公开(公告)号：US08380985B2

公开(公告)日：2013-02-19

申请号：US12826248

申请日：2010-06-29

申请人： Akane Sato ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

发明人： Akane Sato ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： G06F21/00

CPC分类号： H04L63/06 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0823

摘要： A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

摘要翻译： 一种证书验证方法，用于使证书验证服务器从给定终端设备接收证书验证请求，构建从第一认证中心（CA）到第二CA的认证路径，执行证书路径的验证，并发送 公开了颁发证书验证请求的终端的验证结果。 验证服务器检测任何给定CA的密钥更新或给定CA的妥协，获取相关CA和第一证书状态信息和第二证书状态信息的证书，将获取的信息存储在存储单元中，或者替换地，更新 基于获取的信息存储在存储器中的信息，并且通过使用存储单元的信息来执行认证路径的建立和认证路径的验证。

公开(公告)号：US20110004763A1

公开(公告)日：2011-01-06

申请号：US12826248

申请日：2010-06-29

申请人： Akane SATO ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

发明人： Akane SATO ,  Takahiro Fujishiro ,  Shingo Hane ,  Yoko Hashimoto ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0823

摘要： A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

摘要翻译： 一种证书验证方法，用于使证书验证服务器从给定终端设备接收证书验证请求，构建从第一认证中心（CA）到第二CA的认证路径，执行认证路径的验证，并发送 公开了颁发证书验证请求的终端的验证结果。 验证服务器检测任何给定CA的密钥更新或给定CA的妥协，获取相关CA和第一证书状态信息和第二证书状态信息的证书，将获取的信息存储在存储单元中，或者替换地，更新 基于获取的信息存储在存储器中的信息，并且通过使用存储单元的信息来执行认证路径的建立和认证路径的验证。

公开(公告)号：US08819417B2

公开(公告)日：2014-08-26

申请号：US13407376

申请日：2012-02-28

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

IPC分类号： H04L29/06

CPC分类号： H04L63/166 ,  H04L63/0485 ,  H04L63/0823

摘要： A validation server using HSM, which reduces required process time from receiving a validation request to responding with a validation result, and comprises a first software cryptographic module 142 and a second software cryptographic module 143 on a validation server 130 whose HSM is coupled with an I/F part 148. According to the validation server, load states of HSM, the first software cryptographic module 142 and the second software cryptographic module 143 are monitored by a cryptographic module monitor unit 141, and when cryptographic calculations in a validation process of certificates are conducted, the cryptographic calculations are executed by using the least loaded cryptographic module selected at a cryptographic module selector unit 140.

摘要翻译： 使用HSM的验证服务器，其减少从接收验证请求到响应验证结果所需的处理时间，并且包括验证服务器130上的第一软件加密模块142和第二软件加密模块143，其中HSM与I / F部分148.根据验证服务器，HSM的加载状态，第一软件加密模块142和第二软件加密模块143由加密模块监视单元141监视，并且当证书的验证过程中的密码计算是 通过使用在加密模块选择器单元140处选择的最少加密的加密模块来执行加密计算。

公开(公告)号：US20100122081A1

公开(公告)日：2010-05-13

申请号：US12542798

申请日：2009-08-18

申请人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

发明人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263

摘要： In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.

摘要翻译： 响应于包括标识证书颁发机构的第二信息的确认请求，在发行公共密钥证书时的证书颁发机构的密钥信息和识别公开密钥证书的信息，如果识别包括在验证请求中的证书颁发机构的第二信息 对应于识别权限证书中包含的证书颁发机构的第一信息，并且识别包含在验证请求中的公钥证书的信息不存在于撤销信息中，验证服务器创建指示公钥证书对应的验证结果 识别包含在验证请求中的公钥证书的信息是有效的。

公开(公告)号：US08347082B2

公开(公告)日：2013-01-01

申请号：US12542798

申请日：2009-08-18

申请人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

发明人： Akane Sato ,  Yoko Hashimoto ,  Shingo Hane ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

IPC分类号： H04L29/06

CPC分类号： H04L63/0823 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3263

摘要： In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.

摘要翻译： 响应于包括标识证书颁发机构的第二信息的确认请求，在发行公共密钥证书时的证书颁发机构的密钥信息和识别公开密钥证书的信息，如果识别包括在验证请求中的证书颁发机构的第二信息 对应于识别权限证书中包含的证书颁发机构的第一信息，并且识别包含在验证请求中的公钥证书的信息不存在于撤销信息中，验证服务器创建指示公钥证书对应的验证结果 识别包含在验证请求中的公钥证书的信息是有效的。

公开(公告)号：US08176316B2

公开(公告)日：2012-05-08

申请号：US12392430

申请日：2009-02-25

申请人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

发明人： Yoko Hashimoto ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa ,  Shingo Hane ,  Akane Sato

IPC分类号： H04C29/06

CPC分类号： H04L63/166 ,  H04L63/0485 ,  H04L63/0823

摘要： A validation server using HSM, which reduces required process time from receiving a validation request to responding with a validation result, and comprises a first software cryptographic module 142 and a second software cryptographic module 143 on a validation server 130 whose HSM is coupled with an I/F part 148. According to the validation server, load states of HSM, the first software cryptographic module 142 and the second software cryptographic module 143 are monitored by a cryptographic module monitor unit 141, and when cryptographic calculations in a validation process of certificates are conducted, the cryptographic calculations are executed by using the least loaded cryptographic module selected at a cryptographic module selector unit 140.

