JP3797116B2 - Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program - Google Patents

Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program Download PDF

Info

Publication number
JP3797116B2
JP3797116B2 JP2001039184A JP2001039184A JP3797116B2 JP 3797116 B2 JP3797116 B2 JP 3797116B2 JP 2001039184 A JP2001039184 A JP 2001039184A JP 2001039184 A JP2001039184 A JP 2001039184A JP 3797116 B2 JP3797116 B2 JP 3797116B2
Authority
JP
Japan
Prior art keywords
user
ra
public key
key certificate
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2001039184A
Other languages
Japanese (ja)
Other versions
JP2002247028A (en
Inventor
直彦 今枝
廣志 政本
正一 橋本
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to JP2001039184A priority Critical patent/JP3797116B2/en
Publication of JP2002247028A publication Critical patent/JP2002247028A/en
Application granted granted Critical
Publication of JP3797116B2 publication Critical patent/JP3797116B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a public key certificate / user information management method and an issuing authority (IA: Issuing). Authority ) Equipment, public key certificate / user information management program and storage medium storing public key certificate / user information management program, especially applications from Registration Authority (hereinafter referred to as RA) Public key certificate / user information management method and issuing authority in a system comprising an issuing authority (hereinafter referred to as IA) that provides authentication services such as public key registration and public key certificate revocation (IA: Issuing Authority ) device, a public key certificate / user information management program, and a storage medium storing the public key certificate / user information management program.
[0002]
[Prior art]
The RA is an organization that serves as a window for users who make registration applications and invalidation applications to the IA, and is responsible for applying to the IA. When an RA starts operation, it first asks the IA to recognize that the RA is a registered institution where the RA is approved, and then obtains its own public key certificate. When a user makes a public key registration application, the RA can replace the user and make a public key registration application to the IA so that the user can acquire his / her public key certificate.
[0003]
When an RA terminates its operation within the validity period of an RA public key certificate due to the extinction or invalidation of the RA itself, generally, the RA's own public key certificate is invalidated by the RA itself. Makes an invalidation application to the IA, or an IA operator acts as an agent in the IA and makes an invalidation application.
[0004]
In the agency system for mobile phones, RA is just a registration in RA and IA so that the mobile phone of the user who has contracted through the agency can be used even if the agency is suspended. In the IA user management model in which user management is performed in the IA, the user's own public key certificate registered from the RA remains valid until the validity period expires only by invalidating the public key certificate of the RA itself. It is.
[0005]
Therefore, in the conventional IA, even if an RA is invalidated, the user's own public key certificate registered from the RA is managed and valid until the expiration date of the public key certificate expires. The public key certificate is managed as valid.
[0006]
[Problems to be solved by the invention]
However, in the RA user management model in which the employee database itself is managed by RA as in the company RA, and the IA becomes a simple issuing authority, the company can operate as an RA by adding or reducing costs. The following problem arises in terms of termination within the period.
[0007]
In the RA user management model, when the RA is invalidated, it is necessary to invalidate the user's public key certificate. This is equivalent to the fact that a company in modern society loses its proof of being an employee due to bankruptcy. In this case, simply revoking RA's own public key certificate means that the company's public key certificate will remain valid even though the company itself has disappeared. Become. Since the user's public key certificate issued from the RA is generally invalidated in the RA, the RA does not invalidate the user's public key certificate issued from the RA. In such a case, there is a risk that the position of the public key certificate of the user registered through the RA becomes indefinite (the validity is unknown).
[0008]
The present invention has been made in view of the above points, and solves the indefinite position (invalidity of validity) of a user's public key certificate in the RA user management model, and both the RA user management model and the IA user management model. of the public that can be operated suitable for the operational model Hirakikagi certificate-user information management method and issuing authority (IA: issuing Authority) and to provide a storage medium storing a device and a public key certificate, the user information management program and the public key certificate, the user information management program.
