PROXY SYSTEM FOR SECURITY PROCESSING WITHOUT ENTRUSTING CERTIFIED SECRET INFORMATION TO A PROXY
First Claim
1. A security processing proxy system, wherein a proxy server which acts for a first communication unit to conduct security processing with a second communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme,said first communication unit holding a public key of said first communication unit certified by a certification authority on a public key infrastructure (PKI) as well as a secret key of said first communication unit or its own secret information as a public key certificate of said first communication unit,said first communication unit comprising:
- a delegation information generator using the secret information of said first communication unit to generate delegation information required for the security processing; and
a delegation information notifier supplying the delegation information to said proxy server,said proxy server comprising;
a delegation information acquirer acquiring the delegation information from said first communication unit; and
a security processing proxy transmitting the delegation information to said second communication unit to perform the security processing with said second communication unit,said second communication unit comprising;
a receiver receiving the delegation information from said proxy server; and
a security processor using a certification authority public key held for verifying the public key certificate as being issued by the certification authority on the PKI to certify that the delegation information is generated by said first communication unit to thereby carryout the security processing with said proxy server.
1 Assignment
0 Petitions
Accused Products
Abstract
First communication units use a public key thereof certified by a certification authority on a PKI (Public Key Infrastructure), which is held by the first communication units in advance, and a secret key of the first communication units or delegation information generated by using secret information, as public key certificate, of the first communication units to thereby allow a proxy server to perform security processing, i.e. key exchange processing, authentication processing or processing for providing compatibility of encryption schemes, between the first communication units and a second communication unit on behalf of the first communication units.
-
Citations
23 Claims
-
1. A security processing proxy system, wherein a proxy server which acts for a first communication unit to conduct security processing with a second communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme,
said first communication unit holding a public key of said first communication unit certified by a certification authority on a public key infrastructure (PKI) as well as a secret key of said first communication unit or its own secret information as a public key certificate of said first communication unit, said first communication unit comprising: -
a delegation information generator using the secret information of said first communication unit to generate delegation information required for the security processing; and a delegation information notifier supplying the delegation information to said proxy server, said proxy server comprising; a delegation information acquirer acquiring the delegation information from said first communication unit; and a security processing proxy transmitting the delegation information to said second communication unit to perform the security processing with said second communication unit, said second communication unit comprising; a receiver receiving the delegation information from said proxy server; and a security processor using a certification authority public key held for verifying the public key certificate as being issued by the certification authority on the PKI to certify that the delegation information is generated by said first communication unit to thereby carryout the security processing with said proxy server. - View Dependent Claims (2, 3)
-
-
4. A security processing proxy system, wherein a proxy server which acts for a first communication unit to conduct security processing with a second communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of encryption schemes,
said first communication unit holding a public key of said first communication unit certified by a certification authority on a public key infrastructure (PKI), a secret key of said first communication unit and a public key certificate of said first communication unit as well as a certification authority public key for verifying the public key certificate as being issued by the certificate authority on the PKI, said first communication unit comprising: -
a receiver receiving from said proxy server the public key certificate of said proxy server certified by the certification authority on the PKI; a delegation information generator using the certification authority public key to verify the public key certificate of said proxy server to thereby acquiring the public key of said proxy server, said delegation information generator producing an entrust public key certificate for certifying that the public key of said proxy server is signed by the secret key of said first communication unit, said delegation information generator using the entrust public key certificate and the public key certificate of said first communication unit to generate delegation information necessary for the security processing; and a delegation information notifier sending the delegation information to said proxy server, said proxy server comprising; a delegation information acquirer acquiring the delegation information from said first communication unit; and a security processing proxy transmitting the delegation information to said second communication unit to perform the security processing with said second communication unit, said second communication unit comprising; a receiver receiving the delegation information from said proxy server; and a security processor using the certification authority public key acquired beforehand for verifying the public key certificate as being issued by the certification authority on the PKI to certify that the delegation information is generated by said first communication unit to thereby carry out the security processing with said proxy server. - View Dependent Claims (5, 6)
-
-
7. A communication unit which permits a proxy server to act for said communication unit to conduct security processing with another communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, wherein
said communication unit holding a public key of said communication unit certified by a certification authority on a public key infrastructure (PKI) as well as a secret key of said communication unit or its own secret information as a public key certificate of said communication unit, said communication unit comprising: -
