Certificate management apparatus and certificate management method

US 9,838,381 B2
Filed: 02/26/2014
Issued: 12/05/2017
Est. Priority Date: 02/26/2014
Status: Active Grant

First Claim

Patent Images

1. A certificate management apparatus comprising:

a non-volatile memory having stored therein a certificate store and an internal counter;

a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores a counter value and an associated end entity (EE) certificate received from one or more communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and

an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured to;

increment, upon receipt of an EE certificate or a CA certificate referenced in the certificate table, the counter value associated with the referenced certificate in the table;

add, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter;

add, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter;

add, upon receipt of an CA certificate not referenced in the table, the received CA certificate to the certificate store and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and

increment the internal counter upon adding or replacing an EE certificate or a CA certificate in the table, wherein the certificate store includes CA certificates issued by a certification authority, andthe operation controller is further configured toverify a received certificate using a CA certificate stored in the certificate store, andstore, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A certificate management apparatus retains an important certificate, while deleting the oldest referenced certificate. An update determination information output unit outputs update determination information being information for determining whether or not to update a certificate. A certificate cache stores the certificate on a volatile memory. An operation unit stores the update determination information output by the update determination information output unit in the certificate cache by relating to the certificate, and based on the update determination information stored in the certificate cache, updates the certificate related to the update determination information.

89 Citations

View as Search Results

10 Claims

1. A certificate management apparatus comprising:
- a non-volatile memory having stored therein a certificate store and an internal counter;
  
  a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores a counter value and an associated end entity (EE) certificate received from one or more communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and
  
  an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured to;
  
  increment, upon receipt of an EE certificate or a CA certificate referenced in the certificate table, the counter value associated with the referenced certificate in the table;
  
  add, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter;
  
  add, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter;
  
  add, upon receipt of an CA certificate not referenced in the table, the received CA certificate to the certificate store and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and
  
  increment the internal counter upon adding or replacing an EE certificate or a CA certificate in the table, wherein the certificate store includes CA certificates issued by a certification authority, andthe operation controller is further configured toverify a received certificate using a CA certificate stored in the certificate store, andstore, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value.
- View Dependent Claims (2, 3, 4)
- - 2. The certificate management apparatus of claim 1, wherein the operation controller is configured to store the CA certificate in the certificate store if the CA certificate is stored in the certificate cache.
  - 3. The certificate management apparatus of claim 1, wherein if a vacant entry does not exist, the table entry having the lowest counter value is selected from the entries whose counter value.
  - 4. The certificate management apparatus of claim 3, wherein if a vacant entry does not exist, the table entry having the lowest counter value is selected from the entries whose deletion maintains a predefined ratio of a number of the EE certificates and a number of the CA certificates stored in the certificate cache.

5. A certificate management apparatus for managing certificates received in a vehicle from a plurality of communication apparatuses, the apparatus comprising:
- a current position detector that outputs a current position of the vehicle;
  
  a non-volatile memory having stored therein a certificate store, a certificate cache, the certificate store recording CA certificates and a geographic range in which the corresponding CA certificate is valid;
  
  a volatile memory having stored therein a certificate cache, the certificate cache including a table that stores position information and an associated end entity (EE) certificate received from one of the plurality of communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority; and
  
  an operation controller that manages storage of the received EE and CA certificates, the operation controller being configured tostore, upon receipt of an EE certificate not referenced in the table, the received EE certificate and the current position of the vehicle in a vacant entry of the table, if a vacant entry does not exist, the operation controller is configured to replace a previous table entry with the received EE certificate using the position information of the table entries as a basis for selection;
  
  update, upon receipt of an EE certificate referenced in the table, the associated position information with the current position; and
  