[0009]
[Means for Solving the Problems]
FIG. 1 is a diagram for explaining the principle of the present invention.
[0010]
The present invention (Claim 1) includes at least a user's public key certificate and database for storing user information, RA user management necessity designation information setting means, RA user management necessity designation information extraction means, user public key Has certificate revocation means, user public key certificate revocation notification means, and user information deletion means, and provides authentication services including public key registration and public key certificate revocation based on application from RA A public key certificate / user information management method in an IA device ,
In the RA user management necessity designation information setting means,
RA user who sets RA user management necessity designation information in the IA system default value setting table indicating whether the RA registered in the IA is an RA that performs user management or is an RA that operates as a simple registration station Management necessity specification information setting step (step 1);
In the RA user management necessity designation information extraction means,
RA user management necessity designation information extraction step (step 2) for extracting RA user management necessity designation information set in the IA system default value setting table and determining the content of the RA user management necessity designation information;
In user public key certificate revocation means,
When the determination result in the RA user management necessity designation information extraction step is that the RA user management necessity designation information is “necessary”, the RA's own public key certificate registered in the database is invalidated. A user public key certificate revocation step (step 3) for revoking a user's public key certificate registered from the RA from the database,
In user public key certificate revocation notification means,
User public key certificate for notifying the user of the destination registered by the user at the time of registering the public key held in the IA device that the user's public key certificate has been revoked Invalidation notification step (step 4);
In user information deletion means,
When all the public key certificates of the user are invalidated from the database, a user information deletion step (step 5) is performed to delete all the user information registered in the database .
[0011]
According to the present invention (Claim 2), in the user public key certificate revocation step,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The public key certificate is invalidated based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded .
[0012]
The present invention (Claim 3) is, in the user public key certificate revocation notification step,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The invalidation information is notified based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded .
[0013]
According to the present invention (Claim 4), in the user information deletion step,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The user information is deleted based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded .
[0017]
FIG. 2 is a principle configuration diagram of the present invention.
[0018]
The present invention (claim 5), based on a request from the RA, a IA apparatus that provides authentication services including the public key registration and a public key certificate revocation,
At least a database that stores the user's public key certificate and user information;
RA that sets RA user management necessity designation information 22 indicating whether the RA registered in the IA is an RA that performs user management or is an RA that operates as a simple registration station in the IA system default value setting table User management necessity designation information setting means 1,
RA user management necessity designation information extracting means 2 for extracting the RA user management necessity designation information set in the IA system default value setting table 21 and determining the contents of the RA user management necessity designation information;
When the RA user management necessity designation information extraction unit 2 performs the invalidation processing of the RA public key certificate registered in the database when the RA user management necessity designation information is “necessary”. A user public key certificate revocation means 3 for revoking a user public key certificate registered from the RA from the database;
The destination of the user to which the user has registered at public key registration held in IA apparatus, the user public key certificate public key certificate of the user to notify that it has been invalidated Invalidation notification means 4;
If the public key certificate of the user is all invalidated from the database has a user information deletion unit 5 deletes all user information registered in the database, the.
[0019]
The present invention (Claim 6 ) provides the user public key certificate revocation means 3,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate based on the user information management table that describes the certificate issued RA information indicating the RA name, it performs the invalidation of the public key certificate.
[0020]
The present invention (Claim 7 ) provides the user public key certificate revocation notification means 4,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The invalidation information is notified based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded.
[0021]
The present invention (Claim 8 ) is provided in the user information deleting means 5,
Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The user information is deleted based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded.
[0022]
The present invention (Claim 9 ) is a public key certificate / user information management program that causes a computer to function as the IA device according to any one of Claims 5 to 8 .
[0023]
The present invention (Claim 10 ) is a storage medium storing a public key certificate / user information management program that causes a computer to function as the IA device according to any one of Claims 5 to 8.
