JP2003124926A5 - - Google Patents

Download PDF

Info

Publication number
JP2003124926A5
JP2003124926A5 JP2001316575A JP2001316575A JP2003124926A5 JP 2003124926 A5 JP2003124926 A5 JP 2003124926A5 JP 2001316575 A JP2001316575 A JP 2001316575A JP 2001316575 A JP2001316575 A JP 2001316575A JP 2003124926 A5 JP2003124926 A5 JP 2003124926A5
Authority
JP
Japan
Prior art keywords
computer
session
data
electronic certificate
application data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2001316575A
Other languages
Japanese (ja)
Other versions
JP3842100B2 (en
JP2003124926A (en
Filing date
Publication date
Application filed filed Critical
Priority to JP2001316575A priority Critical patent/JP3842100B2/en
Priority claimed from JP2001316575A external-priority patent/JP3842100B2/en
Publication of JP2003124926A publication Critical patent/JP2003124926A/en
Publication of JP2003124926A5 publication Critical patent/JP2003124926A5/ja
Application granted granted Critical
Publication of JP3842100B2 publication Critical patent/JP3842100B2/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Claims (5)

第1の計算機、前記第1の計算機に対してセション確立要求を行う第2の計算機および前記第1の計算機と前記第2の計算機との間に介在し両計算機間で送受信されるアプリケーションデータを中継する第3の計算機とを有するシステムであり、共通鍵暗号方式に基づいて前記第1の計算機と前記第2の計算機の間で前記アプリケーションデータを暗号化して送受信する暗号化通信システムの認証処理方法において、
前記第2の計算機からの当該セション固有のセションデータを含むセション確立要求に対し、前記第3の計算機によって生成された当該セション固有のセションデータを付加して前記第1の計算機へセション確立要求を送信し、前記第1の計算機によって生成された当該セション固有のセションデータと第1の電子証明書を前記第3の計算機へ送信し、前記第3の計算機によって受信した前記第1の電子証明書を認証後に前記第1の電子証明書と前記第2の計算機から得られた前記セションデータとを含めた第2の電子証明書を前記第2の計算機へ送信し、前記第2の計算機によって前記セションデータの少なくとも一部、前記第1の電子証明書及び前記第2の電子証明書を認証することを特徴とする認証処理方法。A first computer, a second computer that issues a session establishment request to the first computer, and application data interposed between the first computer and the second computer and transmitted and received between the two computers. An authentication process of an encrypted communication system for encrypting and transmitting / receiving the application data between the first computer and the second computer based on a common key encryption method, the system including a third computer to be relayed. In the method,
A session establishment request including the session-specific session data from the second computer and the session-specific session data generated by the third computer is added to the session establishment request to the first computer. Transmitting, transmitting the session-specific session data and the first digital certificate generated by the first computer to the third computer, and receiving the first digital certificate received by the third computer After the authentication, a second electronic certificate including the first electronic certificate and the session data obtained from the second computer is transmitted to the second computer, and the second computer An authentication processing method comprising: authenticating at least a part of session data, the first electronic certificate and the second electronic certificate. 前記第2の計算機から暗号化された前記アプリケーションデータを受信した前記第3の計算機によって前記アプリケーションデータを復号化してデータチェックを行い、前記第1の計算機から暗号化された前記アプリケーションデータを受信した前記第3の計算機によって前記アプリケーションデータを復号化してデータチェックを行うことを特徴とする請求項1記載の認証処理方法。Upon receiving the encrypted application data from the second computer, the third computer decrypts the application data and performs a data check, and receives the encrypted application data from the first computer. The authentication processing method according to claim 1, wherein the third computer decrypts the application data and performs a data check. セション確立要求を受信する第1の計算機、前記第1の計算機に対してセション確立要求を行う第2の計算機および前記第1の計算機と前記第2の計算機との間に介在し両計算機間で送受信されるアプリケーションデータを中継する第3の計算機とを有するシステムであり、共通鍵暗号方式に基づいて前記第1の計算機と前記第2の計算機との間で前記アプリケーションデータを暗号化して送受信する暗号化通信システムの認証処理方法において、
前記第2の計算機からの当該セション固有のセションデータを含むセション確立要求に対し、前記第3の計算機によって生成された当該セション固有のセションデータを付加して前記第1の計算機へセション確立要求を送信し、前記第1の計算機によって生成された当該セション固有のセションデータを前記第3の計算機を介して前記第2の計算機へ送信し、前記第3の計算機によって前記セションデータのうちの少なくとも一部を含む第1の電子証明書を前記第2の計算機へ送信し、前記第2の計算機によって受信した前記セションデータと前記第1の電子証明書を認証後に前記第1の計算機から得られた前記セションデータを含む第2の電子証明書を前記第3の計算機へ送信し、前記第3の計算機によって受信した前記第2の電子証明書を認証後に前記第2の電子証明書と前記第1の計算機から得られた前記セションデータを含めた第3の電子証明書を前記第1の計算機へ送信し、前記第1の計算機によって前記セションデータの少なくとも一部、前記第2の電子証明書及び前記第3の電子証明書を認証することを特徴とする認証処理方法。A first computer that receives a session establishment request, a second computer that issues a session establishment request to the first computer, and a second computer interposed between the first computer and the second computer and A third computer for relaying application data to be transmitted and received, wherein the third computer encrypts and transmits and receives the application data between the first computer and the second computer based on a common key cryptosystem. In the authentication processing method of the encryption communication system,