  add, upon receipt of a certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a corresponding valid range to a vacant table entry, if a vacant entry does not exist, the operation controller is configured to replace a previous table entry with the CA certificate using the position information of the table entries as a basis for selection,wherein if a vacant entry does not exist, the operation controller is configured to select as the entry to replace an EE certificate or CA certificate whose corresponding position information is a distance from the current position of the vehicle equal to or greater than a threshold value.
- View Dependent Claims (6, 7, 8)
- - 6. The certificate management apparatus of claim 5, wherein when a CA certificate is stored in the certificate cache table, the operation controller is further configured to also store the CA certificate in the certificate store.
  - 7. The certificate management apparatus of claim 5, further comprising:
    - a default range store that stores a default range indicating a default geographic range,wherein, in a case where the current position or the valid range information stored in an entry of the certificate cache table is within the default range stored in the default range store, the operation controller excludes the entry from the selection process.
  - 8. The certificate management apparatus of claim 5, wherein if a vacant entry does not exist, the operation controller selects as the entry to be replaced, the certificate that maintains a predefined ratio of a number of the EE certificates and a number of the CA certificates stored in the certificate cache.

9. A certificate management method of a certificate management apparatus managing a certificate, the method comprising:
- receiving end entity (EE) certificates or certification authority (CA) certificates from a plurality of communication apparatuses;
  
  incrementing, upon receipt of an EE certificate or a CA certificate referenced in a table in a certificate cache stored in a volatile memory, a counter value associated with the referenced certificate in the table;
  
  adding, upon receipt an EE certificate not referenced in the table, the received EE certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the EE certificate and the counter value corresponding to the value of the internal counter;
  
  adding, upon receipt of an EE certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate of the signing certificate and a counter value corresponding to the value of the internal counter;
  
  adding, upon receipt of an CA certificate not referenced in the table, the received CA certificate to a certificate store in a non-volatile memory and add the received CA certificate and a counter value corresponding to the value of the internal counter to a vacant table entry, if a vacant entry does not exist, the table entry having a counter value equal to or less than a threshold value is replaced with the CA certificate and the counter value corresponding to the value of the internal counter; and
  
  incrementing a counter value of an internal counter stored in the non-volatile memory upon adding or replacing an EE certificate or a CA certificate in the table of the certificate cache,wherein the certificate store includes CA certificates issued by a certification authority, andverifying, by an operation controller, a received certificate using a CA certificate stored in the certificate store, andstoring, upon adding the verified certificate to the table in the certificate cache, the CA certificate used for verifying the received certificate in the certificate cache table by relating to the counter value.

10. A certificate management method of a certificate for managing certificates received in a vehicle from a plurality of communication apparatuses, the method comprising:
- receiving, from a position detector, a current position of the vehicle;
  
  storing, in a non-volatile memory, a certificate store, the certificate store recording CA certificates and a geographic range in which the corresponding CA certificate is valid;
  
  storing, in a volatile memory, a certificate cache, the certificate cache including a table that stores position information and an associated end entity (EE) certificate received from one of the plurality of communication apparatuses or an associated certification authority (CA) certificate issued by a predetermined certification authority;
  
  storing, upon receipt of an EE certificate not referenced in the table, the received EE certificate and the current position of the vehicle in a vacant entry of the table, if a vacant entry does not exist, replacing a previous table entry with the received EE certificate using the position information of the table entries as a basis for selection;
  
  updating, upon receipt of an EE certificate referenced in the table, the associated position information with the current position; and
  
  adding, upon receipt of a certificate signed by a certificate authority whose CA certificate is not reference in the table, the CA certificate of the signing certificate and a corresponding valid range to a vacant table entry, if a vacant entry does not exist, replacing a previous table entry with the CA certificate using the position information of the table entries as a basis for selection,selecting, by an operation controller, if a vacant entry does not exist, the entry to replace an EE certificate or CA certificate whose corresponding position information is a distance from the current position of the vehicle equal to or greater than a threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Electric Corporation
Original Assignee
Mitsubishi Electric Corporation
Inventors
Yamaguchi, Teruyoshi, Kobayashi, Nobuhiro
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US15/118,415
Publication Number

US 20170187706A1
Time in Patent Office

1,378 Days
Field of Search

726 2, 726 7, 726 10, 713156, 713175
US Class Current
CPC Class Codes

G06F 12/0813   with a network or matrix co...

G06F 21/64   Protecting data integrity, ...

G06F 2212/154   Networked environment

G06F 2212/60   Details of cache memory

G06F 2212/62   Details of cache specific t...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Certificate management apparatus and certificate management method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Certificate management apparatus and certificate management method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others