WO2024257180A1 - Estimation system, estimation method, and estimation program - Google Patents

Abstract

In a server (10) of an estimation system (1), a generation unit (15a) generates a new public key and a new secret key of an applicant who operates a domain when renewing a server certificate (14a). An application unit (15b) submits an application for renewal of the server certificate (14a) to a CA (20) by using the signature of the generated new public key based on an old secret key before the renewal. In the CA (20), a verification unit (25a) decrypts the signature of said application by using an old public key to verify the applicant. When the verification is successful, an issuing unit (25b) issues the server certificate (14a) including information for deriving an elapsed period from the initial issuance of the server certificate (14a) to the applicant.

Description

Estimation system, estimation method, and estimation program

The present invention relates to an estimation system, an estimation method, and an estimation program.

　There is a phenomenon known as drop-catch, where a domain is revoked and then immediately acquired by a third party, and then the domain is re-acquired. When drop-catch occurs by a malicious third party, there is a risk of causing damage such as the placement of unauthorized content (see Non-Patent Document 1).

"[Warning] To avoid security risks, we ask corporate customers who used the old Visionalist to delete the "tracer.jp" tag," [online], May 18, 2022, NTT Com Online, [Retrieved May 16, 2023], Internet <URL: https://www.nttcoms.com/news/2022051801/>

However, in the past, it was difficult to identify a drop catch event. For example, if the zone file of the TLD (Top Level Domain) to which the domain belongs is continuously monitored and the domain is deleted from the zone file and then reappears very quickly, it is possible that a drop catch event has occurred in that domain. To do this, it is necessary to compare the zone information at the time the domain is accessed with past zone information, but it is not realistic to compare it every time a browser is accessed or a script is executed on a daily basis.

Alternatively, the WHOIS information for the domain in question is monitored, and if the owner information changes, it is determined to be a drop-catch event. However, due to the promotion of General Data Protection Regulation (GDPR) and the increase in hosting domains, there are limitations to the information that can be obtained from the WHOIS database, and it may be difficult to identify that the site operator has changed.

Alternatively, server certificate information that has been accessed once is stored, and each time it is accessed it is checked against the stored certificate information; if it differs from the stored certificate information, it is determined that the site has been dropped and caught. However, this is difficult, as the transfer of stored information must be carried out over a route where mutual reliability is fully guaranteed. Also, when the certificate is updated, the server side must notify the client side, and the client must re-store the updated certificate, which is difficult.

The present invention was made in consideration of the above, and aims to make it possible to easily estimate a drop catch event.

In order to solve the above-mentioned problems and achieve the object, the estimation system of the present invention is characterized by having a generation unit that generates a new public key and a new private key for an applicant who operates a domain when updating a certificate, an application unit that applies for certificate renewal to a certification authority using a signature of the new public key generated using the old private key before the update, a verification unit that decrypts the applied signature using the old public key to verify the applicant, and an issuance unit that issues a certificate including information for deriving the period of time that has elapsed since the initial issuance of the certificate to the applicant if the verification is successful.

The present invention makes it easy to estimate a drop catch event.

FIG. 1 is a diagram for explaining an outline of the estimation system. FIG. 2 is a diagram for explaining an outline of the estimation system. FIG. 3 is a schematic diagram illustrating a schematic configuration of the estimation system. FIG. 4 is a diagram for explaining the process of the issuing unit. FIG. 5 is a diagram for explaining the process of the issuing unit. FIG. 6 is a sequence diagram showing the procedure of the estimation process. FIG. 7 is a flowchart showing the procedure of the estimation process. FIG. 8 is a diagram illustrating a computer that executes the estimation program.

Below, one embodiment of the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited to this embodiment. In addition, in the drawings, the same parts are denoted by the same reference numerals.

[Outline of the estimation system]
1 and 2 are diagrams for explaining an outline of the estimation system. When updating a server certificate, the estimation system of this embodiment verifies that the applicant of the current server certificate is the same as that of the server certificate to be newly issued. The term "update of a server certificate" here refers to an update that is performed while the current server certificate is valid.

