that the first sending means of the digital certificate management apparatus sends to the client, and a previous digital certificate with the destination client. The digital certificate management system according to any one of claims 1 to 5, wherein the authentication used is transmitted to the client of the transmission destination through a communication path established along with the authentication. Each client is provided with means for mediating communication between the digital certificate management device and at least one of the servers,
The digital certificate management device and each server communicate via any one of the clients,
The client sends a new certificate key and / or a new server certificate that the second sending means of the digital certificate management apparatus sends to the server, and a previous digital certificate with the destination server. The digital certificate management system according to any one of claims 1 to 5, wherein the authentication used is transmitted to the destination server via a communication path established along with the authentication. The digital certificate management system according to any one of claims 1 to 7,
Authentication performed by the client and the server is authentication according to SSL or TLS protocol,
The digital certificate management system, wherein the server certificate is a public key certificate of the corresponding server. A digital certificate management apparatus capable of communicating with one or more clients and one or more servers constituting a client-server system,
A certification key update means for updating a certification key for confirming the validity of the digital certificate used by the server for authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the authentication, the validity of which can be confirmed using the new certification key;
First transmitting means for transmitting the new certification key to each client;
Second transmission means for transmitting a new server certificate, which is a new digital certificate for each server, to the corresponding server, respectively.
The update order control means has received the new certification key from all the clients that are communication partners of the server, the second sending means transmitting the new server certificate to the respective servers. A digital certificate management apparatus, characterized in that it is means for controlling the update procedure so as to be performed after receiving information to that effect. The digital certificate management apparatus according to claim 9, wherein
The certification key update means is provided with means for obtaining a certification key certificate including the new certification key, which is a digital certificate whose validity can be confirmed using a conventional certification key,
The digital certificate management apparatus, wherein the first transmitting means is means for transmitting the new certification key to each client in the form of the certification key certificate. The digital certificate management apparatus according to claim 9, wherein
In the certification key update means,
Means for obtaining a first certification key certificate that is a digital certificate that can be validated using a conventional certification key and includes the new certification key;
Means for obtaining a second certification key certificate that is a digital certificate that can be validated using the new certification key and includes the new certification key;
The first transmission means is means for transmitting the new certification key in the form of the first and second certification key certificates to each of the clients, and sends the second certification key to each of the clients. Means for deleting the previous certification key certificate and the first certification key certificate when storing the certificate;
The update order control means performs the operation in which the first transmission means transmits the second certification key certificate to each of the clients, at least from all servers that are communication partners of the client, the new server certificate A digital certificate management apparatus, characterized in that it is means for controlling the update procedure so as to be performed after receiving information indicating that the message has been received. A digital certificate management apparatus capable of communicating with one or more clients and one or more servers constituting a client-server system,
Certificate key update means for updating a certificate key for confirming the validity of a digital certificate used for mutual authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Providing a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means has received the new certification key from all the clients that are communication partners of the server, the second sending means transmitting the new server certificate to the respective servers. The first transmission means performs the operation of transmitting the new client certificate to each of the clients after receiving the information indicating that the new certification key is received from all the servers that are communication partners of the client. A digital certificate management apparatus, characterized in that it is means for controlling the update procedure so as to be performed after receiving information indicating that it has been received. A digital certificate management apparatus capable of communicating with one or more clients and one or more servers constituting a client-server system,
Certificate key update means for updating a certificate key for confirming the validity of a digital certificate used for mutual authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. Update order control means for controlling the update procedure of
In the certification key update means,
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Providing a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means, the first transmission means simultaneously transmits the new client certificate and the new certification key to the respective clients, and the second transmission means transmits the respective servers to the respective servers. The update procedure is controlled so that the new server certificate and the new certificate key are transmitted at the same time after receiving the information indicating that the new certificate key has been received from all the clients that are communication partners of the server. A digital certificate management apparatus characterized by being a means. Communicate with each of the clients via any of the servers,
The server authenticates the new certificate key and / or new client certificate transmitted by the first transmission unit to the client with a destination client using a conventional digital certificate, The digital certificate management apparatus according to any one of claims 9 to 13, wherein the digital certificate management apparatus is a server that transmits to a destination client through a communication path established along with the authentication. Communicate with each of the servers via any of the clients,
