公开(公告)号：US08380985B2

公开(公告)日：2013-02-19

申请号：US12826248

申请日：2010-06-29

申请人： Akane Sato ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

发明人： Akane Sato ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： G06F21/00

CPC分类号： H04L63/06 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0823

摘要： A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

摘要翻译： 一种证书验证方法，用于使证书验证服务器从给定终端设备接收证书验证请求，构建从第一认证中心（CA）到第二CA的认证路径，执行证书路径的验证，并发送 公开了颁发证书验证请求的终端的验证结果。 验证服务器检测任何给定CA的密钥更新或给定CA的妥协，获取相关CA和第一证书状态信息和第二证书状态信息的证书，将获取的信息存储在存储单元中，或者替换地，更新 基于获取的信息存储在存储器中的信息，并且通过使用存储单元的信息来执行认证路径的建立和认证路径的验证。

公开(公告)号：US20110004763A1

公开(公告)日：2011-01-06

申请号：US12826248

申请日：2010-06-29

申请人： Akane SATO ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

发明人： Akane SATO ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0823

摘要： A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

摘要翻译： 一种证书验证方法，用于使证书验证服务器从给定终端设备接收证书验证请求，构建从第一认证中心（CA）到第二CA的认证路径，执行认证路径的验证，并发送 公开了颁发证书验证请求的终端的验证结果。 验证服务器检测任何给定CA的密钥更新或给定CA的妥协，获取相关CA和第一证书状态信息和第二证书状态信息的证书，将获取的信息存储在存储单元中，或者替换地，更新 基于获取的信息存储在存储器中的信息，并且通过使用存储单元的信息来执行认证路径的建立和认证路径的验证。

公开(公告)号：US07392380B2

公开(公告)日：2008-06-24

申请号：US10456549

申请日：2003-06-09

申请人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

发明人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

IPC分类号： H04L9/00

CPC分类号： H04L9/006 ,  H04L9/3268

摘要： If a CRL is cached for an increased speed of a certificate validation process, when a certification authority issues a CRL in an urgent situation, the accuracy of the certificate validation result cannot be secured because the cached CRL is not the latest one. This problem is solved as follows. When it issues a CRL, the certification authority sends a CRL issuance notification to certificate validation servers. The certificate validation servers that received the CRL issuance notification cache the latest CRL. Thus, the accuracy of the certificate validation result can be secured.

摘要翻译： 如果CRL被缓存以提高证书验证过程的速度，当证书颁发机构在紧急情况下发布CRL时，证书验证结果的准确性无法保证，因为缓存的CRL不是最新的。 这个问题解决如下。 颁发CRL时，证书颁发机构向证书验证服务器发送CRL颁发通知。 接收CRL发布通知的证书验证服务器缓存最新的CRL。 因此，可以确保证书验证结果的准确性。

公开(公告)号：US20060168650A1

公开(公告)日：2006-07-27

申请号：US11045133

申请日：2005-01-31

申请人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

发明人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/123 ,  G06F21/64 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/68 ,  H04L2463/103

摘要： In response to a sign request including a digital document from a document-creating device 10, a digital-signed-document exchange supporting server 30 canonicalizes the digital document, calculates a digest value thereof and returns the digest value to the document creating device. When the document-creating device transmits a digital sign created by encrypting the digest value to the digital-signed-digital document exchange-supporting server 30, the digital-signed-digital document exchange-supporting server 30 creates a digital-signed document from the digital sign and the digital document and returns the document to the document-creating device. On the other hand, in response to a validation request including a digital-signed-digital document and a public key from a sign validating device 20, the digital-signed-digital document exchange supporting server 30 compares a value resulting from the decryption of the digital sign with the public key and a digest value of the digital document canonicalized and returns the result to the sign validating device.

摘要翻译： 响应于包括来自文档创建设备10的数字文档的签名请求，数字签名文档交换支持服务器30对数字文档进行规范化，计算其摘要值并将摘要值返回给文档创建设备。 当文档创建设备将通过将摘要值加密创建的数字签名发送到数字签名数字文档交换支持服务器30时，数字签名数字文档交换支持服务器30从数字签名数字文档交换支持服务器30创建数字签名文档 数字签名和数字文档，并将文档返回到文档创建设备。 另一方面，数字签名数字文档交换支持服务器30响应于包括数字签名数字文档和来自签名验证装置20的公开密钥的验证请求，将由 使用公钥的数字符号和数字文档的摘要值进行规范化，并将结果返回到符号验证设备。

公开(公告)号：US08347082B2

公开(公告)日：2013-01-01

申请号：US12542798

申请日：2009-08-18

申请人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

发明人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

IPC分类号： H04L29/06

CPC分类号： H04L63/0823 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263

摘要： In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.

