Certificate management apparatus and certificate management method
First Claim
Patent Images
1. A certificate management apparatus comprising:
- a non-volatile memory having stored therein a certificate store and an internal counter;
a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores a counter value and an associated end entity (EE) certificate received from one or more communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and
an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured to;
increment, upon receipt of an EE certificate or a CA certificate referenced in the certificate table, the counter value associated with the referenced certificate in the table;
add, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter;
add, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter;
add, upon receipt of an CA certificate not referenced in the table, the received CA certificate to the certificate store and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and
increment the internal counter upon adding or replacing an EE certificate or a CA certificate in the table, wherein the certificate store includes CA certificates issued by a certification authority, andthe operation controller is further configured toverify a received certificate using a CA certificate stored in the certificate store, andstore, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value.
1 Assignment
0 Petitions
Accused Products
Abstract
A certificate management apparatus retains an important certificate, while deleting the oldest referenced certificate. An update determination information output unit outputs update determination information being information for determining whether or not to update a certificate. A certificate cache stores the certificate on a volatile memory. An operation unit stores the update determination information output by the update determination information output unit in the certificate cache by relating to the certificate, and based on the update determination information stored in the certificate cache, updates the certificate related to the update determination information.
-
Citations
10 Claims
-
1. A certificate management apparatus comprising:
-
a non-volatile memory having stored therein a certificate store and an internal counter; a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores a counter value and an associated end entity (EE) certificate received from one or more communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured to; increment, upon receipt of an EE certificate or a CA certificate referenced in the certificate table, the counter value associated with the referenced certificate in the table; add, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter; add, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter; add, upon receipt of an CA certificate not referenced in the table, the received CA certificate to the certificate store and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and increment the internal counter upon adding or replacing an EE certificate or a CA certificate in the table, wherein the certificate store includes CA certificates issued by a certification authority, and the operation controller is further configured to verify a received certificate using a CA certificate stored in the certificate store, and store, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value. - View Dependent Claims (2, 3, 4)
-
-
5. A certificate management apparatus for managing certificates received in a vehicle from a plurality of communication apparatuses, the apparatus comprising:
-
a current position detector that outputs a current position of the vehicle; a non-volatile memory having stored therein a certificate store, a certificate cache, the certificate store recording CA certificates and a geographic range in which the corresponding CA certificate is valid; a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores position information and an associated end entity (EE) certificate received from one of the plurality of communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured to store, upon receipt of an EE certificate not referenced in the table, the received EE certificate and the current position of the vehicle in a vacant entry of the table, if a vacant entry does not exist, the operation controller is configured to replace a previous table entry with the received EE certificate using the position information of the table entries as a basis for selection; update, upon receipt of an EE certificate referenced in the table, the associated position information with the current position; and add, upon receipt of a certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a corresponding valid range to a vacant table entry, if a vacant entry does not exist, the operation controller is configured to replace a previous table entry with the CA certificate using the position information of the table entries as a basis for selection, wherein if a vacant entry does not exist, the operation controller is configured to select as the entry to replace an EE certificate or CA certificate whose corresponding position information is a distance from the current position of the vehicle equal to or greater than a threshold value. - View Dependent Claims (6, 7, 8)
-
-
9. A certificate management method of a certificate management apparatus managing a certificate, the method comprising:
-
receiving end entity (EE) certificates or certification authority (CA) certificates from a plurality of communication apparatuses; incrementing, upon receipt of an EE certificate or a CA certificate referenced in a table in a certificate cache stored in a volatile memory, a counter value associated with the referenced certificate in the table; adding, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter; adding, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter; adding, upon receipt of an CA certificate not referenced in the table, the received CA certificate to a certificate store in a non-volatile memory and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and incrementing a counter value of an internal counter stored in the non-volatile memory upon adding or replacing an EE certificate or a CA certificate in the table of the certificate cache, wherein the certificate store includes CA certificates issued by a certification authority, and verifying, by an operation controller, a received certificate using a CA certificate stored in the certificate store, and storing, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value.
-
-
10. A certificate management method of a certificate for managing certificates received in a vehicle from a plurality of communication apparatuses, the method comprising:
-
receiving, from a position detector, a current position of the vehicle; storing, in a non-volatile memory, a certificate store, the certificate store recording CA certificates and a geographic range in which the corresponding CA certificate is valid; storing, in a volatile memory, a certificate cache, the certificate cache including a table that stores position information and an associated end entity (EE) certificate received from one of the plurality of communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; storing, upon receipt of an EE certificate not referenced in the table, the received EE certificate and the current position of the vehicle in a vacant entry of the table, if a vacant entry does not exist, replacing a previous table entry with the received EE certificate using the position information of the table entries as a basis for selection; updating, upon receipt of an EE certificate referenced in the table, the associated position information with the current position; and adding, upon receipt of a certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a corresponding valid range to a vacant table entry, if a vacant entry does not exist, replacing a previous table entry with the CA certificate using the position information of the table entries as a basis for selection, selecting, by an operation controller, if a vacant entry does not exist, the entry to replace an EE certificate or CA certificate whose corresponding position information is a distance from the current position of the vehicle equal to or greater than a threshold value.
-
Specification