[0024]
As described above, the present invention invalidates the RA's own public key certificate when the RA's own public key certificate invalidation application is received in the IA system, and is registered from the RA. The user's public key certificate is invalidated, and the RA user management necessity designation information indicating whether the RA user management model or the IA user management model is set in the IA system, the IA is connected to the RA user management model and the IA user. Switch between management models.
[0025]
Conventionally, in the RA user management model, the RA is responsible for all user management. However, in the present invention, the RA public key certificate is invalidated by performing user management also in the IA system. Even when the RA does not invalidate the user's public key certificate issued by the RA, the processing can be performed in the IA system, and the RA user management model and IA user management model Operation suitable for both operation models becomes possible.
[0026]
DETAILED DESCRIPTION OF THE INVENTION
FIG. 3 shows a configuration on the IA system side in the public key certificate / user information management system of the present invention.
[0027]
On the IA system side shown in the figure, an RA user management necessity designation information setting unit 1, an RA user management necessity designation information extraction unit 2, a user public key certificate invalidation unit 3, a user public key certificate invalidation It has a notification unit 4 and a user information deletion unit 5. In addition, as data to be used, IA system default value setting table 21, RA user management necessity designation information 22, RA public key certificate invalidation application 23, user information management table 24, and public key certificate There is a database 25.
[0028]
The RA user management necessity designation information setting unit 1 sets the RA user management necessity designation information 22 in the IA system default value setting table 21.
[0029]
The RA user management necessity designation information extraction unit 2 extracts RA user management necessity designation information set in the IA system default value setting table 21 and determines “required / necessary” of the RA user management necessity designation information. To do.
[0030]
The user public key certificate invalidation unit 3 invalidates the user public key certificate of the user based on the information in the user information management table 24 when the RA management necessity designation information is “necessary”. To do.
[0031]
The user public key certificate revocation notification unit 4 notifies the destination registered in the user information management table 24 that the user's public key certificate issued from the RA has been revoked.
[0032]
The user information deletion unit 5 makes the user's public key certificate all invalidated from the public key certificate database 25 or when all certificate identification numbers in the user information management table 24 are invalidated. In addition, all user information registered in the user information management table 24 is deleted.
[0033]
The IA system default value setting table 21 indicates whether the RA registered in the IA system is an RA that performs user management or an RA that operates as a simple registration station (model that performs user management in IA). It is a table in which necessity designation information 22 is set.
[0034]
The user information management table 24 is a table for managing the public key certificate information of individual users, and items such as the target person name, destination, RA, or user distinction are set.
[0035]
The public key certificate database 25 stores public key certificates.
[0036]
The operation in the above configuration will be described below.
[0037]
(1) As a prior work on the IA side, an RA registered in the IA using the RA user management necessity designation information setting unit 1 is an RA that performs user management, or an RA that operates as a simple registration station (a user in the IA) RA user management necessity designation information 22 indicating whether or not the model is a management model) is set in the IA system default value setting table 21.
[0038]
(2) RA user management necessity designation information set in the RA user management necessity designation information setting unit 1 using the RA user management necessity designation information extraction unit 2 triggered by an RA public key certificate revocation application 22 is extracted from the default value setting table 21 in the IA system. If the RA user management necessity designation information 22 is “necessary”, the user public key certificate revocation unit 3 is called, and if it is “no”, the user information deletion unit 5 is called.
[0039]
(3) If the RA user management necessity designation information is “necessary”, it is registered from the RA using the user public key certificate revocation unit 3 based on the information in the user information management table 24. Invalidate the user's public key certificate.
[0040]
(4) Using the user public key certificate revocation notification unit 4, it is registered in the user information management table 24 that the user's public key certificate registered from the RA has been revoked. Notify the destination.
[0041]
(5) The user information deletion unit 5 is used to delete the RA user information, and the RA user management necessity designation information 22 extracted by the RA user management necessity designation information extraction unit 2 is “necessary”. And when the public key certificate information registered for each user registered in the user information management table 24 in the user public key revocation unit 3 is all deleted, Delete user information.