The client authenticates the new certificate key and / or new server certificate transmitted to the server by the second transmitting means with the previous digital certificate with the destination server, 14. The digital certificate management apparatus according to claim 9, wherein the digital certificate management apparatus is a client that transmits to a destination server through a communication path established along with the authentication. The digital certificate management device according to any one of claims 9 to 15,
The authentication is authentication according to a protocol of SSL or TLS,
The digital certificate management apparatus, wherein the server certificate is a public key certificate of the corresponding server. A digital certificate used by each server for authentication when establishing communication between one or more clients and one or more servers constituting a client / server system communicates with each client and each server A digital certificate management method managed by a possible digital certificate management device,
The digital certificate management device is
For each node constituting the client / server system, each server is in accordance with an update procedure determined based on information of a communication partner of the node and whether the node functions as a client or a server. Update the certification key for confirming the validity of the digital certificate used for authentication,
Update the certification key
A procedure for obtaining a new certification key for renewal;
A procedure for obtaining a new digital certificate for use in the authentication, which can be validated using the new certification key;
Sending the new certification key to each client;
Performing a procedure of transmitting a new server certificate that is a new digital certificate for each of the servers to the corresponding server,
The update procedure is defined so that the procedure for transmitting the new server certificate to each of the servers is performed after receiving information indicating that the new certification key has been received from all clients that are communication partners of the server. Digital certificate management method. A digital certificate management method according to claim 17, comprising:
When updating the certification key,
Further executing a procedure of obtaining a certification key certificate including the new certification key, which is a digital certificate whose validity can be confirmed using a conventional certification key;
In the procedure of transmitting the new certification key to the clients, the new certification key is transmitted in the format of the certification key certificate,
When transmitting the certification key certificate to each client, the validity of the certification key certificate is confirmed using the stored previous certification key, and the certification key contained therein is appropriate. A digital certificate management method, comprising: storing a certification key when it is determined that the certification key exists. A digital certificate management method according to claim 17, comprising:
When updating the certification key,
Obtaining a first certification key certificate that is a digital certificate that can be validated using a previous certification key and includes the new certification key;
A digital certificate that can be validated using the new certification key and obtaining a second certification key certificate that includes the new certification key; and
In the procedure of transmitting the new certification key to each of the clients, the new certification key is transmitted in the form of the first and second certification key certificates, respectively.
After receiving the information indicating that the new server certificate has been received from at least all the servers that are communication partners of the client, the updating procedure is a procedure for transmitting the second certification key certificate to each of the clients. Decided to do,
When sending the first certification key certificate to each of the clients, the validity of the certificate is confirmed using a conventional certification key, and when it is determined that the certificate is appropriate, the certificate is Remember,
When transmitting the second certification key certificate to each of the clients, the validity of the certificate is confirmed using the new certification key included in the first certification key certificate, and the second certification key certificate is confirmed. Digital certificate management characterized in that when it is determined that the certification key certificate is appropriate, the certificate is stored and the previous certification key certificate and the first certification key certificate are deleted. Method. A digital certificate used for mutual authentication when establishing communication between one or a plurality of clients and one or a plurality of servers constituting a client / server system. A digital certificate management method managed by a certificate management device,
The digital certificate management device is
For each node constituting the client / server system, the communication partner of the node and the information on whether to function as either a client or a server between the communication partner and each client and Updating a certification key for confirming the validity of the digital certificate used by each server for the mutual authentication;
Update the certification key
A procedure for obtaining a new certification key for renewal;
A procedure for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
Transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Performing a new server certificate, which is a new digital certificate for each server, and a procedure for transmitting the new certification key to the corresponding server.
The update procedure is performed after receiving the information indicating that the new certification key has been received from all the clients that are communication partners of the server, and the procedure of transmitting the new server certificate to each of the servers, and The digital certificate is defined such that the procedure for transmitting the new client certificate to the client is received after receiving the information indicating that the new certification key has been received from all the servers with which the client communicates. Management method. A digital certificate used for mutual authentication when establishing communication between one or a plurality of clients and one or a plurality of servers constituting a client / server system. A digital certificate management method managed by a certificate management device,
The digital certificate management device is
For each node constituting the client / server system, the communication partner of the node and the information on whether to function as either a client or a server between the communication partner and each client and Updating a certification key for confirming the validity of the digital certificate used by each server for the mutual authentication;
Update the certification key
A procedure for obtaining a new certification key for renewal;
A procedure for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
Transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Performing a new server certificate, which is a new digital certificate for each server, and a procedure for transmitting the new certification key to the corresponding server.
