Communication apparatus, digital signature issuance method and apparatus, and digital signature transmission method

US 8,392,716 B2
Filed: 01/21/2005
Issued: 03/05/2013
Est. Priority Date: 01/21/2004
Status: Active Grant

First Claim

Patent Images

1. A digital signature issuance method for issuing, in a digital signature issuance apparatus, a digital signature to a second apparatus which communicates with a first apparatus, comprising the steps of:

receiving a parameter from the first apparatus;

computing data, based on the parameter received from the first apparatus, for use by the second apparatus to share secret data for encryption with the first apparatus;

issuing a result of the computation to the second apparatus;

receiving, from the second apparatus, data which is calculated by the second apparatus based on the shared secret data;

generating a digital signature, using a private key, for both an address of the second apparatus and the data which is calculated by the second apparatus based on the shared secret data, wherein the digital signature is generated using the private key so as to be usable by the first apparatus for authentication based on the shared secret data and the address of the second apparatus used to share the secret data; and

issuing to the second apparatus, the digital signature generated in the generating step and a public key certificate, wherein the public key certificate includes an address of the digital signature issuance apparatus, a public-key corresponding to the private key used for generating the digital signature, and information defining that the digital signature issuance apparatus generates a digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An initiator shares y_ir with a responder, calculates HASH_I on the basis of y_ir, and sends HASH_I to an IKE proxy server. The initiator receives a digital signature SIG_S generated for HASH_I and the address of the initiator from the IKE proxy server and sends the digital signature SIG_S to the responder.

22 Citations

View as Search Results

14 Claims

1. A digital signature issuance method for issuing, in a digital signature issuance apparatus, a digital signature to a second apparatus which communicates with a first apparatus, comprising the steps of:
- receiving a parameter from the first apparatus;
  
  computing data, based on the parameter received from the first apparatus, for use by the second apparatus to share secret data for encryption with the first apparatus;
  
  issuing a result of the computation to the second apparatus;
  
  receiving, from the second apparatus, data which is calculated by the second apparatus based on the shared secret data;
  
  generating a digital signature, using a private key, for both an address of the second apparatus and the data which is calculated by the second apparatus based on the shared secret data, wherein the digital signature is generated using the private key so as to be usable by the first apparatus for authentication based on the shared secret data and the address of the second apparatus used to share the secret data; and
  
  issuing to the second apparatus, the digital signature generated in the generating step and a public key certificate, wherein the public key certificate includes an address of the digital signature issuance apparatus, a public-key corresponding to the private key used for generating the digital signature, and information defining that the digital signature issuance apparatus generates a digital signature.
- View Dependent Claims (2, 3, 4, 12)
- - 2. The method according to claim 1, whereinin the computing step, while monitoring an IP address used by the second apparatus executing IKE (Internet Key Exchange), computation of a Diffie-Hellman public-key distribution scheme in IKE is executed in response to a request from the second apparatus to derive the secret data.
  - 3. The method according to claim 1, whereinin the generating step, a digital signature is generated using a hash value generated by the second apparatus and the address used by the second apparatus.
  - 4. The method according to claim 1, whereinthe method is executed on a default gateway of the second apparatus.
  - 12. The digital signature issuance method according to claim 1, wherein the digital signature generated in the generating step and the public key certificate are issued to the second apparatus in the issuing step, and wherein the public key certificate includes an IP address of the digital signature issuance apparatus, the public-key, and the information.

5. A non-transitory computer-readable storage medium storing a digital signature issuance program for causing a digital signature issuance apparatus to issue a digital signature to a second apparatus which communicates with a first apparatus, the program comprising code for performing the steps of:
- receiving a parameter from the first apparatus;
  
  computing data, based on the parameter received from the first apparatus, for use by the second apparatus to share secret data for encryption with the first apparatus;
  
  issuing a result of the computation to the second apparatus;
  
  receiving, from the second apparatus, data which is calculated by the second apparatus based on the shared secret datagenerating a digital signature, using a private key, for both an address of the second apparatus and the data which is calculated by the second apparatus based on the shared secret data, wherein the digital signature is generated using the private key so as to be usable by the first apparatus to perform authentication based on the shared secret data and the address of the second apparatus used to share the secret data; and
  