Specifically, as shown in FIG. 1, in the estimation system 1, when applying for a server certificate renewal, the applicant on the server 10 side generates a key pair of a new public key and a new private key (see (1)), and creates a CSR (Certificate Signing Request) based on this key pair (see (2)). The applicant also sends the created CSR and a signature of the new public key encrypted with the old private key corresponding to the server certificate that has been in operation (see (3)) to the certification authorities (hereafter referred to as CA, Certificate Authorities) 20 (see (4)).

When issuing a server certificate (see (5) to (8)), CA20 checks that the current server certificate has not expired and decrypts this signature using the corresponding old public key (see (7)). In this way, CA20 verifies whether the applicant for the server certificate renewal is the same person as the applicant for the current server certificate.

If the verification is successful, CA 20 returns the server certificate to server 10, including information that enables the period of time that has elapsed since the initial issuance of the server certificate to the applicant, as described below (see (9)). Since it is guaranteed that the applicant is the same before and after the previous renewal, the derived period of time that has elapsed since the initial issuance of the server certificate can be said to be the period of continuous operation by the same operator, as shown in the example of Figure 2.

As a result, when the client 30 makes a connection request to the server 10 (see (10)), it can refer to the presented server certificate (see (11)-(12)) and find out how long the domain has been continuously operated by the same operator. Note that it is assumed that the client 30 has a function such as an add-on that can read information from the server certificate that can derive the period of time that has elapsed since the initial issuance of the server certificate.

Then, if the time that has elapsed between the previous access and the current access is longer than the period of continuous operation by the same operator, the client 30 considers whether to allow access, taking into account the possibility that the operator may have changed.

Alternatively, for example, if the period of continuous operation by the same operator is short, less than a certain period during which a drop catch may be misused and cause damage, the client 30 determines that there may be a change in operator or that a drop catch may have occurred, and then considers whether to allow access.

The information that is incorporated into the server certificate issued by CA20 and from which the number of days that have elapsed since the initial issuance of the server certificate to the applicant can be derived is, for example, the same applicant period, which indicates the number of days of continuous operation by the applicant of the current server certificate in the past, or information indicating the date and time of the initial issuance of the applicant's server certificate, as described below.

In addition, the functionality of this embodiment is implemented in the intermediate CA and does not apply to the root CA, but the CSR that the intermediate CA applies for from the root CA is within the scope of the RFC specifications, as described below, and signing by the root CA can be implemented without any problems.

[Configuration of Estimation System]
Fig. 3 is a schematic diagram illustrating a schematic configuration of an estimation system. As illustrated in Fig. 3, the estimation system 1 of this embodiment includes a server 10, a CA 20, and a client 30. The server 10 transmits a CSR to the CA 20 to request an update of the server guarantee. The CA verifies the CSR and returns the updated server guarantee.

The client 30 accesses the site operated by the server 10 via a user's browser or mechanically via a script. At that time, the client 30 checks the server certificate 14a of the server 10 to confirm the period of operation of the server 10 by the same operator, and determines whether the operator has changed or whether there is a possibility of a drop catch.

[Server configuration]
The server 10 is realized by a general-purpose computer such as a workstation, and includes an input unit 11 , an output unit 12 , a communication control unit 13 , a storage unit 14 , and a control unit 15 .

The input unit 11 is realized using input devices such as a keyboard and a mouse, and inputs various instruction information such as a command to start processing to the control unit 15 in response to input operations by an operator. The output unit 12 is realized by a display device such as a liquid crystal display, a printing device such as a printer, etc.

The communication control unit 13 is realized by a NIC (Network Interface Card) or the like, and controls communication between the control unit 15 and external devices via a network. For example, the communication control unit 13 controls communication between the control unit 15 and the CA 20, the client 30, and a management device that manages various data used in the estimation process described below.

The storage unit 14 is realized by a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 14 stores in advance the processing program that operates the server 10 and data used during execution of the processing program, or stores the data temporarily each time processing is performed. For example, the storage unit 14 stores a server certificate 14a that is generated and used in the estimation process described below. The storage unit 14 may be configured to communicate with the control unit 15 via the communication control unit 13.

The control unit 15 is realized using a CPU (Central Processing Unit), NP (Network Processor), FPGA (Field Programmable Gate Array), etc., and executes a processing program stored in memory. As a result, the control unit 15 functions as a generation unit 15a and an application unit 15b, as exemplified in FIG. 3, and executes the estimation process described below. Note that each of these functional units may be implemented in different hardware. The control unit 15 may also have other functional units.

