Authentication device and computer system
First Claim
1. An authentication device that certifies a communication device that is connected via a predetermined communication line, wherein the communication device imports a certificate therein, which has been issued by a certification authority and contains address information of the communication device, the authentication device comprising:
- a receiving module that receives a packet including address information of a source of the packet and the certificate; and
a certification processing module that validates whether or not the source of the packet is the communication device based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet.
3 Assignments
0 Petitions
Accused Products
Abstract
To restrict actions such as spoofing and thereby prevent tapping and leakages of data by certifying whether or not each communication device such as a storage device on a communication line is to be connected to the communication line.
Upon receipt of a packet that contains an IP address in its IP header and stores a certificate in its certificate payload from a storage device 300, an authentication device 200 compares an IP address that is recorded in the certificate and the IP address that is recorded on the IP header of the packet. If the comparison results in a match of these IP addresses, the authentication device 200 can certify that the storage device 300 is a device for which a certificate issuing device 100 has properly issued the certificate.
-
Citations
16 Claims
-
1. An authentication device that certifies a communication device that is connected via a predetermined communication line, wherein
the communication device imports a certificate therein, which has been issued by a certification authority and contains address information of the communication device, the authentication device comprising: -
a receiving module that receives a packet including address information of a source of the packet and the certificate; and
a certification processing module that validates whether or not the source of the packet is the communication device based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11)
-
-
4. An authentication device that certifies a communication device that is connected via a predetermined communication line, wherein
the communication device imports a certificate therein, which has been issued by a certification authority and contains address information of the communication device, a digital signature of the certification authority, which has been encrypted with a private key of the certification authority, and a public key of the communication device; -
the authentication device imports a public key of the certification authority therein; and
the authentication device includes;
a receiving module that receives a packet including address information of a source of the packet, the certificate, and a digital signature of the source of the packet, which has been encrypted with a private key of the source of the packet; and
a certification processing module that;
decrypts the digital signature of the certification authority, which is recorded on the certificate in the packet, with the public key of the certification authority, and based on a result of the decryption, validates whether or not the certificate in the received packet is the one that has been issued by the certificate authority;
further validates whether or not the source of the packet is the communication device based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet; and
further decrypts the digital signature of the source of the packet, which is included in the packet, with the public key of the communication device, which is recorded on the certificate in the received packet, and based on a result of the decryption, validates whether or not the digital signature of the source of the packet is a digital signature of the communication device.
-
-
12. A computer system comprising a plurality of storage devices and an authentication device, wherein
each of the storage devices includes: -
a certificate retaining module that retains a certificate, which has been issued by a certification authority and contains address information of the storage device; and
a receiving module that receives a packet including the address information of the storage device and the certificate, the authentication device includes;
a receiving module that receives a packet including address information of a source of the packet and a certificate of the source of the packet; and
a certification processing module that validates the source of the packet based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet, upon receipt of a notification of an output of data from one storage device to another storage device from the one storage device, the receiving module of the authentication device receives the packet from each of the one storage device and the another storage device, and the certification processing module of the authentication device validates each of the received packets, and if the validation is successful, notifies the one storage device of permission of the output of data.
-
-
13. A computer system comprising a plurality of storage devices and an authentication device, wherein
each of the storage devices includes: -
a certificate retaining module that retains a certificate, which has been issued by a certification authority and contains address information of the storage device; and
a receiving module that receives a packet including the address information of the storage device and the certificate, the authentication device includes;
a receiving module that receives a packet including address information of a source of the packet and a certificate of the source of the packet; and
a certification processing module that validates the source of the packet based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet, upon receipt of a notification of an output of data from one storage device to one of other storage devices from the one storage device, the receiving module of the authentication device receives the packet from each of the one storage device and the one of other storage devices that has been selected based on a predetermined condition, and the certification processing module of the authentication device validates each of the received packets, and if the validation is successful, notifies the one storage device of the selected storage device and of permission of the output of data. - View Dependent Claims (14)
-
-
15. A method of certifying a communication device that is connected to a computer via a predetermined communication line, wherein
the communication device imports a certificate therein, which has been issued by a certification authority and contains address information of the communication device, the method comprising the steps of: -
receiving a packet including address information of a source of the packet and the certificate; and
validating whether or not the source of the packet is the communication device based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet.
-
-
16. A computer readable recording medium in which a computer program is recorded, the computer program causing a computer to certify a communication device that is connected thereto via a predetermined communication line, wherein
the communication device imports a certificate therein, which has been issued by a certification authority and contains address information of the communication device, the computer program comprising: -
a first program code for receiving a packet including address information of a source of the packet and the certificate; and
a second program code for validating whether or not the source of the packet is the communication device based on the address information of the source of the packet, which is included in the packet, and the address information that is recorded on the certificate in the packet.
-
Specification