JP2001042769A - Communicating method for electronic data, repeating server and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To eliminate troublesomeness for confirming whether the certificate used by a user is published in a CRL(certificate repeal list) or not and, on the other hand, to enhance the security of communication. SOLUTION: A repeating server which is used at the time of performing the transferring of electronic data via a communication line is provided with an inspecting means which obtains certificate data by reading in certificate information file preserved by received electronic data and then compares the certificate data with contents of the CRL which is issued by an electronic certificate authentication department. Consequently, when the user performs communication normally without performing special operations, whether the certificate data included in the electronic data are included in the above described CRL or not is automatically inspected by the repeating server.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for verifying whether certificate data included in electronic data such as electronic mail is included in a certificate revocation list issued by a digital certificate authority. In particular, the present invention relates to a communication method, a relay server, and a recording medium for electronic data having such a verification function.

[0002]

2. Description of the Related Art In recent years, the spread of the Internet, intranets, or extranets has led to electronic commerce using e-mails and the like. , Spoofing, falsification, etc. For this reason, it is becoming common to communicate important secret documents such as important transaction documents and personal data using encryption technology. For example, message encryption and electronic signature by the public key method are widely used.

In the public key method, a user holds two keys, one of which is used as a secret key and the other is used as a public key, and a sender obtains a public key of a receiver (sender). This is a method in which the transmission contents (electronic data) are encrypted, and the receiver decrypts the received electronic data using a secret key held by the receiver. The electronic signature is a method in which a sender encrypts a digest of transmission contents with its own private key, and a receiver decrypts received electronic data with the sender's public key.

However, in any of the above methods,
You can't trust the public key vaguely. For this reason,
A Certificate Authority (CA) issues a public key certificate, and users who use the public key obtain a certificate of the public key to be used from the CA, and thus trust the public key. To exchange electronic data.

[0005]

However, this C
The certificate issued by A is not perfect, and after receiving the target certificate, the certificate may be discarded even though it is within the validity period of the certificate. This means that if the private key is stolen or lost by a user who has been certified by the certificate, or if the certificate needs to be renewed due to a transfer or retirement, false or eavesdropping,
This is because the certificate must be promptly discarded in order to prevent tampering.

In order to prevent the use of the public key of the revoked certificate, the CA uses a certificate revocation list (C
RL) is issued periodically to inform general users.
Therefore, before using an e-mail or the like, the user can prevent spoofing, eavesdropping, etc., by surely confirming whether or not the obtained certificate is included in the CRL. However, none of the client software can automatically obtain and check the CRL. The user checks the CA name of the certificate issuance, obtains the CRL manually, and manually updates the CRL when the CRL is updated. , And it was very troublesome to perform this confirmation work on the user side. For this reason, at present, when using the above-mentioned encrypted mail or electronic signature, communication is often performed without strictly checking the CRL, and problems have been pointed out from the viewpoint of security. Was.

[0007] The present invention has been made in view of the above points, and it is possible to confirm the validity of a certificate in comparison with a CRL without bothering the user, thereby improving the security of communication. An object of the present invention is to provide a communication method, a relay server, and a recording medium for electronic data that can be performed.

[0008]

According to a first aspect of the present invention, there is provided a communication method for electronic data, wherein the relay server used when exchanging electronic data via a communication line is provided. And verifying means for reading the certificate information file held by the received electronic data and obtaining the certificate data, and comparing the certificate data with the contents of a certificate revocation list issued by the digital certificate authority. ,
A step of verifying whether or not the certificate data is included in the certificate revocation list by the relay server.

According to a second aspect of the present invention, there is provided the communication method of the electronic data according to the first aspect, wherein the certificate data is included in a certificate revocation list by the verification means. The method further includes a step of returning the electronic data to the sender when the determination is made.

According to a third aspect of the present invention, in the communication method of the first aspect, the certificate data is included in a certificate revocation list by the verification means. If it is determined, the method includes a step of adding the discarded warning message and transmitting the electronic data to a transmission partner.

According to a fourth aspect of the present invention, there is provided the communication method for electronic data according to any one of the first to third aspects, wherein the electronic data is an encrypted mail or a signed mail. It is characterized by.