When updating a server certificate, the generation unit 15a generates a new public key and a new private key for the applicant who operates the domain. Specifically, the generation unit 15a generates a pair of a new public key for the server certificate for which an update is being requested, and a new private key corresponding to this.

The application unit 15b applies to the CA 20 for the renewal of the server certificate 14a, using the signature of the new public key generated by the old private key before renewal. Specifically, the application unit 15b creates a CSR requesting renewal of the server certificate, and transmits this CSR and the signature of the new public key encrypted by the old private key corresponding to the server certificate 14a that has been in use to the CA 20. At that time, the application unit 15b includes in the CSR the value of information for deriving the period of time that has elapsed since the initial issuance of the server certificate 14a to the applicant, as described below.

The application unit 15b also receives an updated server certificate issued by the issuing unit 25b of the CA 20, which will be described later, and updates the server certificate 14a in the memory unit 14.

[Configuration of the Certification Authority (CA)]
The CA 20 includes a control unit 25 that is realized by a CPU, an NP, an FPGA, or the like, and executes a processing program stored in memory. The CA 20 also includes a storage unit 24 that is realized by a semiconductor memory element such as a RAM or a flash memory. The CA 20 also includes a communication control unit (not shown), and communicates with the server 10, other network devices, and the like via the communication control unit. The CA 20 also includes an output unit (not shown) that is realized by a display device such as a liquid crystal display, a speaker, and the like.

The control unit 25 functions as a verification unit 25a and an issuing unit 25b, as shown in FIG. 3. First, the verification unit 25a decrypts the applied signature with the old public key to verify the applicant. Specifically, the verification unit 25a refers to the CT (Certificate Transparency) Log, which is the log of the previous server certificate, and obtains the old public key corresponding to the applicant's current server certificate 14a. The verification unit 25a also confirms that the current server certificate has not expired. The verification unit 25a then verifies whether the CSR signature can be decrypted with the old public key. In this way, the verification unit 25a verifies whether the applicant for server certificate renewal is the same person as the applicant for the current server certificate 14a.

If the verification fails, the verification unit 25a notifies the server 10 and prompts the user to resubmit the correct signature.

On the other hand, if the verification is successful, the issuing unit 25b issues a server certificate including information for deriving the time that has elapsed since the initial issuance of the certificate to the applicant. Specifically, for example, the verifying unit 25a verifies whether the information included in the CSR for deriving the time that has elapsed since the initial issuance of the certificate to the applicant is correct, and if the verification is successful, the issuing unit 25b writes the information in the server certificate and issues an updated server certificate.

The issuing unit 25b also returns the issued updated server certificate to the server 10. In this case, the server 10 updates the current server certificate 14a using the returned updated server certificate, as described above.

Here, since it is guaranteed that the applicant is the same before and after the previous renewal, the period that has elapsed since the initial issuance of the certificate to the applicant can be said to be the period of continuous operation by the same person, as shown in the example in Figure 2.

The issuing unit 25b therefore includes, in a predetermined extension field of the server certificate, information for deriving the period of time that has elapsed since the initial issuance of the server certificate to the applicant. For example, the issuing unit 25b incorporates, into the server certificate, information for deriving the period of time that has elapsed since the initial issuance of the server certificate to the applicant, using the extension field of the public key certificate period defined in X.509 of RFC5280.

Information for deriving the period of time that has elapsed since the first issuance of a server certificate to an applicant is, for example, the period of time that the applicant for the server certificate is the same, or the date and time of the first issuance of the certificate to the applicant.

Here, Fig. 4 and Fig. 5 are diagrams for explaining the processing of the issuing unit. For example, the issuing unit 25b sets the period during which the applicant for the server certificate remains the same, as shown in Fig. 4. Here, in Fig. 4(a) and Fig. 5(a), the type-id is expressed as a character string for the purpose of explanation, but in reality it is an OID based on ASN.1.