[0042]
【Example】
Embodiments of the present invention will be described below with reference to the drawings.
[0043]
FIG. 4 shows an example of a user information management table according to an embodiment of the present invention. The user information management table 24 is composed of a subject name, a destination, an item specified by the RA or user, a certificate identification number, and a certificate issuance RA.
[0044]
FIG. 5 and FIG. 6 are flowcharts showing the operation of the embodiment of the present invention, which describes the processing to be performed for each component in FIG.
[0045]
In this embodiment, when the RA user management necessity designation information in the IA system default value setting table 21 is “necessary” and the RA1 public key certificate (certificate identification number 20001001) is invalidated. An example will be described.
[0046]
(1) RA user management necessity designation information setting unit 1:
First, the processing of the RA user management necessity designation information setting unit 1 will be described.
[0047]
On the IA side, RA user information is set when the RA public key is registered. In this setting, the RA user management necessity designation information setting unit 1 is called, and the RA registered in the IA performs RA for user management. Alternatively, RA user management necessity designation information 22 indicating whether or not the RA operates as a simple registration station (model for performing user management by IA) is set in the IA system default value setting table 21 (step 101).
[0048]
It should be noted that the setting method of the RA user management necessity designation information 22 is preferably indicated by “necessary (1)” and “no (0)”. In this embodiment, “1 (required)” is set in the RA user management necessity designation information in the IA system default value setting table 21.
[0049]
The method of describing the RA user management necessity designation information 22 in the intra-IA system default value setting table 21 can be easily realized by using a table description method generally used in a computer.
[0050]
(2) RA user management necessity designation information extraction unit 2:
Next, the RA user management necessity designation information extraction unit 2 will be described.
[0051]
Using the RA public key certificate revocation application form 23 as a trigger, the RA public key certificate revocation application form 23 is analyzed, and it is checked that the application form 23 is a correct application from the RA. 23 is valid, the RA public key certificate is invalidated from the public key certificate database 25. The RA user management necessity designation information extraction unit is triggered by the termination of the RA public key certificate invalidation process. 2 is called, and the RA user management necessity designation information setting unit 1 extracts the RA user management necessity designation information 22 set in the IA system default value setting table 21 (step 102). Whether the designation information 22 is necessary is determined (step 103). If the RA user management necessity designation information 22 is “necessary”, the user public key certificate revocation unit 3 is called, and if it is “no”, the user information deletion unit 5 is called.
[0052]
In the present embodiment, the RA user management necessity designation information 22 set in the IA system default value setting table 21 is “1 (required)”, so the user public key certificate revocation unit 3 is called.
[0053]
The extraction of the RA user management necessity designation information 22 from the IA system default value setting table 21 can be easily realized by using a function for reading electronic information.
[0054]
(3) User public key certificate revocation unit 3:
The user public key certificate revocation unit 3 is called by using the RA user management necessity designation information 22 as “required” as a trigger, and the RA to be invalidated with reference to the user information management table 24 is called. The user public key certificate issued from is invalidated from the public key certificate database 25.
[0055]
In this embodiment, according to the user information management table 24 shown in FIG. 4, the public key certificate of the user issued from RA1 is the public key certificate of the certificate identification number “20001205” of user A and the user. Since this is a public key certificate with the certificate identification number “20001115” of C, these public key certificates are invalidated (step 104).
[0056]
The invalidation of the public key certificate from the public key certificate database 25 can be achieved by a search algorithm and a deletion function that are already generally used such as a computer.
[0057]
(4) User public key certificate revocation notification unit 4:
The user public key certificate revocation notification unit 4 is called by using the user public key certificate revocation unit 3 as a trigger when the revocation of the user's public key certificate is terminated, and is registered in the user information management table 24. That the public key certificate has been revoked by the user public key certificate revocation unit 3 (step 105).