a delegation information generator using the secret information of said communication unit to generate delegation information required for the security processing; and a delegation information notifier supplying the delegation information to said proxy server. - View Dependent Claims (8)
-
-
9. A communication unit which permits a proxy server to act for said communication unit to conduct security processing with another communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, wherein
said communication unit holding a public key of said communication unit certified by a certification authority on a public key infrastructure (PKI), a secret key of said communication unit and a public key certificate of said communication unit as well as a certification authority public key to be used for certifying the public key certificate as being issued by the certificate authority on the PKI, said communication unit comprising: -
a receiver receiving from said proxy server the public key certificate of said proxy server certified by the certification authority on the PKI; a delegation information generator using the certification authority public key to verify the public key certificate of the proxy server to thereby acquire the public key of the proxy server, said delegation information generator producing an entrust public key certificate for certifying that the public key of said proxy server is signed by the secret key of said communication unit, said delegation information generator using the entrust public key certificate and the public key certificate of said communication unit to generate delegation information necessary for the security processing; and a delegation information notifier sending the delegation information to said proxy server. - View Dependent Claims (10)
-
-
11. A proxy server for performing proxy of security processing on an encrypted communication between a first communication unit and another communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, said proxy server comprising:
-
a delegation information acquirer acquiring from the first communication unit delegation information necessary for performing the security processing; and a security processing proxy transmitting the delegation information to the other communication unit to conduct the security processing with the other communication unit. - View Dependent Claims (12)
-
-
13. A communication unit for performing security processing with a proxy server, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, said communication unit comprising:
-
a receiver receiving delegation information from the proxy server; and a security processor using a certification authority public key held for verifying a public key certificate as being issued by a certification authority on a public key infrastructure (PKI) to verify that the delegation information is produced by another communication unit to thereby carry out the security processing with the proxy server. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer-readable medium on which is stored a communication program for having a computer operate as a communication unit which allows a proxy server to perform proxy of security processing with another communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, wherein
the computer is arranged to hold a public key of said communication unit certified by a certification authority on a public key infrastructure (PKI) as well as a secret key of said communication unit or secret information as a public key certificate of said communication unit, said program controlling the computer to function as using the secret information of said communication unit to generate delegation information required for the security processing, and supplying the delegation information to the proxy server.
-
18. A non-transitory computer-readable medium on which is stored a program for having a computer operate as a communication unit which allows a proxy server to perform proxy of security processing with another communication unit, the security processing including key exchange processing, authentication processing or processing for providing compatibility of an encryption scheme, wherein
a computer is arranged to hold a public key of said communication unit certified by a certification authority on a public key infrastructure (PKI), a secret key of said communication unit and a public key certificate of said communication unit as well as a certification authority public key to be used for certifying the public key certificate as being issued by the certificate authority on the PKI, said program controlling the computer to function as: -
receiving from the proxy server the public key certificate of the proxy server certified by the certification authority on the PKI; using the certification authority public key to verify the public key certificate of the proxy server to thereby acquire the public key of the proxy server; producing an entrust public key certificate for certifying that the public key of the proxy server is signed by the secret key of said communication unit; using the entrust public key certificate and the public key certificate of said communication unit to generate delegation information necessary for the security processing; and sending the delegation information to the proxy server.
-
-
19. A non-transitory computer-readable medium on which is stored a program for having a computer operate as a proxy server performing a proxy operation of security processing to be conducted between a first communication unit and another communication unit in an encrypted communication, the security processing including key exchange processing, authentication processing or processing for providing compatibility of encryption scheme, wherein
said program controls the computer to function as acquiring delegation information required for the security processing from the first communication unit and transmitting the delegation information to the other communication unit to thereby perform the security processing with the other communication unit.
-
21. A non-transitory computer-readable medium on which is stored a program for having a computer operate as a communication unit for conducting security processing with a proxy server, the security processing including key exchange processing, authentication processing or processing for providing compatibility of encryption scheme, wherein
said program controls the computer to function as acquiring delegation information from the proxy server, using a certification authority public key held for verifying a public key certificate as being issued by a certification authority on a public key infrastructure (PKI) to certify that the delegation information is generated by another communication unit to thereby carryout the security processing with the proxy server.
Specification