Specifically, as shown in the example of Figure 4 (a), the issuing unit 25b defines "ApplicantPeriod" in the extension field "OtherName" in the Subject Alternative Name of the public key certificate period defined in X.509 of RFC5280. This ApplicantPeriod (same applicant period) refers to the period during which the site has been continuously operated by the same applicant, i.e., the same operator, from the time when the currently referenced server certificate first became valid.

For example, as shown by the underlined area β in FIG. 4B, the ApplicantPeriod is set in the server certificate. In this case, in the derivation unit 35b of the client 30 described later, the number of days (10 days) that have passed since the server certificate was issued can be determined from the difference between the Not Before date and time (February 22, 2023) of Validity written in bold in area α and the current date and time (for example, March 5, 2023). In addition, the number of days (360 days) that the site has been continuously operated by the same operator at the time the server certificate was validated can be determined from the ApplicantPeriod written in area β. By adding the number of days that have passed since the server certificate was issued and the number of days that the site has been continuously operated by the same operator at the time the server certificate was validated, the period that has passed since the server certificate was first issued to the same applicant, that is, the number of days that the site has been continuously operated by the same operator (370 days), is derived.

Note that the applicant's first CSR does not contain an old private key and does not include a signature. In this case, ApplicantPeriod = 0.

Alternatively, the issuing unit 25b sets the issuance date and time of the first server certificate for the same applicant, as exemplified in FIG. 5. Specifically, the issuing unit 25b defines "Applicant Not Before" in the "OtherName" extension field in the Subject Alternative Name of the public key certificate period defined in X.509 of RFC5280, as exemplified in FIG. 5(a). This Applicant Not Before (the applicant's initial certificate issuance date and time) indicates the first day that the site began to be continuously operated by the same applicant, i.e., the same operator.

For example, as shown by the underlined area γ in FIG. 5(b), Applicant Not Before is set in the server warranty. In this case, the derivation unit 35b of the client 30, which will be described later, derives the number of days that have passed since the server certificate was issued (370 days), i.e., the number of days that the site has been continuously operated by the same operator, from the difference between the date and time of Applicant Not Before written in area γ (February 17, 2023) and the current date and time (for example, March 5, 2023).

Note that the applicant's first CSR does not contain the old private key and does not include a signature. In this case, the Applicant Not Before is the same as the Not Before date and time of the server certificate issue.

[Client Configuration]
The client 30 includes a control unit 35 implemented by a CPU, NP, FPGA, or the like, and executing a processing program stored in memory. The client 30 also includes a storage unit 34 implemented by a semiconductor memory element such as a RAM, flash memory, or the like. The client 30 also includes a communication control unit (not shown), and communicates with the server 10, other network devices, or the like via the communication control unit. The client 30 also includes an output unit (not shown) implemented by a display device such as a liquid crystal display, a speaker, or the like.

This client 30 accesses sites operated by the server 10 either via a user's browser or mechanically via a script. Note that all legitimate sites are assumed to be HTTPS-compatible.

As shown in FIG. 3, the control unit 35 functions as an acquisition unit 35a, a derivation unit 35b, and a determination unit 35c. First, the acquisition unit 35a acquires the issued server certificate 14a. Specifically, the control unit 35 accesses a site operated by the server 10 by a user via a browser, or mechanically by a script. At that time, the acquisition unit 35a makes a connection request to the server 10 and acquires the server certificate 14a. The acquisition unit 35a also refers to the acquired server certificate 14a and checks information for deriving the period of time that has elapsed since the certificate was first issued to the applicant.

The derivation unit 35b uses information for deriving the period of time that has elapsed since the initial issuance of the server certificate 14a to the applicant to derive the operation period of the domain by the same applicant. Specifically, the derivation unit 35b derives the operation period of the domain by the same applicant as shown in FIG. 4(b) or FIG. 5(b).

The determination unit 35c uses the derived operation period to determine whether the operator may have been changed or whether a drop catch may have occurred.

For example, if the period between the previous access to server 10 and the current access to server 10 is equal to or longer than the derived operation period, determination unit 35c determines that the operator may have changed since the previous access. In other words, while the period of continuous operation by the same operator is trustworthy, determination unit 35c determines that the operator may have changed during a period that exceeds this period, or that a drop catch may have occurred.

If the determination unit 35c determines that a drop catch has occurred, the determination unit 35c may, for example, stop mechanical script access or present a warning message to the user attempting access, stating that "a drop catch may have occurred."

