System and method for distributed group management
First Claim
1. A system of distributed group management for indirectly authenticating membership of a user in a group in order to manage security for a client on a client side and a server for executing a remote processing request from the client side under a predetermined authorization assigned for every group, provided with;
- a group certificate issuing apparatus for issuing a group certificate on the client side based on original group information including the name of the group to which the related user belongs when there is said remote processing request; and
a group certificate verification unit for verifying a legitimacy of said group certificate transmitted from the client side in said server, whereinsaid group certificate issuing apparatus adds an issuance side processed value obtained by encrypting the information of the original group information by a cryptographic function to the original group information and defines this as the group certificate,said group certificate verification unit processes part of the information included in the received group certificate by an identical cryptographic function to obtain a verification side processed value and performs said authentication by confirming that said issuance side processed value and said verification side processed value coincide,said group certificate issuing apparatus includes first secret information assigned to said groups in said original group information and performs the processing by said cryptographic function, said first secret information being held only by said group certificate issuing apparatus,said group certificate verification unit includes second secret information assigned to the groups in part of information included in said received group certificate and performs the processing by said cryptographic function, said second secret information being held only by said group certificate verification unit,said first secret information and said second secret information are identical secret information for identical groups, andsaid cryptographic function is a hash function.
1 Assignment
0 Petitions
Accused Products
Abstract
A system of distributed group management for generating authentication information relating to a group to which users belong at a high speed on a client side and, at the same time, wherein a server side can verify this at a high speed. This system provides a group certificate issuing apparatus for issuing a group certificate on a client side based on original group information including the name of the group to which the users belong and a group certificate verification unit for verifying a legitimacy of the certificate transmitted from the client side in a server. Here, the group certificate issuing apparatus adds an issuance side processed value obtained by processing the information of the original group information by a cryptographic function to this original group information to obtain a group certificate, and the group certificate verification unit processes part of information included in the received certificate by an identical cryptographic function to obtain a verification side processed value and performs an authentication by confirming that the issuance side processed value and the verification side processed value coincide.
81 Citations
24 Claims
-
1. A system of distributed group management for indirectly authenticating membership of a user in a group in order to manage security for a client on a client side and a server for executing a remote processing request from the client side under a predetermined authorization assigned for every group, provided with;
-
a group certificate issuing apparatus for issuing a group certificate on the client side based on original group information including the name of the group to which the related user belongs when there is said remote processing request; and a group certificate verification unit for verifying a legitimacy of said group certificate transmitted from the client side in said server, wherein said group certificate issuing apparatus adds an issuance side processed value obtained by encrypting the information of the original group information by a cryptographic function to the original group information and defines this as the group certificate, said group certificate verification unit processes part of the information included in the received group certificate by an identical cryptographic function to obtain a verification side processed value and performs said authentication by confirming that said issuance side processed value and said verification side processed value coincide, said group certificate issuing apparatus includes first secret information assigned to said groups in said original group information and performs the processing by said cryptographic function, said first secret information being held only by said group certificate issuing apparatus, said group certificate verification unit includes second secret information assigned to the groups in part of information included in said received group certificate and performs the processing by said cryptographic function, said second secret information being held only by said group certificate verification unit, said first secret information and said second secret information are identical secret information for identical groups, and said cryptographic function is a hash function.
-
-
2. A method of distributed group management for indirectly authenticating membership of a user in a group in order to manage security for a client on a client side and a server for executing the remote processing request from the client side under a predetermined authorization assigned for every group, comprising the step of:
-
processing information of original group information including the name of the group to which the related user belongs by a cryptographic function when there is said remote processing request on the client side and issuing a group certificate obtained by adding an issuance side processed value obtained by encrypting the information of the original group information by the cryptographic function to the original group information, and including first secret information assigned to said groups in said original group information and performing the processing by said cryptographic function, said first secret information being held only by a group certificate issuing apparatus, processing the information of the received group certificate by an identical cryptographic function to obtain a verification side processed value on a server side, and including second secret information assigned to the groups in part of information included in said received group certificates and performing the processing by said cryptographic function, said second secret information being held only by a group certificate verification unit, said first secret information and said second secret information being identical secret information for identical groups, and comparing said verification side processed value and received issuance side processed value on the server side and confirming that they coincide, thereby to perform said authentication, and verify the legitimacy of said group certificate transmitted from the client side in said server, wherein said cryptographic function is a hash function.
-
-
3. A group certificate issuing apparatus comprising part of a system of distributed group management for indirectly authenticating membership of a user to a group in order to manage security with respect to a client on a client side and a server including a group certificate verification unit for executing a remote processing request from The client side under a predetermined authorization assigned for every group, provided with:
-
an issuance side processor for issuing original group information including the name of the group with the related user membership thereto when there is said remote processing request and, at the same time, adding an issuance side processed value obtained by encrypting the information of the original group information by a cryptographic function to the original group information to obtain a group certificate, said group certificate issuing apparatus including first secret information assigned to said groups in said Original group information and performing the processing by said cryptographic function, said first secret information being held only by said group certificate issuing apparatus, and said first secret information and second secret information held by said group certificate verification unit to be communicated with said group certificate issuing apparatus are identical secret information for identical groups, wherein said cryptographic function is a hash function, and said issuance side processor is provided with a hash facility for performing the processing of the hash function. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A group certificate verification unit comprising a system of distributed group management for indirectly authenticating the membership of a user to a group in order to manage security of a client on a client side and a server for executing a remote processing request from the client side under a predetermined authorization assigned for every group, including:
-
a verification side processor for processing information included in a group certificate issued by a group certificate issuing apparatus and received from the client side by a cryptographic function to generate a verification side processed value on the server side and performing said authentication by confirming that an issuance side processed value included in the received group certificate and said verification side processed value coincide, said group certificate verification unit including second secret information assigned to the groups in part of information included in said received group certificate and performing the processing by said cryptographic function, said second secret information being held only by said group certificate verification unit, and first secret information held by said group certificate issuing apparatus to be communicated with said group certificate verification unit and said second secret information are identical secret information for identical groups, wherein said cryptographic function is a hash function and said verification side processor is provided with the hash facility for performing the processing of the hash function. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification