Certificate validation method and apparatus thereof
First Claim
1. A certificate validation method which uses a PKI-enabled end entity to validate a certificate, said method comprising:
- extracting and separating at least user ID data, client certificate data, data for signing and a digital signature; and
validating the client certificate on the basis of said extracted data.
1 Assignment
0 Petitions
Accused Products
Abstract
Virtual Private Network (VPN) client 1 and M access gateways 3, 4 and 5 each possess a public key cryptography key pair (i.e., a private key and a public key). If VPN client 1 sends Public Key Infrastructure (PKI) compliant signature based authentication information to an access gateway 3, 4 or 5, the access gateway does not itself verify this authentication information. Instead, it entrusts this processing to an authentication server 8, 9 or 10 and receives the verification result, via authentication server proxy 7. Conversely, generation of PKI compliant signature based authentication information to be sent from an access gateway to a VPN client is carried out by the access gateway alone. The access gateway and the authentication server thus together implement PKI support but have the functions required for such support apportioned between them.
195 Citations
12 Claims
-
1. A certificate validation method which uses a PKI-enabled end entity to validate a certificate, said method comprising:
-
extracting and separating at least user ID data, client certificate data, data for signing and a digital signature; and
validating the client certificate on the basis of said extracted data. - View Dependent Claims (2, 3)
-
-
4. A certificate validation apparatus which uses a PKI-enabled end entity to perform certificate validation, said certificate validation apparatus characterized in that:
-
the function part of said PKI-enabled end entity is divided into a first function part and a second function part;
said first function part extracts and separates at least user ID data, client certificate data, data for signing and a digital signature, and outputs this extracted data to said second function part; and
said second function part validates the client certificate on the basis of said extracted data that is input from said first function part. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A certificate validation program incorporated in a PKI-enabled end entity and adapted to validate certificates, wherein:
-
the function part of a PKI-enabled end entity is divided according to function into a first function part and a second function part and constructed as software;
said first function part is software which implements the function of extracting and separating at least user ID data, client certificate data, data for signing and digital signature, and of outputting this extracted data to said second function part;
said second function part is software which implements the function of validating client certificates on the basis of said extracted data that is input from said first function part; and
these two pieces of software cause a computer to function. - View Dependent Claims (11, 12)
-
Specification