Alternatively, the determination unit 35c determines that the operator may have changed if the derived operation period is equal to or shorter than a predetermined period. In other words, the determination unit 35c determines that the operator may have changed, that is, that a drop catch may have occurred, if the continuous operation period by the same operator is a short period equal to or shorter than a predetermined period stipulated according to an internal company policy, etc., in which drop catch may be misused and cause damage.

When the determination unit 35c determines that a drop catch has occurred, it presents a warning message to the user attempting to access the site, stating that "a drop catch may have occurred." For example, for a site that is assumed to have been in operation for a long time, a long period of time is set as the predetermined period. If the operation period derived from this period is short, it is possible to alert the user.

[Estimation process]
Next, the estimation process by the estimation system 1 according to the present embodiment will be described with reference to Fig. 6 and Fig. 7. First, Fig. 6 is a sequence diagram showing the estimation process procedure. Fig. 6 illustrates the processing procedure in the server 10 and the CA 20. The sequence in Fig. 6 is started, for example, at the timing when an operation input is made to instruct the start of the estimation process.

First, in the server 10, the generation unit 15a generates a new public key and a new private key for the applicant who operates the domain when updating the server certificate (step S1). Specifically, the generation unit 15a generates a pair of a new public key for the server certificate for which an update is being requested, and a new private key corresponding to the new public key.

Next, the application unit 15b encrypts and signs the new public key using the old private key corresponding to the server certificate 14a that has been in use until now (step S2).

The application unit 15b also creates a CSR requesting renewal of the server certificate. At that time, the application unit 15b includes in the CSR the value of predetermined information for deriving the period of time that has elapsed since the initial issuance of the server certificate 14a to the applicant, as described below (step S3).

For example, the CSR may include the Applicant Period or Applicant Not Before values as specified values.

When the Applicant Period value is included in the CSR, the number of days that have passed since the current server certificate 14a became valid is confirmed, and this number of days is added to the Applicant Period value of the current server certificate 14a.

Alternatively, if the Applicant Not Before value is to be included in the CSR, the Applicant Not Before value of the current server certificate 14a is used as is.

Then, the application unit 15b transmits the CSR and the signature to the CA 20 (step S4).

In CA 20, verification unit 25a decrypts the applied signature with the old public key to verify the applicant. Specifically, verification unit 25a refers to the CTLog, which is a log of previous server certificates, and obtains the old public key that corresponds to the applicant's current server certificate 14a. Verification unit 25a then verifies whether the CSR signature can be decrypted with the old public key (step S5).

The verification unit 25a also verifies whether the information included in the CSR for deriving the elapsed time since the initial issuance of the certificate to the applicant is correct (step S6). For example, the verification unit 25a refers to the information in the CTLog to verify whether the values of Applicant Period or Applicant Not Before included in the CSR are correct.

If these verifications are successful, the issuing unit 25b issues an updated server certificate by including in the server certificate information for deriving the period of time that has elapsed since the initial issuance of the certificate to the applicant. The issuing unit 25b also returns the issued updated server certificate to the server 10 (step S7).

In the server 10, the application unit 15b updates the current server certificate 14a using the returned updated server certificate. This completes the process.

Next, FIG. 7 shows an example of the processing procedure in the client 30. The flowchart in FIG. 7 starts, for example, when an operational input is made to instruct the start of the reflection process.

First, in the client 30, when a user accesses a site operated by the server 10 via a browser or mechanically accesses the site via a script, the acquisition unit 35a makes a connection request to the server 10 and acquires the server certificate 14a. The acquisition unit 35a also references the acquired server certificate 14a and acquires information for deriving the period of time that has elapsed since the certificate was first issued to the applicant (step S11).

For example, the acquisition unit 35a acquires the Applicant Period or Applicant Not Before recorded in the server certificate 14a as information for deriving the period of time that has elapsed since the initial issuance of the certificate to the applicant.

Next, the derivation unit 35b uses the specified information to derive the period of time that has elapsed since the initial issuance of the server certificate 14a to the same applicant (step S12). The period of time that has elapsed corresponds to the period of time that the domain has been in operation by the same applicant up to the present.

