Method, product and apparatus for accelerating public-key certificate validation

US 8,516,245 B2
Filed: 06/19/2009
Issued: 08/20/2013
Est. Priority Date: 10/10/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating validity of a public key certificate in compliance with a request, performed by a validation authority apparatus for certificates, said method comprising the steps of:

searching for paths and validating the paths searched for;

registering a searching and validating result in a path database; and

validity authentication, comprising the steps of;

receiving a request for authenticating validity of a public key certificate, from a terminal device;

in a case where any valid path corresponding to the validity authentication request is registered in the path database, validating a public key certificate in the request by using a valid path; and

in a case where no valid path corresponding to the validity authentication request is registered in the path database, searching a new path and validating the public key certificate in the request by using the searched path;

wherein;

at the registering step, information indicating whether paths are valid or invalid in accordance with results of searching for paths and validating the paths is registered in the path database, and at the validity authentication, in a case where a path corresponding to the validity authentication request is registered as the valid path or the invalid path in the path database, authentication of the validity of the public key certificate in the request is performed in accordance with the registered results;

the said method further comprising the steps of;

performing path validation in compliance with the validity authentication request, in a case where, at the validity authentication, a constraint item is described in a pertinent public key certificate or any public key certificate included in a pertinent path, although a path corresponding to the validity authentication request is registered as a valid path in the path database, and determining if the pertinent public key certificate and the pertinent path satisfy the constraint item; and

judging the pertinent path as a valid path if the constraint item is satisfied.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

17 Citations

8 Claims

1. A method for authenticating validity of a public key certificate in compliance with a request, performed by a validation authority apparatus for certificates, said method comprising the steps of:
- searching for paths and validating the paths searched for;
  
  registering a searching and validating result in a path database; and
  
  validity authentication, comprising the steps of;
  
  receiving a request for authenticating validity of a public key certificate, from a terminal device;
  
  in a case where any valid path corresponding to the validity authentication request is registered in the path database, validating a public key certificate in the request by using a valid path; and
  
  in a case where no valid path corresponding to the validity authentication request is registered in the path database, searching a new path and validating the public key certificate in the request by using the searched path;
  
  wherein;
  
  at the registering step, information indicating whether paths are valid or invalid in accordance with results of searching for paths and validating the paths is registered in the path database, and at the validity authentication, in a case where a path corresponding to the validity authentication request is registered as the valid path or the invalid path in the path database, authentication of the validity of the public key certificate in the request is performed in accordance with the registered results;
  
  the said method further comprising the steps of;
  
  performing path validation in compliance with the validity authentication request, in a case where, at the validity authentication, a constraint item is described in a pertinent public key certificate or any public key certificate included in a pertinent path, although a path corresponding to the validity authentication request is registered as a valid path in the path database, and determining if the pertinent public key certificate and the pertinent path satisfy the constraint item; and
  
  judging the pertinent path as a valid path if the constraint item is satisfied.
- View Dependent Claims (2, 3, 4)
- - 2. The method for authenticating validity of a public key certificate as defined in claim 1, further comprising the steps of:
    - performing path validation in compliance with the validity authentication request, in a case where, at the validity authentication step, a policy is described in the validity authentication request, a pertinent public key certificate, or any public key certificate included in a pertinent path, although a path corresponding to the validity authentication request is registered as the valid path in the path database, and determining if the pertinent public key certificate and the pertinent path satisfy the policy of an electronic procedure; and
      
      judging the pertinent path as a valid path in a case where the policy is satisfied.
  - 3. The method for authenticating validity of a public key certificate as defined in claim 1, wherein the registering step comprises the steps of:
    - searching for each path which extends from a trust anchor certificate authority to a certificate authority that issues an end entity certificate;
      
      acquiring and validating a certificate revocation list with respect to the end entity certificate issued by the certificate authority that issues the pertinent end entity certificate; and
      
      registering the certificate revocation list together with a validation result thereof.
  - 4. The method for authenticating validity of a public key certificate as defined in claim 3, wherein:
    - in a case where, at the validity authentication, a path corresponding to the validity authentication request is registered as a valid path in the path database, it is authenticated without validating the certificate revocation list that a pertinent public key certificate is not revoked.

5. A method for authenticating validity of a public key certificate performed by a computer to authenticate validity of the certificate, comprising the steps of:
- searching for paths and validating the paths searched for;
  
  registering a searching and validating result in a path database; and
  
  validity authentication, comprising the steps of;
  
  in a case where any valid path corresponding to a validity authentication request is registered in the path database, validating a public key certificate in the request by using a valid path; and
  
  in a case where no valid path corresponding to the validity authentication request is registered in the path database, searching a new path and validating a public key certificate in the request by using the searched path;
  
  wherein;
  
  at the registering step, information indicating valid paths and invalid paths in accordance with results of searching paths and validating the searched paths is registered in the path database, and at the validity authentication, in a case where a path corresponding to the validity authentication request is registered as the valid path or the invalid path in the path database, the validity authentication of the public key certificate in the request is performed in accordance with the registered results;
  
  the said method further comprising the steps of;
  
  performing path validation in compliance with the validity authentication request, in a case where, at the validity authentication, a constraint item is described in a pertinent public key certificate or any public key certificate included in a pertinent path, although a path corresponding to the validity authentication request is registered as a valid path in the path database, and determining if the pertinent public key certificate and the pertinent path satisfy the constraint item; and
  
  judging the pertinent path as a valid path if the constraint item is satisfied.
- View Dependent Claims (6, 7, 8)
- - 6. The method for authenticating validity of a public key certificate as defined in claim 5, further comprising the steps of:
    - performing path validation in compliance with the validity authentication request, in a case where, at the validity authentication step, a policy is described in the validity authentication request, a pertinent public key certificate or any public key certificate included in a pertinent path, although a path corresponding to the validity authentication request is registered as the valid path in the path database, and determining if the pertinent public key certificate and the pertinent path satisfy the policy of an electronic procedure; and
      
      judging the pertinent path as a valid path in a case where the policy is satisfied.
  - 7. The method for authenticating validity of a public key certificate as defined in claim 5, further comprising the steps of:
    - searching for each path which extends from a trust anchor certificate authority to a certificate authority that issues an end entity certificate;
      
      acquiring and validating a certificate revocation list with respect to the end entity certificate, and which is issued by the certificate authority that issues a pertinent end entity certificate; and
      
      registering the certificate revocation list together with a validation result thereof.
  - 8. The method for authenticating validity of a public key certificate as defined in claim 7, wherein in a case where, at the validity authentication, a path corresponding to the validity authentication request is registered as a valid path in the path database, it is authenticated without validating the certificate revocation list that a pertinent public key certificate is not revoked.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Kumagai, Yoko, Fujishiro, Takahiro, Kaji, Tadashi, Hane, Shingo, Shimonosono, Hitoshi
Primary Examiner(s)
Tabor, Amare F

Application Number

US12/488,051
Publication Number

US 20090259842A1
Time in Patent Office

1,523 Days
Field of Search

713/156, 713/158, 713/175
US Class Current

713/156
CPC Class Codes

H04L 9/007   involving hierarchical stru...

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

Method, product and apparatus for accelerating public-key certificate validation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Method, product and apparatus for accelerating public-key certificate validation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others