COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, CERTIFICATE TRANSMISSION METHOD, ANOMALY DETECTION METHOD AND A PROGRAM THEREFOR

US 20100132025A1
Filed: 01/26/2010
Published: 05/27/2010
Est. Priority Date: 07/25/2003
Status: Active Grant

First Claim

Patent Images

1. A communication apparatus that authenticates a communication partner, the communication apparatus comprising:

an authentication part configured to authenticate said communication partner by using a common certificate, said common certificate being a digital certificate that excludes identification information of an apparatus;

an individualized certificate transmission part configured to acquire, in the case said authentication by said authentication part has been made successfully, an individualized certificate, and transmit said individualized certificate to said communication partner, said individualized certificate being a digital certificate including identification information of said communication partner; and

said communication apparatus carrying out, when communicating with said communication partner, authentication of said communication partner by said authentication part by using said individualized certificate as an initial digital certificate,wherein said authentication part is further configured to carry out an authentication by using said common certificate when said authentication of said communication partner using said individualized certificate has failed.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication apparatus has a communication part and authenticates a communication partner by using a digital certificate. The communication apparatus includes an authentication part carrying out authentication of the communication partner by using a common certificate. The common certificate is a digital certificate not including identification information of an apparatus. An individualized certificate transmission part acquires, in the case the authentication by the authentication part has been made successfully, an individualized certificate and transmits the individualized certificate to the communication partner. The individualized certificate is a digital certificate including identification information of the communication partner.

48 Citations

View as Search Results

24 Claims

1. A communication apparatus that authenticates a communication partner, the communication apparatus comprising:
- an authentication part configured to authenticate said communication partner by using a common certificate, said common certificate being a digital certificate that excludes identification information of an apparatus;
  
  an individualized certificate transmission part configured to acquire, in the case said authentication by said authentication part has been made successfully, an individualized certificate, and transmit said individualized certificate to said communication partner, said individualized certificate being a digital certificate including identification information of said communication partner; and
  
  said communication apparatus carrying out, when communicating with said communication partner, authentication of said communication partner by said authentication part by using said individualized certificate as an initial digital certificate,wherein said authentication part is further configured to carry out an authentication by using said common certificate when said authentication of said communication partner using said individualized certificate has failed.
- View Dependent Claims (2, 3)
- - 2. The communication apparatus as claimed in claim 1, wherein said authentication is carried out according to an SSL protocol or a TLS protocol, said individualized certificate including a public key certificate of an apparatus identified by said identification information.
  - 3. The communication apparatus as claimed in claim 1, wherein said authentication part is further configured to determine that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the communication partner, and determine that a cause of the authentication failure excludes a failure in a process of communicating with said communication partner or a failure in authentication processing, the communication apparatus further comprising:
    - a certificate request unit including a memory and configured to transmit a request for issue of said individualized certificate, and transmit at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said communication partner based on the determination of the authentication part.

4. A communication apparatus configured to communicate with a communication partner apparatus, said communication partner apparatus comprising:
- an authentication part configured to authenticate said communication apparatus as a communication partner by using a common certificate, said common certificate being a digital certificate that excludes identification information of an apparatus;
  
  an individualized certificate transmission part configured to acquire, in the case said authentication by said authentication part has been made successfully, an individualized certificate and transmit said individualized certificate to said communication apparatus, said individualized certificate being a digital certificate including identification information of said communication apparatus; and
  
  said communication partner apparatus carrying out, when communicating with said communication apparatus, authentication of said communication partner by said authentication part by using said individualized certificate as an initial digital certificate, said communication apparatus comprising;
  
  a certificate storage part configured to store said individualized certificate and said common certificate; and
  
  a reception part configured to receive said individualized certificate from said communication partner apparatus and store said received individualized information in said certificate storage part,wherein said authentication part is further configured to carry out an authentication by using said common certificate when the authentication of said communication partner using said individualized certificate has failed.
- View Dependent Claims (5, 6)
- - 5. The communication apparatus as claimed in claim 4, wherein said authentication is carried out according to an SSL protocol or a TLS protocol, and said individualized certificate includes a public key certificate of said communication apparatus as identified by said identification information.
  - 6. The communication apparatus as claimed in claim 4, wherein:
    - said communication partner apparatus is further configured to determine that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the communication apparatus, and determine that a cause of the authentication failure excludes a failure in a process of communicating with said communication apparatus or a failure in authentication processing,said communication partner apparatus further comprising a certificate request unit including a memory and configured to transmit a request for issue of said individualized certificate, and transmit at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said communication partner based on the determination of the authentication part; and
      
      said reception part is further configured to receive said individualized certificate including said at least one of the machine number, the IP address, and the MAC address as own identification information.