For example, when the Applicant Period is acquired as the specified information, if the Applicant Period = 0, the derivation unit 35b obtains the number of days since the issuance of the current server certificate 14a as the operation period. On the other hand, if the Applicant Period is not 0, the derivation unit 35b obtains the operation period by adding the Applicant Period and the number of days since the issuance of the current server certificate 14a.

Alternatively, if Applicant Not Before is acquired as the specified information, the derivation unit 35b obtains the number of days that have elapsed from the date and time of Applicant Not Before to the present as the operation period.

Then, the determination unit 35c uses the derived operation period to determine whether or not there is a possibility that the operator has been changed or that a drop catch has occurred. For example, the determination unit 35c compares the derived operation period with a predetermined period stipulated according to an internal company policy, etc., during which a drop catch may be misused and damage may occur (step S13).

If the derived operation period exceeds a predetermined period (step S13, Yes), the operation period is deemed reliable, and the determination unit 35c determines that there is no possibility of a change in the operator or of a drop catch (step S14). In this case, the client 30 allows access by the user. A series of processes is completed.

On the other hand, if the derived operation period is equal to or shorter than the predetermined period (step S13, No), the determination unit 35c determines that the operator may have changed. Then, the determination unit 35c displays a warning message to the user stating that "a drop catch may have occurred" (step S15). This completes the series of processes.

[effect]
As described above, in the estimation system 1, in the server 10, the generation unit 15a generates a new public key and a new private key for an applicant who operates a domain when updating a server certificate. The application unit 15b applies to the CA 20 for updating the server certificate 14a using a signature of the new public key generated by the old private key before the update. In the CA 20, the verification unit 25a decrypts the applied signature by the old public key to verify the applicant. If the verification is successful, the issuance unit 25b issues a server certificate including information for deriving the period of time that has elapsed since the initial issuance of the server certificate to the applicant.

Specifically, the information used to derive the period of time that has elapsed since the first issuance of a certificate to an applicant is the period during which the applicant for the certificate remains the same, or the date and time of the first issuance of the certificate to the applicant.

Here, since it is guaranteed that the applicant is the same before and after past renewals, the period that has elapsed since the initial issuance of the derived server certificate can be said to be the period of continuous operation by the same operator. Therefore, a user attempting to access a domain can refer to the server certificate and easily find out the period of continuous operation of the domain by the same operator. This makes it easy for users to infer a drop-catch event.

The issuing unit 25b also includes information in a specified extension area of the certificate for deriving the period of time that has elapsed since the certificate was first issued to the applicant. By implementing this within the scope of the standard specifications, it is possible to implement the present invention without affecting network devices that are not covered by the present invention.

In addition, in the client 30, the acquisition unit 35a acquires the issued server certificate 14a. The derivation unit 35b uses information for deriving the period of time that has elapsed since the initial issuance of the certificate to the applicant to derive the operation period of the domain by the same applicant. The determination unit 35c uses the derived operation period to determine whether or not the operator may have changed.

Specifically, the determination unit 35c determines that the operator may have changed if the period between the previous access to the server 10 and the current access to the server 10 is equal to or longer than the derived operation period.

Alternatively, if the derived operation period is less than or equal to a predetermined period, the determination unit 35c determines that the operator may have been changed.

This means that even if there is no clear definition of the period during which a malicious drop catch occurs, users and scripts accessing the server can easily detect the possibility of a drop catch and respond accordingly.

[program]
A program in which the processes executed by each device (server 10, CA 20, client 30) of the estimation system 1 according to the embodiment are written in a language executable by a computer can also be created. As an embodiment, the server 10 can be implemented by installing an estimation program that executes the above estimation process as package software or online software on a desired computer. For example, the information processing device can function as the server 10 by executing the above estimation program on the information processing device. In addition, the information processing device also includes mobile communication terminals such as smartphones, mobile phones, and PHS (Personal Handyphone System), as well as slate terminals such as PDA (Personal Digital Assistant). The functions of the server 10 may be implemented on a cloud server.

FIG. 8 is a diagram showing an example of a computer that executes an estimation program. The computer 1000 has, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These components are connected by a bus 1080.