A session establishment request including the session-specific session data from the second computer and the session-specific session data generated by the third computer is added to the session establishment request to the first computer. Transmitting the session-specific session data generated by the first computer to the second computer via the third computer, wherein at least one of the session data is transmitted by the third computer. A first electronic certificate including a part is transmitted to the second computer, and the session data received by the second computer and the first electronic certificate are obtained from the first computer after authentication. Transmitting a second electronic certificate including the session data to the third computer, and receiving the second electronic certificate by the third computer; After the authentication, a third electronic certificate including the second electronic certificate and the session data obtained from the first computer is transmitted to the first computer, and the session data is transmitted by the first computer. Authenticating at least a part of the second electronic certificate and the third electronic certificate. 前記第2の計算機から暗号化された前記アプリケーションデータを受信した前記第3の計算機によって前記アプリケーションデータを復号化してデータチェックを行い、前記第1の計算機から暗号化された前記アプリケーションデータを受信した前記第3の計算機によって前記アプリケーションデータを復号化してデータチェックを行うことを特徴とする請求項3記載の認証処理方法。Upon receiving the encrypted application data from the second computer, the third computer decrypts the application data and performs a data check, and receives the encrypted application data from the first computer. 4. The authentication processing method according to claim 3, wherein the third computer decrypts the application data and performs a data check. 第1の計算機、前記第1の計算機に対してセション確立要求を行う第2の計算機および前記第1の計算機と前記第2の計算機との間に介在し両計算機間で送受信されるアプリケーションデータを中継する第3の計算機とを有するシステムであり、共通鍵暗号方式に基づいて前記第1の計算機と前記第2の計算機の間で前記アプリケーションデータを暗号化して送受信する暗号化通信システムにおいて
前記第2の計算機からの当該セション固有のセションデータを含むセション確立要求に対し、生成した当該セション固有のセションデータを付加して前記第1の計算機へセション確立要求を送信する前記第3の計算機に設けられる手段、生成した当該セション固有のセションデータと第1の電子証明書を前記第3の計算機へ送信する前記第1の計算機に設けられる手段、受信した前記第1の電子証明書を認証後に前記第1の電子証明書と前記第2の計算機から得られた前記セションデータを含めた第2の電子証明書を前記第2の計算機へ送信する前記第3の計算機に設けられる手段、および前記セションデータの少なくとも一部、前記第1の電子証明書及び前記第2の電子証明書を認証する前記第2の計算機に設けられる手段を有することを特徴とする認証処理システムA first computer, a second computer that issues a session establishment request to the first computer, and application data interposed between the first computer and the second computer and transmitted and received between the two computers. a system and a third computer for relaying, in encrypted communication system for transmitting and receiving by encrypting the application data between the second computer and the first computer based on a common key encryption method,
The third computer, which adds a generated session-specific session data to the session establishment request including the session-specific session data from the second computer and transmits the session establishment request to the first computer. Means for transmitting the generated session data unique to the session and the first electronic certificate to the third computer, means for authenticating the received first electronic certificate Means provided in the third computer for later transmitting to the second computer a second digital certificate including the first electronic certificate and the session data obtained from the second computer ; and At least a portion of the session data, further comprising means provided in the second computer to authenticate the first electronic certificate and the second digital certificate Authentication processing system to butterflies.
JP2001316575A 2001-10-15 2001-10-15 Authentication processing method and system in encrypted communication system Expired - Fee Related JP3842100B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2001316575A JP3842100B2 (en) 2001-10-15 2001-10-15 Authentication processing method and system in encrypted communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2001316575A JP3842100B2 (en) 2001-10-15 2001-10-15 Authentication processing method and system in encrypted communication system