7. A communication system comprising:
- a superordinate apparatus and a subordinate apparatus,said superordinate apparatus includingan authentication part configured to authenticate said subordinate apparatus by using a common certificate, which is a digital certificate excluding identification information of said subordinate apparatus, andan individualized certificate transmission part configured to acquire an individualized certificate of said subordinate apparatus when said authentication by said authentication part is carried out successfully and transmit said new individualized certificate to said subordinate apparatus, said individualized certificate being a digital certificate including identification information of said subordinate apparatus, andsaid superordinate apparatus carrying out, when communicating with said subordinate apparatus, authentication of said subordinate apparatus by said authentication part by using said individualized certificate as an initial digital certificate,wherein said authentication part carries out said authentication by using said common certificate when said authentication of said subordinate apparatus using said individualized certificate has failed.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The communication system as claimed in claim 7, wherein said common certificate is used exclusively when storing the individualized certificate acquired by said individualized certificate transmission part to said subordinate apparatus.
  - 9. The communication system as claimed in claim 7, wherein said subordinate apparatus is provided in plural numbers, and wherein said common certificate is stored commonly to said certificate storage part of all of said plural subordinate apparatuses.
  - 10. The communication system as claimed in claim 7, wherein said authentication is carried out by an authentication processing according to an SSL protocol or a TLS protocol, and wherein said individualized certificate includes a public key certificate of said subordinate apparatus.
  - 11. The communication system as claimed in claim 7, wherein:
    - said subordinate apparatus includes a certificate storage part configured to store the individualized certificate and the common certificate;
      
      said authentication part is further configured to determine that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the subordinate apparatus, and determine that a cause of the authentication failure excludes a failure in a process of communicating with said subordinate apparatus or a failure in authentication processing; and
      
      said superordinate apparatus further comprises a certificate request unit configured to transmit a request for issue of said individualized certificate, and transmit at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said subordinate apparatus based on the determination of the authentication part.

12. A certificate transmission method used for authentication in a communication apparatus, said communication apparatus authenticating a communication partner at the time of communication, said certificate transmission method comprising:
- authenticating said communication partner by using a common certificate, which is a digital certificate that excludes identification information of an apparatus;
  
  acquiring, when said authenticating has been made successfully, an individualized certificate, which is a digital certificate including identification information of said communication partner;
  
  transmitting said individualized certificate to said communication partner;
  
  carrying out authentication of said communication partner, when communicating with said communication partner, by using said individualized certificate as an initial digital certificate; and
  
  carrying out authentication of said communication partner by using said common certificate in the case said authentication by using said individualized certificate has failed.
- View Dependent Claims (13, 14)
- - 13. The certificate transmission method as claimed in claim 12, wherein said authentication is carried out by an authentication processing according to an SSL protocol or a TLS protocol, and said individualized certificate includes a public key certificate of a communication apparatus indicated by said identification information.
  - 14. The certificate transmission method as claimed in claim 12, further comprising:
    - determining that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the communication partner;
      
      determining that a cause of the authentication failure excludes a failure in a process of communicating with said communication partner or a failure in authentication processing; and
      
      transmitting a request for issue of said individualized certificate and transmitting at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said communication partner.

15. A certificate transmission method in a communication system formed of a superordinate apparatus and a subordinate apparatus, said superordinate apparatus authenticating said subordinate apparatus at the time of communication, said method comprising:
- causing said superordinate apparatus to authenticate said subordinate apparatus by using a common certificate, which is a digital certificate that excludes identification information of an apparatus;
  
  acquiring an individualized certificate of said subordinate apparatus when authentication of said subordinate apparatus by said superordinate apparatus has been made successfully, said individualized certificate is a digital certificate that includes identification information of an apparatus;
  