The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as a BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to a hard disk drive 1031. The disk drive interface 1040 is connected to a disk drive 1041. A removable storage medium such as a magnetic disk or optical disk is inserted into the disk drive 1041. The serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example. The video adapter 1060 is connected to a display 1061, for example.

Here, the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. Each piece of information described in the above embodiment is stored, for example, in the hard disk drive 1031 or memory 1010.

The estimation program is stored in the hard disk drive 1031, for example, as a program module 1093 in which instructions to be executed by the computer 1000 are written. Specifically, the program module 1093 in which each process executed by the server 10 described in the above embodiment is written is stored in the hard disk drive 1031.

In addition, data used for information processing by the estimation program is stored as program data 1094, for example, in the hard disk drive 1031. Then, the CPU 1020 reads the program module 1093 and program data 1094 stored in the hard disk drive 1031 into the RAM 1012 as necessary, and executes each of the above-mentioned procedures.

The program module 1093 and program data 1094 related to the estimation program are not limited to being stored in the hard disk drive 1031, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via the disk drive 1041 or the like. Alternatively, the program module 1093 and program data 1094 related to the estimation program may be stored in another computer connected via a network such as a LAN (Local Area Network) or a WAN (Wide Area Network), and read by the CPU 1020 via the network interface 1070.

The above describes an embodiment of the invention made by the inventor, but the present invention is not limited to the descriptions and drawings that form part of the disclosure of the present invention according to this embodiment. In other words, other embodiments, examples, operational techniques, etc. made by those skilled in the art based on this embodiment are all included in the scope of the present invention.

REFERENCE SIGNS LIST 1 Estimation system 10 Server 11 Input unit 12 Output unit 13 Communication control unit 14, 24, 34 Storage unit 14a Server certificate 15, 25, 35 Control unit 15a Generation unit 15b Application unit 20 CA (Certification Authority)
25a Verification unit 25b Issue unit 30 Client 35a Acquisition unit 35b Derivation unit 35c Determination unit

Claims (8)

a generating unit for generating a new public key and a new private key for an applicant who operates a domain when updating the certificate;
an application unit that applies for certificate renewal to a certification authority by using a signature of the new public key generated by the old private key before renewal;
a verification unit that decrypts the applied signature using an old public key to verify the applicant;
an issuing unit that issues a certificate containing information for deriving an elapsed time since the first issuance of the certificate to the applicant if the verification is successful;
An estimation system comprising: The estimation system according to claim 1, characterized in that the issuing unit includes information for deriving the period of time that has elapsed since the initial issuance of the certificate to the applicant in a predetermined extension area of the certificate. The estimation system according to claim 1, characterized in that the information for deriving the period of time that has elapsed since the first issuance of the certificate to the applicant is the period during which the applicant for the certificate remains the same, or the date and time of the first issuance of the certificate to the applicant. an acquisition unit for acquiring the issued certificate;
a derivation unit that derives an operation period of the domain by the same applicant using information for deriving an elapsed period since the initial issuance of a certificate to the applicant;
A determination unit that determines whether or not the manager may have been changed using the derived operation period;
The estimation system of claim 1 further comprising: The estimation system according to claim 4, characterized in that the determination unit determines that the operator may have changed if the period between the previous access to the server and the current access to the server is equal to or longer than the operation period. The estimation system according to claim 4, characterized in that the determination unit determines that the operator may have been changed if the operation period is equal to or shorter than a predetermined period. An estimation method executed by an estimation system, comprising:
generating a new public key and a new private key for an applicant who operates a domain when renewing a certificate;
an application process for applying for certificate renewal to a certificate authority using a signature of the new public key generated by the old private key before renewal;
a verification step of decrypting the applied signature with an old public key to verify the applicant;
if said verification is successful, issuing a certificate including information for deriving the period of time since the first issuance of the certificate to said applicant;
The estimation method according to claim 1, further comprising: generating a new public key and a new private key for an applicant who operates a domain when renewing the certificate;
an application step of applying for certificate renewal to a certificate authority using a signature of the new public key generated by the old private key before renewal;
a verification step of decrypting the applied signature with an old public key to verify the applicant;
if said verification is successful, issuing a certificate including information for deriving the period of time since the first issuance of the certificate to said applicant;
An estimation program for causing a computer to execute the above.

Images