Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
First Claim
1. A digital certificate management apparatus configured to communicate with nodes in a network, comprising:
- a selection unit configured to select a client node using a key to be updated, said key used for authentication;
a determination unit configured to determine that there is a server node in communication with the selected client node that uses the key to be updated;
an assigning unit configured to assign an order to the determined server node and the selected client node such thata key of the server node is updated before a key of the client node; and
a key updating unit configured to update the keys of the client node and the server node by transmitting a new key to the client node and the server node in accordance with said order.
0 Assignments
0 Petitions
Accused Products
Abstract
In a digital certificate management system, a client/server system is connected to a digital certificate management apparatus capable of communicating with clients and servers. Mutual authentication is performed between the clients and the servers by using digital certificates and communications are performed over a communication channel established based on mutual authentication. The digital certificate management apparatus includes a certification key update part updating a server certification key used for mutual authentication and stored in each of the clients that become communication parties of one of the servers. The certification key updating part includes a key obtaining part, a certificate obtaining part, and first and second transmission parts. The second transmission part performs an operation of transmitting the new server certificate to each of the servers after there are responses, indicating that the new server certification key is received, from all of the clients that become communication parties of the server.
50 Citations
3 Claims
-
1. A digital certificate management apparatus configured to communicate with nodes in a network, comprising:
-
a selection unit configured to select a client node using a key to be updated, said key used for authentication; a determination unit configured to determine that there is a server node in communication with the selected client node that uses the key to be updated; an assigning unit configured to assign an order to the determined server node and the selected client node such that a key of the server node is updated before a key of the client node; and a key updating unit configured to update the keys of the client node and the server node by transmitting a new key to the client node and the server node in accordance with said order.
-
-
2. A client and server system, comprising:
-
a plurality of nodes authenticating communication with each other using a key, each node functioning as either a client or a server in the communication; and a digital certificate management apparatus configured to communicate with the plurality nodes, including; a selection unit configured to select a client node for a key update; a determination unit configured to determine that there is a server node in communication with the client node that uses the key to be updated; an assigning unit configured to assign an order to the server node and the client node such that a key of the server node is to be updated before a key of the client node; and a key updating unit configured to update the keys of the client node and the server node by transmitting a new key to the client node and the server node in accordance with said order.
-
-
3. A computer readable storage medium containing a computer program for a digital certificate management apparatus that is configured to communicate with nodes in a network, wherein the computer program, when executed by the apparatus, causes the digital certificate management apparatus to perform a method comprising the steps of:
-
selecting a client node using a key to be updated for the authenticating; determining that there is a server node in communication with the client node that uses the key to be updated; assigning an order to the server node such that a key of the server node is updated before the client node; and updating the keys of the client node and the server node by transmitting a new key to the client node and the server node in accordance with said order.
-
Specification