Attribute Certificate Verification Method and System
First Claim
1. An attribute certificate verification method, for a service provider apparatus which provides a service on a network, to verify an attribute certificate of a user who uses a user terminal to receive the service, the attribute certificate verification method comprising:
- allowing an attribute authority apparatus of an attribute authority responsible for issuance of an attribute certificate to record a determination policy in the attribute certificate, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination; and
allowing the service provider apparatus to verify the attribute certificate transmitted from the user terminal by;
obtaining the determination policy recorded in the attribute certificate; and
determining whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy to verify the attribute certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.
91 Citations
20 Claims
-
1. An attribute certificate verification method, for a service provider apparatus which provides a service on a network, to verify an attribute certificate of a user who uses a user terminal to receive the service, the attribute certificate verification method comprising:
-
allowing an attribute authority apparatus of an attribute authority responsible for issuance of an attribute certificate to record a determination policy in the attribute certificate, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination; and
allowing the service provider apparatus to verify the attribute certificate transmitted from the user terminal by;
obtaining the determination policy recorded in the attribute certificate; and
determining whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy to verify the attribute certificate. - View Dependent Claims (3)
-
-
2. An attribute certificate verification method, for a service provider apparatus which provides a service on a network, to verify an attribute certificate of a user who uses a user terminal to receive the service, the attribute certificate verification method comprising:
-
allowing an attribute authority apparatus of an attribute authority responsible for issuance of an attribute certificate to release a determination policy to public and to record, in the attribute certificate, location information on a location at which the determination policy is released, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination; and
allowing the service provider apparatus to verify the attribute certificate transmitted from the user terminal by;
obtaining the location information recorded in the attribute certificate;
obtaining the determination policy from the location designated by the location information; and
determining whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy to verify the attribute certificate. - View Dependent Claims (4)
-
-
5. An attribute authority apparatus for transmitting, to a user terminal configured to communicate through a network with a service provider apparatus, an attribute certificate issued for a user who uses the user terminal to receive a service from the service provider apparatus, the attribute authority apparatus comprising a controller,
the controller comprising: -
means for recording, in a holder field of the attribute certificate with an entityName option applied thereto, information recorded in a subject field of a public key certificate of the user of the user terminal; and
means for recording a determination policy in the attribute certificate, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination. - View Dependent Claims (9)
-
-
6. An attribute authority apparatus for transmitting, to a user terminal configured to communicate through a network with a service provider apparatus, an attribute certificate issued for a user who uses the user terminal to receive a service from the service provider apparatus, the attribute authority apparatus comprising a controller,
the controller comprising: -
means for recording, in a holder field of the attribute certificate with an entityName option applied thereto, information recorded in a subject field of a public key certificate of the user of the user terminal;
means for releasing a determination policy to public, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination; and
means for recording, in the attribute certificate, location information on a location at which the determination policy is released. - View Dependent Claims (10)
-
-
7. A service provider apparatus for providing a service on a network, wherein the service provider apparatus is configured to verify an attribute certificate of a user who uses a user terminal to receive the service, and comprises a controller,
the controller comprising: -
means for obtaining a determination policy which comprises information designating at least one item to be checked for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination; and
means for determining whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy to verify the attribute certificate, by comparing information recorded in a holder field of the attribute certificate with information recorded in a subject field of a public key certificate of the user.
-
-
8. A service provider apparatus for providing a service on a network, wherein the service provider apparatus is configured to verify an attribute certificate of a user who uses a user terminal to receive the service, and comprises a controller,
the controller comprising: -
means for obtaining location information on a location at which a determination policy is released to public, the determination policy comprising information designating at least one item to be checked for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination;
means for obtaining the determination policy from the location designated by the location information; and
means for determining whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy to verify the attribute certificate, by comparing information recorded in a holder field of the attribute certificate with information recorded in a subject field of a public key certificate of the user.
