Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure
First Claim
1. A method of validating a certificate by a certificate validation server using certificate policies and certificate policy mapping in a public key infrastructure in which a certification authority server issues the certificate and a client uses the certificate as an identifier, comprising the steps of:
- a certificate validation server receiving, from the client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and the certificate validation server receiving a request for validation of the object certificate;
the certificate validation server creating a certification path, which is a certificate chain ranging from the certificate of the certification authority which the client trusts to the object certificate, in response to the request for validation;
the certificate validation server determining whether the validation of the object certificate is allowed or denied using a certificate policy table with respect to the created certification path and the certificate policy, wherein the certificate policy table is managed by the certificate validation server;
if the validation of the object certificate is allowed, the certificate validation server validating all certificates of the created certification path using a certificate policy mapping table, wherein the certificate policy mapping table is managed by the certificate validation server; and
if a validation result of the certification path is a success, the certificate validation server transmitting a success message to the client;
otherwise if the validation result of the certification path is a failure or if the validation of the object certificate is denied, the certificate validation server transmitting a failure message to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method of validating a certificate by a certificate validation server using certificate policy and certificate policy mapping in a public key infrastructure (PKI). If the certificate validation server receives, from a client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and receives a request for validation of the object certificate, the certificate validation server creates a certification path for the object certificate in response to the request. The certificate validation server validates the created certification path using a certificate policy mapping table if the validation of the object certificate is allowed, and then transmits a result message to the client according to the result of the validation of the certification path.
-
Citations
4 Claims
-
1. A method of validating a certificate by a certificate validation server using certificate policies and certificate policy mapping in a public key infrastructure in which a certification authority server issues the certificate and a client uses the certificate as an identifier, comprising the steps of:
-
a certificate validation server receiving, from the client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and the certificate validation server receiving a request for validation of the object certificate; the certificate validation server creating a certification path, which is a certificate chain ranging from the certificate of the certification authority which the client trusts to the object certificate, in response to the request for validation; the certificate validation server determining whether the validation of the object certificate is allowed or denied using a certificate policy table with respect to the created certification path and the certificate policy, wherein the certificate policy table is managed by the certificate validation server; if the validation of the object certificate is allowed, the certificate validation server validating all certificates of the created certification path using a certificate policy mapping table, wherein the certificate policy mapping table is managed by the certificate validation server; and if a validation result of the certification path is a success, the certificate validation server transmitting a success message to the client; otherwise if the validation result of the certification path is a failure or if the validation of the object certificate is denied, the certificate validation server transmitting a failure message to the client. - View Dependent Claims (2, 3)
-
-
4. A method of validating a certificate by a certificate validation server using certificate policies and certificate policy mapping in a public key infrastructure in which a certification authority server issues the certificate and a client uses the certificate as an identifier, comprising the steps of:
-
a certificate validation server receiving, from the client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and the certificate validation server receiving a request for validation of the object certificate; the certificate validation server creating a certification path, which is a certificate chain ranging from the certificate of the certification authority which the client trusts to the object certificate, in response to the request for validation; the certificate validation server determining whether the validation of the object certificate is allowed or denied using a certificate policy table with respect to the created certification path and the certificate policy, wherein the certificate policy table (i) is managed by the certificate validation server and (ii) is designed such that allowance policies and denial policies for certificate validation are separately managed; if the validation of the object certificate is allowed, the certificate validation server validating certificates of the created certification path using a certificate policy mapping table, wherein the certificate policy mapping table (i) is managed by the certificate validation server and (ii) is designed such that certificate policies of different domains are mapped to each other using the certificate policy mapping table in the public key infrastructure, thereby enabling certificates to be compatibly used between the different domains; and if a validation result of the certification path is a success, the certificate validation server transmitting a success message to the client; otherwise if the validation result of the certification path is a failure or if the validation of the object certificate is denied, the certificate validation server transmitting a failure message to the client.
-
Specification