摘要翻译： 响应于包括标识证书颁发机构的第二信息的确认请求，在发行公共密钥证书时的证书颁发机构的密钥信息和识别公开密钥证书的信息，如果识别包括在验证请求中的证书颁发机构的第二信息 对应于识别权限证书中包含的证书颁发机构的第一信息，并且识别包含在验证请求中的公钥证书的信息不存在于撤销信息中，验证服务器创建指示公钥证书对应的验证结果 识别包含在验证请求中的公钥证书的信息是有效的。

公开(公告)号：US08176316B2

公开(公告)日：2012-05-08

申请号：US12392430

申请日：2009-02-25

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

IPC分类号： H04C29/06

CPC分类号： H04L63/166 ,  H04L63/0485 ,  H04L63/0823

摘要： A validation server using HSM, which reduces required process time from receiving a validation request to responding with a validation result, and comprises a first software cryptographic module 142 and a second software cryptographic module 143 on a validation server 130 whose HSM is coupled with an I/F part 148. According to the validation server, load states of HSM, the first software cryptographic module 142 and the second software cryptographic module 143 are monitored by a cryptographic module monitor unit 141, and when cryptographic calculations in a validation process of certificates are conducted, the cryptographic calculations are executed by using the least loaded cryptographic module selected at a cryptographic module selector unit 140.

摘要翻译： 使用HSM的验证服务器，其减少从接收验证请求到响应验证结果所需的处理时间，并且包括验证服务器130上的第一软件加密模块142和第二软件加密模块143，其中HSM与I / F部分148.根据验证服务器，HSM的加载状态，第一软件加密模块142和第二软件加密模块143由加密模块监视单元141监视，并且当证书的验证过程中的密码计算是 通过使用在加密模块选择器单元140处选择的最少加密的加密模块来执行加密计算。

公开(公告)号：US20090259842A1

公开(公告)日：2009-10-15

申请号：US12488051

申请日：2009-06-19

申请人： Yoko KUMAGAI ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

发明人： Yoko KUMAGAI ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

IPC分类号： H04L9/00

CPC分类号： H04L9/3268 ,  H04L9/007 ,  H04L9/3265

摘要： A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

摘要翻译： 证书的验证机构定期搜索和验证路径和证书撤销列表，并根据验证结果将路径分类为有效路径和无效路径，以便事先在数据库中注册路径。 此外，在从终端实体接收到认证证书的有效性的请求的情况下，验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面，在与有效认证请求对应的路径未登记在任一数据库中的情况下，通过重新进行路径搜索和验证来认证公钥证书的有效性。

公开(公告)号：US07558952B2

公开(公告)日：2009-07-07

申请号：US10788417

申请日：2004-03-01

申请人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

发明人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

IPC分类号： H04L9/00

CPC分类号： H04L9/3268 ,  H04L9/007 ,  H04L9/3265

摘要： A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

摘要翻译： 证书的验证机构定期搜索和验证路径和证书撤销列表，并根据验证结果将路径分类为有效路径和无效路径，以便事先在数据库中注册路径。 此外，在从终端实体接收到认证证书的有效性的请求的情况下，验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面，在与有效认证请求对应的路径未登记在任一数据库中的情况下，通过重新进行路径搜索和验证来认证公钥证书的有效性。

公开(公告)号：US08516245B2

公开(公告)日：2013-08-20

申请号：US12488051

申请日：2009-06-19

申请人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

发明人： Yoko Kumagai ,  Takahiro Fujishiro ,  Tadashi Kaji ,  Shingo Hane ,  Hitoshi Shimonosono

IPC分类号： H04L29/06

CPC分类号： H04L9/3268 ,  H04L9/007 ,  H04L9/3265

摘要： A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

摘要翻译： 证书的验证机构定期搜索和验证路径和证书撤销列表，并根据验证结果将路径分类为有效路径和无效路径，以便事先在数据库中注册路径。 此外，在从终端实体接收到认证证书的有效性的请求的情况下，验证机构通过检查有效路径数据库和无效路径数据库中的哪一个来判断公钥证书的有效性 登记与请求对应的路径。 另一方面，在与有效认证请求对应的路径未登记在任一数据库中的情况下，通过重新进行路径搜索和验证来认证公钥证书的有效性。

公开(公告)号：US20100122081A1

公开(公告)日：2010-05-13

申请号：US12542798

申请日：2009-08-18

申请人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

发明人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263

摘要： In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.

摘要翻译： 响应于包括标识证书颁发机构的第二信息的确认请求，在发行公共密钥证书时的证书颁发机构的密钥信息和识别公开密钥证书的信息，如果识别包括在验证请求中的证书颁发机构的第二信息 对应于识别权限证书中包含的证书颁发机构的第一信息，并且识别包含在验证请求中的公钥证书的信息不存在于撤销信息中，验证服务器创建指示公钥证书对应的验证结果 识别包含在验证请求中的公钥证书的信息是有效的。