Certificate validation method and apparatus thereof

US 20030237004A1
Filed: 06/18/2003
Published: 12/25/2003
Est. Priority Date: 06/25/2002
Status: Abandoned Application

First Claim

Patent Images

1. A certificate validation method which uses a PKI-enabled end entity to validate a certificate, said method comprising:

extracting and separating at least user ID data, client certificate data, data for signing and a digital signature; and

validating the client certificate on the basis of said extracted data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Virtual Private Network (VPN) client 1 and M access gateways 3, 4 and 5 each possess a public key cryptography key pair (i.e., a private key and a public key). If VPN client 1 sends Public Key Infrastructure (PKI) compliant signature based authentication information to an access gateway 3, 4 or 5, the access gateway does not itself verify this authentication information. Instead, it entrusts this processing to an authentication server 8, 9 or 10 and receives the verification result, via authentication server proxy 7. Conversely, generation of PKI compliant signature based authentication information to be sent from an access gateway to a VPN client is carried out by the access gateway alone. The access gateway and the authentication server thus together implement PKI support but have the functions required for such support apportioned between them.

195 Citations

12 Claims

1. A certificate validation method which uses a PKI-enabled end entity to validate a certificate, said method comprising:
- extracting and separating at least user ID data, client certificate data, data for signing and a digital signature; and
  
  validating the client certificate on the basis of said extracted data.
- View Dependent Claims (2, 3)
- - 2. The certificate validation method of claim 1, said certificate validation comprising:
    - analyzing the content of the certificate on the basis of said extracted data, validating the certificate on the basis of this analyzed data, and responding to a validation request in accordance with the result of this validation.
  - 3. The certificate validation method of claim 1 or claim 2, wherein parallel certificate validation processing is performed.

4. A certificate validation apparatus which uses a PKI-enabled end entity to perform certificate validation, said certificate validation apparatus characterized in that:
- the function part of said PKI-enabled end entity is divided into a first function part and a second function part;
  
  said first function part extracts and separates at least user ID data, client certificate data, data for signing and a digital signature, and outputs this extracted data to said second function part; and
  
  said second function part validates the client certificate on the basis of said extracted data that is input from said first function part.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The certificate validation apparatus of claim 4, wherein said second function part implements said certificate validation by:
    - analyzing the content of a certificate on the basis of said extracted data;
      
      validating the certificate on the basis of this analyzed data; and
      
      responding to a validation request in accordance with the result of said validation.
  - 6. The PKI-enabled certificate validation apparatus of claim 4, wherein said second function part performs parallel processing of certificate validation.
  - 7. The certificate validation apparatus of claim 4, wherein:
    - said second function part has an authentication server proxy and an authentication part;
      
      said authentication server proxy identifies the type of certificate contained in said extracted data, allocates certificate validation processing corresponding to the certificate type, and responds to a request for a validation result; and
      
      said authentication part validates certificates on the basis of said extracted data distributed by said authentication server proxy in accordance with certificate type, and outputs the validation result to the authentication server proxy.
  - 8. The certificate validation apparatus of claim 7, wherein:
    - said authentication part has authentication servers and certificate validation servers;
      
      said authentication servers analyze certificate content, output requests for certificate validation to said certificate validation servers, and respond to requests from said authentication server proxy for validation results; and
      
      said certificate validation servers validate certificates on the basis of the analyzed data from said authentication servers, in response to certificate validation requests from said authentication servers, and output the results of this validation to said authentication servers.
  - 9. The certificate validation apparatus of claim 8, wherein:
    - said authentication servers are additionally provided with the functions of said certificate validation servers.

10. A certificate validation program incorporated in a PKI-enabled end entity and adapted to validate certificates, wherein:
- the function part of a PKI-enabled end entity is divided according to function into a first function part and a second function part and constructed as software;
  
  said first function part is software which implements the function of extracting and separating at least user ID data, client certificate data, data for signing and digital signature, and of outputting this extracted data to said second function part;
  
  said second function part is software which implements the function of validating client certificates on the basis of said extracted data that is input from said first function part; and
  
  these two pieces of software cause a computer to function.
- View Dependent Claims (11, 12)
- - 11. The certificate validation program of claim 10, wherein the software constituting said second function part implements said certificate validation function by analyzing the content of the certificate on the basis of said extracted data, validating the certificate on the basis of this analyzed data, and responding to a validation request in accordance with the result of this validation.
  - 12. The certificate validation program of claim 10 or 11, wherein the software constituting said second function part performs parallel processing of certificate validation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Okamura, Mine

Application Number

US10/465,320
Publication Number

US 20030237004A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/0823 using certificates cryptogr...

Certificate validation method and apparatus thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

195 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Certificate validation method and apparatus thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links