Publications (3)

Publication Number Publication Date
JP2003124926A JP2003124926A (en) 2003-04-25
JP2003124926A5 true JP2003124926A5 (en) 2004-11-11
JP3842100B2 JP3842100B2 (en) 2006-11-08

Family

ID=19134571

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2001316575A Expired - Fee Related JP3842100B2 (en) 2001-10-15 2001-10-15 Authentication processing method and system in encrypted communication system

Country Status (1)

Country Link
JP (1) JP3842100B2 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4778210B2 (en) * 2003-09-12 2011-09-21 株式会社リコー COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM
JP4671638B2 (en) * 2003-09-12 2011-04-20 株式会社リコー COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM
JP2006129143A (en) * 2004-10-29 2006-05-18 Toppan Printing Co Ltd Secret information transmission/reception system and method therefor, server apparatus and program, and key information storing apparatus
JP4520840B2 (en) * 2004-12-02 2010-08-11 株式会社日立製作所 Encrypted communication relay method, gateway server device, encrypted communication program, and encrypted communication program storage medium
JP4690767B2 (en) 2005-05-11 2011-06-01 株式会社日立製作所 Network system, server device, and communication method
JP4578352B2 (en) * 2005-08-12 2010-11-10 シャープ株式会社 Communication mediating apparatus, data providing apparatus, and data providing system
US20090235069A1 (en) * 2006-04-10 2009-09-17 Trust Integration Services B.V. Arrangement of and method for secure data transmission
JP2007334753A (en) * 2006-06-16 2007-12-27 Nippon Telegr & Teleph Corp <Ntt> Access management system and method
US20100242102A1 (en) * 2006-06-27 2010-09-23 Microsoft Corporation Biometric credential verification framework
US8225096B2 (en) 2006-10-27 2012-07-17 International Business Machines Corporation System, apparatus, method, and program product for authenticating communication partner using electronic certificate containing personal information
US9055107B2 (en) 2006-12-01 2015-06-09 Microsoft Technology Licensing, Llc Authentication delegation based on re-verification of cryptographic evidence
JP5039146B2 (en) * 2007-11-07 2012-10-03 日本電信電話株式会社 Common key setting method, relay device, and program
US8301895B2 (en) 2009-12-02 2012-10-30 Microsoft Corporation Identity based network policy enablement
JP4879347B2 (en) * 2009-12-25 2012-02-22 キヤノンItソリューションズ株式会社 Relay processing device, relay processing method and program
JP5022474B2 (en) * 2010-05-07 2012-09-12 株式会社日立製作所 Server apparatus, communication method and program
CN109474433B (en) * 2018-10-23 2023-01-10 航天信息股份有限公司 Client certificate issuing method and device based on billing system
JP6705602B1 (en) * 2019-01-24 2020-06-03 Necプラットフォームズ株式会社 Relay device, relay method, and control program
US11206135B2 (en) 2019-11-11 2021-12-21 International Business Machines Corporation Forward secrecy in Transport Layer Security (TLS) using ephemeral keys

Similar Documents

Publication Publication Date Title
EP3391620B1 (en) Systems and methods for secure multi-party communications using a proxy
JP2003124926A5 (en)
US8086847B2 (en) Computer program product and computer system for peer-to-peer communications
US8438628B2 (en) Method and apparatus for split-terminating a secure network connection, with client authentication
US7584505B2 (en) Inspected secure communication protocol
US20140059354A1 (en) Scalable Session Management
CN108650210A (en) A kind of Verification System and method
CN101247232B (en) Encryption technique method based on digital signature in data communication transmission
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
CA2446304A1 (en) Use and generation of a session key in a secure socket layer connection
JP2004166270A5 (en)
WO2008054375A3 (en) Constrained cryptographic keys
JP2005534049A5 (en)
JP2006276093A5 (en)
EP1577736A3 (en) Efficient and secure authentication of computing systems
EP0938209A3 (en) Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
JP2008500755A5 (en)
JP2008533882A (en) How to backup and restore encryption keys
IL159295A0 (en) Authentication of a user across communication sessions
JP2002374239A (en) Method for cryptographing information
CN101706854A (en) USB information security equipment and method for communication between USB information security equipment and mainframe
CN110611681A (en) Encryption method and device and storage medium
KR100890720B1 (en) Method for Selectively Encrypting Web Contents and Computer-Readable Recording Medium Where Program Executing the Same Method
CN100464337C (en) Method and equipment for carrying out safety communication between USB device and host
CN107682380B (en) Cross authentication method and device