  issuing, to the second apparatus, the digital signature generated in the generating step and a public key certificate, wherein the public key certificate includes an address of the digital signature issuance apparatus, a public-key used for generating the digital signature, corresponding to the private key, and information defining that the digital signature issuance apparatus generates a digital signature.
- View Dependent Claims (6, 7, 13)
- - 6. The non-transitory computer-readable storage medium storing a digital signature issuance program according to claim 5, whereinin the computing step, while monitoring an IP address used by the second apparatus executing IKE (Internet Key Exchange), computation of a Diffie-Hellman public-key distribution scheme in IKE is executed in response to a request from the second apparatus to derive the secret data.
  - 7. The non-transitory computer-readable storage medium storing a digital signature issuance program according to claim 5, whereinin the generating step, the digital signature is generated using a hash value generated by the second apparatus and the address of the second apparatus.
  - 13. The non-transitory computer-readable storage medium storing a digital signature issuance program according to claim 5, wherein the digital signature generated in the generating step and the public key certificate are issued to the second apparatus in the issuing step, and wherein the public key certificate includes an IP address of the digital signature issuance apparatus, the public-key, and the information.

8. A digital signature issuance apparatus for issuing a digital signature to a second apparatus which communicates with a first apparatus, comprising:
- a receiving unit configured to receive a parameter from the first apparatus;
  
  a computing unit configured to compute data, based on the parameter received from the first apparatus, for use by the second apparatus to share secret data for encryption with the first apparatus;
  
  an issuing unit configured to issue a result of the computation to the second apparatus;
  
  a receiving unit configured to receiving, from the second apparatus, data which is calculated by the second apparatus based on the shared secret data anda generating unit configured to generate a digital signature, using a private key, for both an address of the second apparatus and the data which is calculated by the second apparatus based on the shared secret data, wherein the digital signature is generated using the private key so as to be usable by the first apparatus to perform authentication based on the shared secret data and the address of the second apparatus used to share the secret data,wherein the issuing unit issues, to the second apparatus, the digital signature generated by the generating unit and a public key certificate, the public key certificate including an address of the digital signature issuance apparatus, a public-key corresponding to the private key used for generating the digital signature, and information defining that the digital signature issuance apparatus generates a digital signature, andwherein said digital signature issuance apparatus comprises a processor configured to function as the computing unit, the generating unit, and the issuing unit.
- View Dependent Claims (9, 10, 11, 14)
- - 9. The apparatus according to claim 8, whereinsaid executing unit executes computation of a Diffie-Hellman public-key distribution scheme in IKE (Internet Key Exchange) in response to the request from the second apparatus to derive the secret data, while monitoring an IP address used by the second apparatus executing IKE.
  - 10. The apparatus according to claim 8, whereinsaid generating unit generates a digital signature using a hash value generated by the second apparatus and the address used by the second apparatus.
  - 11. The apparatus according to claim 8, wherein the digital signature issuance apparatus is a default gateway of the second apparatus.
  - 14. The digital signature issuance apparatus according to claim 8, wherein the issuing unit issues, to the second apparatus, the digital signature generated by the generating unit and the public-key certificate, wherein the public key certificate includes an IP address of the digital signature issuance apparatus, the public-key, and the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Oishi, Kazuomi
Primary Examiner(s)
Brown, Christopher J
Assistant Examiner(s)
Le, Canh

Application Number

US11/038,176
Publication Number

US 20050160273A1
Time in Patent Office

2,965 Days
Field of Search

713175-176, 713180-181, 713/153, 713155-157, 713/162, 713/171, 713/173, 713/150, 713168-170, 380/255, 380/259, 380/30, 380/285, 380/277, 380/278, 709227-229
US Class Current

713/180
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Communication apparatus, digital signature issuance method and apparatus, and digital signature transmission method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Communication apparatus, digital signature issuance method and apparatus, and digital signature transmission method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links