The renewal procedure is determined so that the new client certificate and the new certification key are transmitted to the clients at the same time. A digital certificate management method characterized in that after receiving information indicating that a new certification key has been received, the new server certificate and the new certification key are transmitted simultaneously. The digital certificate management device and each client communicate via any of the servers,
Previously, the server sends a new certificate key and / or a new client certificate that the digital certificate management apparatus transmits to the client in the second and / or third procedure with the destination client. The digital certificate according to any one of claims 17 to 21, wherein authentication using the digital certificate is performed, and the data is transmitted to the destination client through a communication path established along with the authentication. Certificate management method. The digital certificate management device and each server communicate via any one of the clients,
Previously, the client sends a new certificate key and / or a new server certificate that the digital certificate management apparatus transmits to the server in the first and / or fourth procedure with the destination server. The digital data according to any one of claims 17 to 21, wherein authentication using the digital certificate is performed and transmitted to the destination server through a communication path established along with the authentication. Certificate management method. A digital certificate management method according to any one of claims 17 to 23, comprising:
The authentication between the client and the server is an authentication according to an SSL or TLS protocol,
A digital certificate management method, wherein the server certificate is a public key certificate of the corresponding server. One or a plurality of clients and one or a plurality of servers constituting the client-server system are stored, and the validity of the digital certificate used by each of the servers for authentication when establishing communication between them is confirmed. An update procedure determining method for determining an update procedure when a certification key for updating is updated by a digital certificate management apparatus capable of communicating with each client and each server,
The digital certificate management device is
For each node constituting the client / server system, based on information on whether to function as a client or a server between the communication partner of the node and the communication partner, the update procedure includes:
A procedure for transmitting to each of the servers the new server certificate, which is a new digital certificate that can be validated using a new certificate key for update, which the server uses for the authentication. An update procedure determining method, characterized in that it is determined to be performed after receiving information indicating that the new certification key has been received from all clients as communication partners of the server. A computer for controlling a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client-server system;
Certification key update means for updating a certification key for confirming the validity of the digital certificate used by each server for authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. A program for functioning as an update order control means for controlling the update procedure of
The certification key update means includes
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the authentication, the validity of which can be confirmed using the new certification key;
First transmitting means for transmitting the new certification key to each client;
A function of a second transmission means for transmitting a new server certificate, which is a new digital certificate for the server, to the corresponding server;
The update order control means has received the new certification key from all the clients that are communication partners of the server, the second sending means transmitting the new server certificate to the respective servers. A program characterized in that the update procedure is controlled so as to be performed after receiving information to the effect. The program according to claim 26, wherein
A program for causing the computer to function as a means for obtaining a certification key certificate including a new certification key that is a digital certificate that can be validated using a conventional certification key;
A program characterized in that the first transmission means transmits the new certification key to each client in the form of the certification key certificate. The program according to claim 26, wherein
The computer,
Means for obtaining a first certification key certificate that is a digital certificate that can be validated using a conventional certification key and includes the new certification key;
A program for causing a digital certificate that can be validated using the new certification key to function as a means for obtaining a second certification key certificate including the new certification key;
The first transmitting means transmits the new certification key to each of the clients in the form of the first and second certification key certificates, and stores the second certification key certificate in each of the clients. A function to delete the previous certification key certificate and the first certification key certificate when
The update order control means performs the operation in which the first transmission means transmits the second certification key certificate to each of the clients, at least from all servers that are communication partners of the client, the new server certificate The update procedure is controlled so as to be performed after receiving information indicating that the message is received. A computer for controlling a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client-server system;
Certificate key update means for updating a certificate key for confirming the validity of a digital certificate used for mutual authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. A program for functioning as an update order control means for controlling the update procedure of
The certification key update means includes
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Having a function of a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means has received the new certification key from all the clients that are communication partners of the server, the second sending means transmitting the new server certificate to the respective servers. An operation to be performed after receiving the information indicating that the first transmission means transmits the new client certificate to each of the clients. A program characterized in that the update procedure is controlled to be performed after receiving information indicating that a key has been received. A computer for controlling a digital certificate management apparatus capable of communicating with one or a plurality of clients and one or a plurality of servers constituting a client-server system;
Certificate key update means for updating a certificate key for confirming the validity of a digital certificate used for mutual authentication when establishing communication between each client and each server;
For each node constituting the client / server system, a certification key by the certification key update means based on information on a communication partner of the node and whether the node functions as a client or a server. A program for functioning as an update order control means for controlling the update procedure of
The certification key update means includes
Means for obtaining a new certification key for renewal;
Means for obtaining a new digital certificate for use in the mutual authentication, the validity of which can be confirmed using the new certification key;
First transmission means for transmitting a new client certificate, which is a new digital certificate for each client, and the new certification key to the corresponding client;
Having a function of a new server certificate that is a new digital certificate for each of the servers and a second transmitting means for transmitting the new certification key to the corresponding server,
The update order control means, the first transmission means simultaneously transmits the new client certificate and the new certification key to the respective clients, and the second transmission means transmits the respective servers to the respective servers. The update procedure is controlled so that the new server certificate and the new certificate key are transmitted at the same time after receiving the information indicating that the new certificate key has been received from all the clients that are communication partners of the server. A program characterized by doing so. Including a program for causing the computer to function to communicate with each of the clients via any of the servers,
The server authenticates the new certificate key and / or new client certificate transmitted by the first transmission unit to the client with a destination client using a conventional digital certificate, The program according to any one of claims 26 to 30, wherein the program is a server that transmits to a client of a transmission destination through a communication path established with the authentication. Including a program for causing the computer to function to communicate with each of the servers via any of the clients,
The client authenticates the new certificate key and / or new server certificate transmitted to the server by the second transmitting means with the previous digital certificate with the destination server, 31. The program according to claim 26, wherein the program is a client that transmits to a destination server through a communication path established along with the authentication. A program according to any one of claims 26 to 32, wherein
The authentication is authentication according to a protocol of SSL or TLS,
The server certificate is a public key certificate of the corresponding server.

Images