A relay server according to a fifth aspect of the present invention is a relay server used when exchanging electronic data via a communication line, and is a content of a certificate revocation list issued by an electronic certificate authority. A discard information storage unit for recording
While reading the certificate information file held by the received electronic data, accessing the revocation information storage unit, comparing the certificate data obtained from the certificate information file with the contents of the certificate revocation list, A verification unit configured to verify whether the certificate data is included in the certificate revocation list.

A relay server according to a sixth aspect of the present invention is the relay server according to the fifth aspect, wherein the verification means determines that the certificate data is included in a certificate revocation list. In this case, a reply means for sending the electronic data back to the sender is provided.

According to a seventh aspect of the present invention, in the relay server according to the fifth aspect, the verification means determines that the certificate data is included in a certificate revocation list. In this case, a warning message adding means for adding the discarded warning message and transmitting the electronic data to a transmission partner is included.

[0015] The relay server of the present invention according to claim 8 is the relay server according to any one of claims 5 to 7,
An access unit for periodically accessing a CA server managed by an electronic certificate authority and recording the contents of a certificate revocation list recorded in the CA server in the revocation information storage unit. And

A relay server according to a ninth aspect of the present invention is the relay server according to any one of the fifth to eighth aspects,
The electronic data is an encrypted mail or a signed mail.

According to a tenth aspect of the present invention, there is provided a computer-readable recording medium according to the present invention, wherein a relay server used for exchanging electronic data via a communication line transmits a certificate information file held by the received electronic data. Reading, and accessing the revocation information storage unit of the relay server, and acquiring from the content of the certificate revocation list issued by the digital certificate authority recorded in the revocation information storage unit and the certificate information file. Comparing the certificate data with the certificate data and verifying whether the certificate data is included in the certificate revocation list. The relay server verifies the certificate data included in the electronic data. The program is recorded.

A computer-readable recording medium according to an eleventh aspect of the present invention is the recording medium according to the tenth aspect, and verifies whether the certificate data is included in the certificate revocation list. The step of issuing a command for returning the electronic data to the sender when it is determined that the certificate data is included in the certificate revocation list. I do.

A computer-readable recording medium according to a twelfth aspect of the present invention is the recording medium according to the tenth aspect, wherein it is verified whether the certificate data is included in the certificate revocation list. And when the certificate data is determined to be included in the certificate revocation list, a step of adding a discarding warning message and issuing a command to transmit the electronic data to a transmission destination is included. It is characterized by having been done.

A computer-readable recording medium according to the present invention is a recording medium according to any one of claims 10 to 12, wherein the recording medium is periodically transmitted to a CA server managed by a digital certificate authority. And a step of recording the contents of the certificate revocation list recorded in the CA-side server in the revocation information storage unit.

According to a fourteenth aspect of the present invention, there is provided a computer readable recording medium according to any one of the tenth to thirteenth aspects, wherein the electronic data is an encrypted mail or a signed mail. It is characterized by the following.

[0022]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in more detail with reference to the drawings. FIG. 1 is a configuration diagram of a communication method according to an embodiment of the present invention.

First, a sender creates an electronic mail as electronic data by using an arbitrary mail client, and transmits the electronic mail to a transmission destination (recipient). Usually, this e-mail is sent to a mail server on the sender side (for example, SMT).
P server), and then sent to the recipient via a mail server (for example, an SMTP server) on the recipient side. In the present invention, at this time, the e-mail is sent to the mail server on the sender side. Before receiving, the relay server receives the electronic mail.

The relay server verifies whether the certificate data included in the e-mail is included in the certificate revocation list (CRL) issued by the above-mentioned digital certificate authority (CA). .

Specifically, the relay server includes a discard information storage unit for recording the contents of the CRL, and the latest CRL information obtained by any means is recorded in the discard information storage unit. Have been. For example, as shown in FIG. 1, an administrator who manages a relay server periodically or from a CA-side server (for example, an HTTP server, an FTP server, or an LDAT server) managed by a CA,
Each time L is updated, a CRL file is obtained via the communication means. In this case, it is possible for the administrator who manages the relay server to manually acquire the information.
As shown in Step 1 shown in (1), the relay server automatically and periodically accesses the CA-side server (for example, at regular time every day), and reads the contents of the certificate revocation list recorded in the CA-side server. It is preferable that an access unit to be recorded in the discard information storage unit is programmed. In addition,
The recording medium storing the CRL file may be obtained from the CA by offline means other than the communication means, and the recording medium may be read and recorded in the discard information storage unit.

