摘要 |
PROBLEM TO BE SOLVED: To provide a public key certificate issuance system capable of preventing the forgery of a public key certificate due to the leakage of a secret key or the like. SOLUTION: A CA server A holds the secret key SK1 for a signature, a CA server B holds the secret key SK2 for the signature and the same person cannot simultaneously obtain them. When public key certificate issuance is applied from the outside, the CA server A generates data Dc for the certificate and the hash value Dh and transmits them to the CA server B. The CA server B generates an electronic signature Sig2 by the hash value Dh and the secret key SK2 and returns it to the CA server A. The CA server A generates the electronic signature Sig1 by the hash value Dh and the secret key Sk1. Then the data Dc for the certificate and the electronic signatures Sig1 and Sig2 are gathered and the public key certificate to an applicant is issued.
|