摘要翻译： 使用HSM的验证服务器，其减少从接收验证请求到响应验证结果所需的处理时间，并且包括验证服务器130上的第一软件加密模块142和第二软件加密模块143，其中HSM与I / F部分148.根据验证服务器，HSM的加载状态，第一软件加密模块142和第二软件加密模块143由加密模块监视单元141监视，并且当证书的验证过程中的密码计算是 通过使用在加密模块选择器单元140处选择的最少加密的加密模块来执行加密计算。

公开(公告)号：US20120066490A1

公开(公告)日：2012-03-15

申请号：US13209964

申请日：2011-08-15

申请人： Akane Sato ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Ogawa

发明人： Akane Sato ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： H04L9/00

CPC分类号： H04L9/0877 ,  G06F21/72

摘要： A cryptographic device management server receives a first cryptographic calculation request from an arbitrary terminal device via a network, transmits a second cryptographic calculation request generated on the basis of the first cryptographic calculation request, management information of the terminal device and management information of the cryptographic device to a cryptographic device selected on the basis of the management information of the terminal devices and management information of the cryptographic devices stored in the cryptographic device management server, via a connection interface, receives a second cryptographic calculation result from the cryptographic device, and transmits a first cryptographic calculation result generated on the basis of the second cryptographic calculation result, the management information of the terminal device and the management information of the cryptographic device to the terminal device of the source of the first cryptographic calculation request via the network.

摘要翻译： 密码装置管理服务器经由网络从任意终端装置接收第一加密计算请求，发送基于第一加密计算请求生成的第二密码计算请求，终端装置的管理信息和密码装置的管理信息 基于终端装置的管理信息选择的加密装置和通过连接接口存储在密码装置管理服务器中的密码装置的管理信息，从密码装置接收第二加密计算结果，并发送 基于第二加密计算结果生成的第一加密计算结果，终端装置的管理信息和加密装置的管理信息到第一加密计算源r的终端装置 通过网络来衡量。

公开(公告)号：US20110231662A1

公开(公告)日：2011-09-22

申请号：US13021655

申请日：2011-02-04

申请人： AKANE SATO ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Ogawa

发明人： AKANE SATO ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Ogawa

IPC分类号： H04L9/32

CPC分类号： H04L9/3268 ,  H04L9/006 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3265

摘要： The validation server obtains information related to a first cryptographic method from a certificate which is contained in a certificate validation request from a terminal device. When the information related to the first cryptographic method is not stored in a storage unit of the validation server as valid information, the validation server determines that the information related to the first cryptographic method is invalid. When the information related to the first cryptographic method is stored in the storage unit as valid information and also the information related to a second cryptographic method listed in the certificate in the certification path is not stored in the storage unit during the certification path validation, the validation server determines that the information related to the second cryptographic method is invalid.

摘要翻译： 验证服务器从终端设备的证书验证请求中包含的证书中获取与第一密码方法相关的信息。 当与第一密码方法相关的信息没有作为有效信息存储在验证服务器的存储单元中时，验证服务器确定与第一密码方法相关的信息是无效的。 当与第一密码方法有关的信息作为有效信息存储在存储单元中时，并且在认证路径验证期间，在认证路径中的证书中列出的与第二密码方法相关的信息不存储在存储单元中时， 验证服务器确定与第二密码方法相关的信息是无效的。

公开(公告)号：US20080301439A1

公开(公告)日：2008-12-04

申请号：US12105358

申请日：2008-04-18

申请人： Yoko HASHIMOTO ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

发明人： Yoko HASHIMOTO ,  Takahiro Fujishiro ,  Masahiko Furuya ,  Masami Uzawa

IPC分类号： H04L9/06

CPC分类号： H04L9/3268 ,  H04L63/06

摘要： A technique of managing public keys updated by a certificate authority and a plurality of hash algorithms is provided.Identifiers, each of which is uniquely determined by a pair of a public key updated by a certificate authority and a hash algorithm, are stored in an identifier information storage area (131b). A verification processing part (132c) cross-checks a received validation request and the identifiers stored in the identifier information storage area (131b). When there is an identifier corresponding to the received validation request, the verification processing part (132c) judges that the verification can be performed, and continues the verification processing.

摘要翻译： 提供了一种管理由证书颁发机构更新的公共密钥和多个散列算法的技术。 标识符，每个标识符由认证机构更新的一对公钥和散列算法唯一地确定，被存储在标识符信息存储区域（131b）中。 验证处理部分（132c）交叉检查接收到的确认请求和存储在标识符信息存储区域（131b）中的标识符。 当存在对应于接收到的确认请求的标识符时，验证处理部分（132c）判断可以执行验证，并继续验证处理。

公开(公告)号：US07392380B2

公开(公告)日：2008-06-24

申请号：US10456549

申请日：2003-06-09

申请人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

发明人： Tadashi Kaji ,  Takahiro Fujishiro ,  Yoko Kumagai ,  Shingo Hane ,  Hiromi Nagano

IPC分类号： H04L9/00

CPC分类号： H04L9/006 ,  H04L9/3268

摘要： If a CRL is cached for an increased speed of a certificate validation process, when a certification authority issues a CRL in an urgent situation, the accuracy of the certificate validation result cannot be secured because the cached CRL is not the latest one. This problem is solved as follows. When it issues a CRL, the certification authority sends a CRL issuance notification to certificate validation servers. The certificate validation servers that received the CRL issuance notification cache the latest CRL. Thus, the accuracy of the certificate validation result can be secured.

摘要翻译： 如果CRL被缓存以提高证书验证过程的速度，当证书颁发机构在紧急情况下发布CRL时，证书验证结果的准确性无法保证，因为缓存的CRL不是最新的。 这个问题解决如下。 颁发CRL时，证书颁发机构向证书验证服务器发送CRL颁发通知。 接收CRL发布通知的证书验证服务器缓存最新的CRL。 因此，可以确保证书验证结果的准确性。