The relay server may be set on the same machine (computer) as the mail server on the sender side, or may be set on another machine. Before receiving the mail, the relay server must be set to receive this e-mail. Therefore, when both are installed on the same machine, the relay server is installed on the port where the mail server is usually installed, and the mail server is installed on another port.

The program for verifying whether or not the certificate data installed in the relay server is included in the CRL has the steps as shown in FIG. 2 in the present embodiment. First, the relay server is urged to periodically acquire the CRL from the CA-side server, the signature of the issued CRL issuance CA is confirmed, and the contents of the CRL are written into the discard information storage unit (step 1). The CRL once obtained is held in the discard information storage unit until the next acquisition. When the e-mail is received, the certificate information file held by the e-mail is read (step 2). Next, access is made to the discard information storage unit, and the read certificate data is compared with the contents of the CRL updated to the latest information in step 1 (step 3). As a result of the comparison in step 3, step 2
If the read certificate data is not included in the CRL, a command is issued to send the certificate data directly to the sender's mail server.
If it is included in the RL, it issues a command to take a predetermined measure.

As a predetermined countermeasure, it is typically desirable to return the sent e-mail to the sender. However, a warning message is added to the e-mail and transmitted via a mail server. It can also be set to send to the other party (recipient). When replying to the sender, it is of course possible to reply with a warning message added.

The computer-readable recording medium on which the program is recorded may be any medium on which the program can be fixed, such as a floppy disk, a CD-ROM, and a magneto-optical disk. , Hard disk and the like.

The electronic data to be verified by the relay server of the present invention can be applied to any electronic data that communicates using the above-mentioned certificate issued by the CA. However, it is realistic to target e-mail on the Internet, which often poses a problem in terms of security, as a verification target. In this case, the certificate may be held in the plaintext mail, but among them, S / M which is generally used
This is effective as a system for verifying a certificate attached to an encrypted mail or a signed mail of the IME system.

In the case of encrypted mail, "PKCS #
7, the certificate information file is stored in the “EnvelopedData”, and the certificate information file “re
read the "cipientInfos". Similarly, in the case of a signed mail, “Sign” of “PKCS # 7”
"sig" which is a certificate information file in "edData"
nerInfos ". Then, the certificate issuing CA “Disting” as the certificate data respectively.
Uished Name "and the certificate serial number are extracted, and it is verified whether or not the certificate serial number is a number posted on the CRL. Specifically, if the sent mail is an S / MIME mail,
Take out the object part of “PKCS # 7” and b
The above certificate data is obtained by decoding into a binary using a technique such as ase64. For example, in the case of an encrypted mail, “EnvelopedData” also includes an encrypted mail text, but decoding this wastes processing time. Therefore, it is preferable to read only the above-mentioned certificate information file in order to shorten the processing time.

For a mail in which a signed message is further encrypted, certificate information cannot be obtained unless decrypted by the relay server using the user's private key.
Although verification cannot be performed, a certificate can be verified even with such electronic data if a private key is entrusted to an administrator who manages the relay server. However, when depositing a private key, the administrator must of course have considerable reliability. In that sense, when such a key escrow system is adopted, it is preferable to use a relatively small-scale network such as an intranet or an extranet. The present invention can be more effectively utilized.

In the above description, a mode in which the relay server of the present invention is arranged immediately before the mail server on the sender side is described. This is, of course, the same as the relay server of the present invention placed immediately after the mail server on the recipient side, but in a system in which the relay server of the present invention is placed, when a transmission is made from any user. The certificate information may be verified only by the relay server on the user side, or the certificate information may be verified not only on the relay server but also on the relay server on the other user side of the transmission destination. You may.

[0034]

According to the electronic data communication method, the relay server and the recording medium of the present invention, the relay server checks the validity of the certificate information held by the electronic data in comparison with the CRL issued by the CA. have. Therefore, it is not necessary to confirm whether or not the user who uses the certificate is posted on the CRL, and the relay server can surely and automatically perform the verification, thereby improving the security of communication.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a communication method according to an embodiment of the present invention.