-
-
11. An attribute certificate verification method, for a service provider apparatus which provides a service on a network, to verify an attribute certificate of a user who uses a user terminal to receive the service, the attribute certificate verification method comprising:
-
allowing an attribute authority apparatus of an attribute authority responsible for issuance of an attribute certificate to record a determination policy in a determination policy certificate, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination;
allowing the attribute authority apparatus to release to public validation information for establishing validity of the determination policy certificate; and
allowing the service provider apparatus to verify the attribute certificate transmitted from the user terminal by;
ascertaining the validity of the determination policy certificate transmitted together with the attribute certificate, based upon the validation information; and
determining whether data in the at least one item designated in the determination policy recorded in the determination policy certificate fulfill the criterion recorded in the determination policy to verify the attribute certificate. - View Dependent Claims (13)
-
-
12. An attribute certificate verification method, for a service provider apparatus which provides a service on a network, to verify an attribute certificate of a user who uses a user terminal to receive the service, the attribute certificate verification method comprising:
-
allowing an attribute authority apparatus of an attribute authority responsible for issuance of an attribute certificate to release a determination policy certificate to public and to create determination policy certificate retrieval information including location information on a location at which the determination policy certificate is released, the determination policy certificate comprising information on a determination policy, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination; and
allowing the service provider apparatus to verify the attribute certificate transmitted from the user terminal by;
obtaining the location information included in the determination policy certificate retrieval information transmitted together with the attribute certificate;
obtaining the determination policy certificate from the location designated by the location information; and
determining whether data in the at least one item designated in the determination policy certificate fulfill the criterion recorded in the determination policy certificate to verify the attribute certificate. - View Dependent Claims (14)
-
-
15. An attribute authority apparatus for transmitting, to a user terminal configured to communicate through a network with a service provider apparatus, an attribute certificate issued for a user who uses the user terminal to receive a service from the service provider apparatus, the attribute authority apparatus comprising a controller,
the controller comprising: -
means for recording, in a holder field of the attribute certificate with an entityName option applied thereto, information recorded in a subject field of a public key certificate of the user of the user terminal;
means for recording a determination policy in a determination policy certificate, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination; and
means for releasing validation information for establishing validity of the determination policy certificate. - View Dependent Claims (19)
-
-
16. An attribute authority apparatus for transmitting, to a user terminal configured to communicate through a network with a service provider apparatus, an attribute certificate issued for a user who uses the user terminal to receive a service from the service provider apparatus, the attribute authority apparatus comprising a controller,
the controller comprising: -
means for recording, in a holder field of the attribute certificate with an entityName option applied thereto, information recorded in a subject field of a public key certificate of the user of the user terminal;
means for releasing a determination policy certificate to public, the determination policy comprising information designating at least one item to be checked by the service provider apparatus for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination; and
means for creating determination policy certificate retrieval information including location information on a location at which the determination policy certificate is released. - View Dependent Claims (20)
-
-
17. A service provider apparatus for providing a service on a network, wherein the service provider apparatus is configured to verify an attribute certificate of a user who uses a user terminal to receive the service, and comprises a controller,
the controller comprising: -
means for receiving a determination policy certificate in which is recorded a determination policy comprising information designating at least one item to be checked for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination;
means for ascertaining validity of the determination policy certificate; and
means for determining whether data in the at least one item designated in the determination policy certificate fulfill the criterion recorded in the determination policy certificate to verify the attribute certificate, by comparing information recorded in a holder field of the attribute certificate with information recorded in a subject field of a public key certificate of the user.
-
-
18. A service provider apparatus for providing a service on a network, wherein the service provider apparatus is configured to verify an attribute certificate of a user who uses a user terminal to receive the service, and comprises a controller,
the controller comprising: -
means for receiving the attribute certificate and a determination policy certificate retrieval information including location information on a location at which a determination policy certificate is released to public, the determination policy certificate including a determination policy which comprises information designating at least one item to be checked for determination to be made to verify the attribute certificate transmitted from the user terminal, and a criterion for the determination;
means for obtaining the determination policy certificate from the location designated by the location information included in the determination policy certificate retrieval information; and
means for determining whether data in the at least one item designated in the determination policy certificate fulfill the criterion recorded in the determination policy certificate to verify the attribute certificate, by comparing information recorded in a holder field of the attribute certificate with information recorded in a subject field of a public key certificate of the user.
-
Specification