摘要 |
At the user authentication apparatus 30, an identifier of a certification authority (CA) certificate that a CA information disclosure server 20 discloses in advance is registered in an identifier list of the CA. At the user terminal 10, a key pair consisting of a terminal public key and a terminal secret key is generated, the terminal signature is generated for information containing the terminal public key using the CA secret key acquired in advance, and a self-signed certificate of the same form as the certificate issued from CA, that is, a terminal certificate containing at least a terminal public key, a terminal signature, and a CA identifier, is created and stored, and registered in the user authentication apparatus 30. The terminal certificate having the same issuer information as the CA identifier in the identifier list of the CA notified from the user authentication apparatus 30 at the time of the service request is selected, and user authentication in accordance with a well-known user authentication protocol is executed using the terminal certificate.
|