FIG. 2 is a process diagram showing processing steps of a program according to an embodiment of the present invention.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 12/58 (72) Inventor Yuji Fukuoka 58-2 PF U Meiwa Ryo to Nanakubo, Unoki-cho, Kawakita-gun, Ishikawa Prefecture Room 2323 (72) Inventor Haruhiro Suzuki 1-27-1 Minami Station, Nakamura-ku, Nagoya City, Aichi Prefecture CTI Co., Ltd. (72) Inventor Shinji Murase 1-27 Minami Station, Nakamura-ku, Nagoya City, Aichi Prefecture No. 2 FTI term in CTI Corporation (reference) 5B089 GA04 GA31 GB01 GB02 JA08 JA31 JB22 KA17 KB13 KC15 KC30 KC47 KC58 KH30 LA07 LA11 5J104 AA07 AA09 EA02 EA04 KA02 KA09 LA06 MA01 MA05 PA08 5K030 GA15 HA06 HC01 LD19

Claims (14)

[Claims] 1. A relay server used for exchanging electronic data via a communication line reads a certificate information file held by the received electronic data and obtains the certificate data, and then obtains the certificate data. With a certificate revocation list issued by an electronic certificate authority, and the relay server verifies whether the certificate data is included in the certificate revocation list. A method for communicating electronic data, comprising a procedure. 2. The communication method according to claim 1, wherein the electronic data is transmitted to a sender when the verification means determines that the certificate data is included in a certificate revocation list. A method of communicating electronic data, comprising a step of returning a reply. 3. The communication method according to claim 1, wherein when the verification means determines that the certificate data is included in a certificate revocation list, a discarding warning message is added. And transmitting the electronic data to a transmission partner. 4. The communication method according to claim 1, wherein the electronic data is an encrypted mail or a mail with a signature. 5. A relay server used for exchanging electronic data via a communication line, comprising: a revocation information storage unit for recording the contents of a certificate revocation list issued by an electronic certificate authority; Read the certificate information file held by the obtained electronic data, access the revocation information storage unit, compare the certificate data obtained from the certificate information file with the contents of the certificate revocation list, Verification means for verifying whether the certificate data is included in the certificate revocation list. 6. The relay server according to claim 5, wherein when the verification unit determines that the certificate data is included in a certificate revocation list, the relay unit sends the electronic data to a sender. A relay server comprising a reply means for replying. 7. The relay server according to claim 5, wherein when the verification unit determines that the certificate data is included in a certificate revocation list, a warning message indicating that the certificate data has been revoked is added. And a warning message adding means for transmitting the electronic data to a transmission partner. 8. The relay server according to claim 5, wherein the relay server periodically accesses a CA-side server managed by a digital certificate authority and records the certificate recorded in the CA-side server. A relay server comprising access means for recording the contents of a book revocation list in the revocation information storage unit. 9. The relay server according to claim 5, wherein the electronic data is an encrypted mail or a signed mail. 10. A step of causing a relay server used when exchanging electronic data via a communication line to read a certificate information file held by the received electronic data; Access, and compares the contents of the certificate revocation list issued by the digital certificate authority recorded in the revocation information storage unit with the certificate data obtained from the certificate information file, and finds that the certificate data is Verifying whether the certificate data is included in the certificate revocation list, and recording a program for verifying the certificate data included in the electronic data by the relay server. 11. The recording medium according to claim 10, wherein:
When it is determined that the certificate data is included in the certificate revocation list by the step of verifying whether the certificate data is included in the certificate revocation list, the electronic data is deleted. A computer readable recording medium, comprising the step of issuing a command to reply to a sender. 12. The recording medium according to claim 10, wherein:
If the step of verifying whether the certificate data is included in the certificate revocation list determines that the certificate data is included in the certificate revocation list, a warning that the certificate data has been revoked is issued. A computer-readable recording medium characterized by including a step of issuing a command to add a message and transmit the electronic data to a transmission partner. 13. The recording medium according to claim 10, wherein the CA is managed by a digital certificate authority.
A computer-readable recording medium, comprising a step of periodically accessing a side server and recording the contents of a certificate revocation list recorded in the CA server in the revocation information storage unit. 14. The computer-readable recording medium according to claim 10, wherein the electronic data is an encrypted mail or a signed mail.