Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1999-10-19
2004-06-08
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S161000, C713S168000, C713S175000
Reexamination Certificate
active
06748530
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to certification technique whereby certification is performed in an organization such as an enterprise.
2. Description of the Related Art
In the case of using a public cryptography method, assurance of correspondence between a public key and the person himself is required. This assurance is called “certification”. As a mechanism for providing this certification, there is Certification Authority (hereinafter, called also “CA”). The CA is a fair third party system for assuring a correspondence relation between the public key and the person himself, and this is being popularly used for certification. In this method, the CA issues, as a certificate, electronic data electronically signed using the private key of CA on information indicating correspondence between a certification target (natural individual or legal person) and its public key. A third party, who places its confidence in the CA, confirms the contents (signature) of the certificate using the public key of CA, whereby the third party accepts that the correspondence relation between the public keys of an individual and an individual is legitimate.
If the conventional CA is used within an enterprise, the following problems will occur:
(1) A fair third party is required as a manager of CA. If such a management job is entrusted to an external third party organization, the essence of the internal security system would be held by the third party.
(2) Even if an attempt is made to provide a fair third party within the company, an employee within the company will become the individual concerned (an individual to be certified). The enterprise side also desires to prevent a specific manager from holding the essence of the security system, and the manager does not desire to manage important information either (he is very likely to be suspected if a problem such as divulgation arises).
(3) Within an enterprise, since activities are performed in units of groups, which are an aggregate of individuals or groups such as a department or a section, it is desirable to establish a right such as reference right for information in units of groups. Accordingly, it becomes necessary to correctly assure the individual or group, which is an element of the group, but the conventional CA does not have such ability.
(4) In the CA, the fair third party identifies by some method that a person to be certified is the person himself, but since generally the CA's manager is not acquainted with the person to be certified, there is no method for the identification except some method left to the CA's decision among methods such as correspondence to mail address, non-duplication of the name, and backing using a public certificate. Since there are diversified methods in this manner, variations occur in the degree of reliability of the identification. Even if we may rely on the public certificate, we are powerless against false papers for it. Within the enterprise, an employee's identification card may be the public certificate, but it costs for an applicant to meet the manager with his employee's identification card.
The present applicant has proposed a cryptography technique in units of groups (Japanese Published Unexamined Patent Application No. 11-015373). This technique enables information control in units of groups to the public key cryptography technique, that is, decoding and electronic signature. In order to perform the information control in units of groups, it is necessary to maintain the legitimacy of a member of the group. This is because if an illegitimate member can be added, the illegitimate member could use the rights given to the group. For this reason, in the Japanese Published Unexamined Patent Application No. 11-015373, there was provided ability to legitimately change the group members. However, no certification ability is included in the Japanese Published Unexamined Patent Application No. 11-015373. More specifically, there is not included ability to assure the correspondence relation between an individual and the public key, and the correspondence relation between a group and the public key.
Even in a general CA, there exists a system in which a plurality of CAs form a hierarchical structure. Concretely, a higher level CA places its electronic signature on information indicating the correspondence relation between its lower level CA and its public key. Thus, if the public key for the higher level CA is known, the information indicating the public key for the lower level CA electronically signed is confirmed, whereby the public key for the lower level CA can be also correctly known. In this system, however, although the hierarchical structure is formed, a fair third party is still required. Also, since the CA is service, it is difficult to bring the group into correspondence with the CA, and the group cannot be controlled. Further, the basis for the certification remains the same as before, and the degree of reliability varies.
SUMMARY OF THE INVENTION
The present invention has been achieved in consideration of the above-described state of affairs, and is aimed to provide a certification technique suitable for performing a certification in an organization such as an enterprise.
Hereinafter, the description will be made of the present invention. The present invention enables the certification of an individual and an organization using a hierarchy of the organization. A responsible person of each group ought to certainly know other groups and individuals directly belonging to the group, and performs the certification on the basis thereof. This has the following effects:
(1) The certification can be performed without necessitating the existence of any fair third party.
(2) Uniform and fair certification can be performed on the basis of acquaintance with the members which the responsible person of the group has.
(3) The group can be handled.
(4) The certification can be performed by the in-house alone.
More specifically, according to the present invention, in order to achieve the above-described object, a certification apparatus for performing certification for an individual and a group in an organization constructed by hierarchically arranging a group having at least one of an individual and a group as a constituent member, is provided with: a confirmation process unit for confirming the certification target on the basis of communication between a responsible person of a group and a certification target belonging to the group; and a certificate generating unit for generating a certificate for the certification target by placing the signature on signature-target information including a public key for the certification target and specifying information on the certification target by a private key used by the responsible person of the group.
In this structure, a certification scheme is hierarchically constructed with the responsible person of the group as a nucleus, and therefore, the effects of (1) to (4) described above can be achieved.
In this structure, a unit for keeping the certificate may be further provided. Of course, the certificate may be sent to the user. Also, the signature-target information may further include specifying information on the group.
Also, a certificate having a group as a certification target may further include specifying information on each of members of the group, and signature information comprising the specifying information signed by the private key of the responsible person of the group.
Also, the certificate having a group as a certification target may further include a shared public key of members of the group encrypted by respective public keys of members of the group; a shared public key of members of the group; and signature information comprising at least the members' shared private key encrypted, signed by the private key of the responsible person of the group.
Also, a private key used by the responsible person of the group encrypted by a public key corresponding to a private key used by a re
Fuji 'Xerox Co., Ltd.
Oliff & Berridg,e PLC
Peeso Thomas R.
LandOfFree
Certification apparatus and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Certification apparatus and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Certification apparatus and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3338218