  transmitting said individualized certificate to said subordinate apparatus; and
  
  carrying out authentication of said subordinate apparatus, when communicating with said subordinate apparatus, by using said individualized certificate as an initial digital certificate,wherein said superordinate apparatus carries out said authentication using said common certificate in the event said authentication has failed.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The certificate transmission method as claimed in claim 15, wherein said common certificate is a certificate used exclusively when storing said individualized certificate in said subordinate apparatus.
  - 17. The certificate transmission method as claimed in claim 15, wherein said subordinate apparatus is provided in plural numbers, and wherein said common certificate is stored commonly in a certificate memory part of all of said plural subordinate apparatuses.
  - 18. The certificate transmission method as claimed in claim 15, wherein said authentication is carried out by an authentication processing according to an SSL protocol or a TLS protocol, and wherein said individualized certificate includes a public key certificate of said subordinate apparatus.
  - 19. The certificate transmission method as claimed in claim 15, further comprising:
    - storing, in said subordinate apparatus, said individualized certificate and said common certificate;
      
      determining that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the subordinate apparatus;
      
      determining that a cause of the authentication failure excludes a failure in a process of communicating with said subordinate apparatus or a failure in authentication processing; and
      
      transmitting a request for issue of said individualized certificate and transmitting at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said subordinate apparatus.

20. A recording medium storing a program code that when executed by a computer causes the computer to perform steps to function as a communication apparatus authenticating a communication partner at the time of communication, the steps comprising:
- authenticating said communication partner by using a common certificate, which is a digital certificate that excludes identification information of an apparatus;
  
  acquiring, in the case authentication by said authenticating has been made successfully, an individualized certificate, which is a digital certificate including identification information of said communication partner, and transmitting said individualized certificate to said communication partner;
  
  carrying out authentication of said communication partner, when communicating with said communication partner, by using said individualized certificate as an initial digital certificate; and
  
  carrying out authentication by using said common certificate, in the case authentication by using said individualized certificate has failed.
- View Dependent Claims (21)
- - 21. The recording medium as claimed in claim 20, further comprising:
    - determining that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the communication partner;
      
      determining that a cause of the authentication failure excludes a failure in a process of communicating with said communication partner or a failure in authentication processing; and
      
      transmitting a request for issue of said individualized certificate and transmitting at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said communication partner.

22. A recording medium storing program code that when executed by a computer causes the computer to function as a communication apparatus communicating with a communication partner apparatus, said communication partner apparatus comprising:
- an authentication part configured to authenticate said communication apparatus as a communication partner by using a common certificate, said common certificate being a digital certificate that excludes identification information of an apparatus;
  
  an individualized certificate transmission part configured to acquire, in the case said authentication by said authentication part has been made successfully, an individualized certificate and transmit said individualized certificate to said communication apparatus, said individualized certificate being a digital certificate including identification information of said communication apparatus; and
  
  said communication partner apparatus carrying out, when communicating with said communication apparatus, authentication of said communication partner by said authentication part by using said individualized certificate as an initial digital certificate, said program code in said recording medium causing said computer to perform steps comprising;
  
  storing said individualized certificate and said common certificate; and
  
  receiving said individualized certificate from said communication partner apparatus,wherein said authentication part is further configured to carry out authentication by using said common certificate when authentication of said communication partner using said individualized certificate has failed.
- View Dependent Claims (23, 24)
- - 23. The medium as claimed in claim 22, wherein said authentication is carried out by an authentication processing according to an SSL protocol or a TLS protocol, and wherein said individualized certificate includes a public key certificate of said apparatus indicated by said identification information.
  - 24. The medium as claimed in claim 22, wherein the authentication part is further configured to determine that a cause of an authentication failure includes an anomaly in a digital certificate or a failure to store a digital certificate in the communication apparatus, and determine that a cause of the authentication failure excludes a failure in a process of communicating with said communication apparatus or a failure in authentication processing, and the communication partner apparatus further comprises a certificate request unit configured to transmit a request for issue of said individualized certificate, and transmit at least one of a machine number, an Internet Protocol (IP) address, and a Media Access Control (MAC) address of said communication apparatus based on the determination of the authentication part, and the medium further stores program code that when executed by the computer causes the computer to further perform a step comprising:
    - receiving said individualized certificate including the at least one of the machine number, the IP address, and the MAC address as said identification information of own communication apparatus from said communication partner apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tatsuya Imai
Original Assignee
Tatsuya Imai
Inventors
IMAI, Tatsuya

Granted Patent

US 8,578,466 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/166   at the transport layer

COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, CERTIFICATE TRANSMISSION METHOD, ANOMALY DETECTION METHOD AND A PROGRAM THEREFOR

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, CERTIFICATE TRANSMISSION METHOD, ANOMALY DETECTION METHOD AND A PROGRAM THEREFOR

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links