METHOD, PRODUCT AND APPARATUS FOR ACCELERATING PUBLIC-KEY CERTIFICATE VALIDATION
0 Assignments
0 Petitions
Accused Products
Abstract
A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.
19 Citations
24 Claims
-
1-7. -7. (canceled)
-
8. A computer for validating a public key certificate in a public key infrastructure composed of a plurality of certificate authorities including an end entity certificate issuing authority, wherein:
-
an end entity certificate issuing authority issues to an end entity a public key certificate used for validating a signature generated by an end entity apparatus operated by the end entity, the computer comprises a processing unit, storage and a program in storage for execution by the processing unit, and execution of the program by the processing unit causes the computer to perform functions comprising; registering in a database a valid path extending from a certificate authority being a start certificate authority to any end entity certificate issuing authority, a certificate validation function of receiving a certificate validation request for a public key certificate issued by any end entity certificate issuing authority, judging the validity of the public key certificate of which the certificate validation has been requested using information registered in the database, and outputting a result of the judgment, and the registering function and the validation function are executed independently of one another, wherein the registering function comprises functions of; 1) searching a path extending from the start certificate authority to the end entity certificate issuing authority which is the end of the path; 2) validating the path searched in function 1; and 3) registering the path which has been validated in function 2 as a valid path in the database, and wherein the certificate validation function comprises functions of; 4) checking whether there is registered in the database a path specified by the request for certificate validation, the path extending from the start certificate authority being the trust anchor of an originator of the request for certificate validation to the end entity certificate issuing authority which has issued the public certificate of which the certificate validation has been requested, and which is the end of the path, 5) if the checked path is registered in the database as the valid path in function 4, validating a signature of the public key certificate of which the certificate validation is requested, by using the public key certificate issued to the end entity certificate issuing authority being the end of the checked path, and if validation of the signature is successful, judging that the public key certificate of which the certificate validation has been requested is valid and outputting a result of the judgment; 6) if the checked path is not registered in the database as the valid path in function 4, searching a path that includes a partial path from the start certificate authority being the trust anchor to the end entity certificate issuing authority which has issued the public key certificate of which certificate validation is requested and which is the end of the path, and that extends from the start certificate authority being the trust anchor to the end entity which is an issue destination of the public key certificate of which certificate validation is requested; 7) in the searching in function 6, if the path extending from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested is detected, validating the path that includes the partial path and extends from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested; 8) judging the validity of the public key certificate of which certificate validation is requested based on the validation result in function 7 and outputting a result of the judgment; and 9) registering the partial path included in the path validated in function 7 into the database as a valid path. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A product comprising at least one computer readable storage medium and instructions embodied in the at least one computer readable storage medium, said instructions, when executed, being arranged to cause at least one processor to perform functions for validating a public key certificate in a public key infrastructure composed of a plurality of certificate authorities including an end entity certificate issuing authority, in which an end entity certificate issuing authority issues to an end entity a public key certificate used for validating a signature generated by an end entity apparatus operated by the end entity, wherein:
-
the functions performed by the at least one processor upon execution of the instructions comprise; registering in a database a valid path extending from a certificate authority being a start certificate authority to any end entity certificate issuing authority, receiving a certificate validation request for a public key certificate issued by any end entity certificate issuing authority, judging the validity of the public key certificate of which the certificate validation has been requested using information registered in the database, and outputting a result of the judgment, the registering function and the function of judging certificate validity are executed by the computer independently of one another, the registering function comprises functions of; 1) searching a path extending from the start certificate authority to the end entity certificate issuing authority which is the end of the path; 2) validating the path searched in function 1; and 3) registering the path which has been validated in function 2 as a valid path in the database, and the function of judging certificate validity comprises functions of; 4) checking whether there is registered in the database a path specified by the request for certificate validation, the path extending from the start certificate authority being the trust anchor of an originator of the request for certificate validation to the end entity certificate issuing authority which has issued the public certificate of which the certificate validation has been requested, and which is the end of the path, 5) if the checked path is registered in the database as the valid path in function 4, validating a signature of the public key certificate of which the certificate validation is requested, by using the public key certificate issued to the end entity certificate issuing authority being the end of the checked path, and if validation of the signature is successful, judging that the public key certificate of which the certificate validation has been requested is valid and outputting a result of the judgment; 6) if the checked path is not registered in the database as the valid path in function 4, searching a path that includes a partial path from the start certificate authority being the trust anchor to the end entity certificate issuing authority which has issued the public key certificate of which certificate validation is requested and which is the end of the path, and that extends from the start certificate authority being the trust anchor to the end entity which is an issue destination of the public key certificate of which certificate validation is requested; 7) in the searching function in function 6, if the path extending from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested is detected, validating the path that includes the partial path and extends from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested; 8) judging the validity of the public key certificate of which certificate validation is requested based on the validation result in function 7 and outputting a result of the judgment; and 9) registering the partial path included in the path validated in function 7 into the database as a valid path. - View Dependent Claims (16, 17, 18, 19, 20, 21, 23, 24)
-
-
22. A method for validating a public key certificate by a computer in a public key infrastructure composed of a plurality of certificate authorities including an end entity certificate issuing authority, wherein:
-
the end entity certificate issuing authority issues to an end entity a public key certificate used for validating a signature generated by an end entity apparatus operated by the end entity, the method comprises; a path registration step of registering in a database a valid path extending from a certificate authority being a start certificate authority to any end entity certificate issuing authority, and a certificate validation step of receiving a certificate validation request for a public key certificate issued by any end entity certificate issuing authority, judging the validity of the public key certificate of which the certificate validation has been requested using information registered in the database, and outputting a result of the judgment, the path registration step and the certificate validation step are executed by the computer independently of one another, and the certificate validation step comprises the following steps executed by the computer; 1) checking whether there is registered in the database a path specified by the request for certificate validation, the path extending from the start certificate authority being the trust anchor of an originator of the request for certificate validation to the end entity certificate issuing authority which has issued the public certificate of which the certificate validation has been requested, and which is the end of the path, 2) if the checked path is registered in the database as the valid path in step 1, validating a signature of the public key certificate of which the certificate validation is requested, by using the public key certificate issued to the end entity certificate issuing authority being the end of the checked path, and if validation of the signature is successful, judging that the public key certificate of which the certificate validation has been requested is valid and outputting a result of the judgment; 3) if the checked path is not registered in the database as the valid path in step 1, searching a path that includes a partial path from the start certificate authority being the trust anchor to the end entity certificate issuing authority which has issued the public key certificate of which certificate validation is requested and which is the end of the path, and that extends from the start certificate authority being the trust anchor to the end entity which is an issue destination of the public key certificate of which certificate validation is requested; 4) in the searching step in step 3, if the path extending from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested is detected, validating the path that includes the partial path and extends from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested; 5) judging the validity of the public key certificate of which certificate validation is requested based on the validation result in step 4 and outputting a result of the judgment; and 6) registering the partial path included in the path validated in step 4 into the database as a valid path.
-
Specification