System and method for distributed group management
First Claim
1. A system of distributed group management for indirectly authenticating membership of a user in a group in order to manage security for a client on the user side and a server for executing a remote processing request from the user side under a predetermined authorization assigned for every group, provided with a group certificate issuing apparatus for issuing a group certificate on the client side based on original group information including the name of the group to which the related user belongs when there is said remote processing request and a group certificate verification unit for verifying a legitimacy of said group certificate transmitted from the client side in said server, wherein said group certificate issuing apparatus adds an issuance side processed value obtained by processing the information of the original group information by a cryptographic function to the original group information and defines this as the group certificate and said group certificate verification unit processes part of the information included in the received group certificate by an identical cryptographic function to obtain a verification side processed value and performs said authentication by confirming that said issuance side processed value and said verification side processed value coincide.
1 Assignment
0 Petitions
Accused Products
Abstract
A system of distributed group management for generating authentication information relating to a group to which users belong at a high speed on a client side and, at the same time, wherein a server side can verify this at a high speed. This system provides a group certificate issuing apparatus for issuing a group certificate on a client side based on original group information including the name of the group to which the users belong and a group certificate verification unit for verifying a legitimacy of the certificate transmitted from the client side in a server. Here, the group certificate issuing apparatus adds an issuance side processed value obtained by processing the information of the original group information by a cryptographic function to this original group information to obtain a group certificate, and the group certificate verification unit processes part of information included in the received certificate by an identical cryptographic function to obtain a verification side processed value and performs an authentication by confirming that the issuance side processed value and the verification side processed value coincide.
-
Citations
28 Claims
-
1. A system of distributed group management for indirectly authenticating membership of a user in a group in order to manage security for a client on the user side and a server for executing a remote processing request from the user side under a predetermined authorization assigned for every group, provided with
a group certificate issuing apparatus for issuing a group certificate on the client side based on original group information including the name of the group to which the related user belongs when there is said remote processing request and a group certificate verification unit for verifying a legitimacy of said group certificate transmitted from the client side in said server, wherein said group certificate issuing apparatus adds an issuance side processed value obtained by processing the information of the original group information by a cryptographic function to the original group information and defines this as the group certificate and said group certificate verification unit processes part of the information included in the received group certificate by an identical cryptographic function to obtain a verification side processed value and performs said authentication by confirming that said issuance side processed value and said verification side processed value coincide.
-
4. A method of distributed group management for indirectly authenticating the membership of a user in a group in order to manage the security for a client on the user side and a server for executing the remote processing request from the user side under the predetermined authorization assigned for every group, comprised of
a first step for processing the information of the original group information including the name of group to which the related user U belongs by the cryptographic function when there is said remote processing request on the client side and issuing a group certificate obtained by adding the obtained issuance side processed value to the original group information, a second step of processing the information of the received group certificate by an identical cryptographic function to obtain the verification side processed value on the server side, and a third step of comparing said verification side processed value and received issuance side processed value on the server side and confirming that they coincide, thereby to perform said authentication, and verify the legitimacy of said group certificate transmitted from the client side in said server.
-
5. A group certificate issuing apparatus comprising part of a system of distributed group management for indirectly authenticating membership of a user to a group in order to manage the security with respect to the client on the user side and the server for executing the remote processing request from the user side under predetermined authorization assigned for every group, provided with
an issuance side processor for issuing the original group information including the name of group with the related user membership thereto when there is said remote processing request and, at the same time, adding the issuance side processed value obtained by processing the information of the original group information by the cryptographic function to the original group information to obtain the group certificate.
-
6. A group certificate verification unit comprising a system of distributed group management for indirectly authenticating the membership of a user to a group in order to manage the security of the client on the user side and the server for executing the remote processing request from the user side under the predetermined authorization assigned for every group, including
verification side processor for processing information included in the group certificate received from the client side by the cryptographic function to generate the verification side processed value on the server side and performing said authentication by confirming that the issuance side processed value included in the received group certificate and said verification side processed value coincide.
Specification