[0058]
The item for notifying the user that the public key certificate has been revoked is irrelevant, but it is necessary to include at least information for specifying the public key certificate.
In this embodiment, the destination of the user A is shown in FIG.
[Expression 1]
That the public key certificate with the certificate identification number “20001205” has been revoked and is the destination of the user C.
[Expression 2]
Is notified that the public key certificate with the certificate identification number “200011115” has been revoked.
[0061]
(5) User information deletion unit 5:
In the RA user management necessity designation information extraction unit 2, when the RA user management necessity designation information 22 is “No”, the RA user management necessity designation information extraction unit 2 refers to the RA user management necessity designation information 22. As a trigger, the user information deletion unit 5 is called to delete the user information of the RA to be invalidated from the user information management table 24 (step 106). Further, when the RA user management necessity designation information 22 is “necessary”, the user public key certificate invalidation unit 3 invalidates the information, notifies the invalidation notification unit 4, and then notifies the invalidation notification 4. It is searched whether the target person of the public key certificate that has been made possesses the public key certificate in addition to the revoked public key certificate (step 107), and if not, the user information The user information of the user in the management table 22 is deleted (step 108). Finally, the user information of the RA to be invalidated in the user information management table 22 is deleted (step 109).
[0062]
In this embodiment, as shown in FIG. 4, the RA user management necessity designation information is “1 (required)”, so that the user A has the public key certificate with the certificate identification number “200001125” remaining. However, since the public key certificate does not remain for user C, the user information of user C is deleted. The resulting user information management table is shown in FIG.
[0063]
Note that the retrieval of the certificate identification information from the user information management table 24 and the deletion of the user information can be realized by using a search algorithm and a deletion function used in a computer or the like.
[0064]
Finally, the applicant check performed before step 102 will be described.
FIG. 8 is a diagram for explaining an applicant check method according to an embodiment of the present invention.
First, based on the “AuthorityKeyIdentifier” (public key certificate identification for verifying signature) information in the RA1 public key certificate revocation application 23, the corresponding public key certificate is retrieved from the IA public key certificate database 25. After the search, the signature in the RA1 public key certificate revocation application 23 is verified with the public key certificate.
[0065]
Next, if the signature verification is “OK”, the target person name of the public key certificate used for verification is registered in the user information management table 24, the target person is RA, and invalidated. It is checked whether the target public key certificate is RA1 itself.
[0066]
In the above embodiment, the configuration shown in FIG. 3 has been described. However, each component shown in FIG. 3 is constructed as a program and installed in the CPU of the computer on the IA side, or via a communication network. It is also possible to distribute.
[0067]
In addition, the built program is stored in a portable storage medium such as a disk device connected to a computer on the IA side, a floppy disk, or a CD-ROM, and installed when the present invention is carried out. The present invention can be realized. The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.
[0068]
【The invention's effect】
As described above, according to the present invention, when an RA public key certificate revocation application is received, the RA registered in the IA set in the IA system performs user management, or is simply registered. If the RA user management necessity designation information indicating whether the RA operates as a station (a model for performing user management by IA) is “necessary”, the RA public key certificate and the user's issued from the RA The public key certificate is invalidated and the user is notified that the public key certificate of the user has been invalidated. If the RA user management necessity designation information is “No”, the RA public key certificate It becomes possible to invalidate only the document. Thereby, there exist the following effects.
[0069]
(1) Even when the RA does not invalidate the public key certificate of the user registered from the RA, the user public key certificate that is originally invalid in the IA can be invalidated.
[0070]
(2) The RA itself does not need to invalidate the user's public key certificate registered from the RA.
[0071]
(3) User public key certificate and user information can be managed according to the usage mode of both the user management model based on RA and the user management model based on IA.
[0072]
As is apparent from the above, the present invention is very useful in terms of operational convenience as compared with the conventional technology.
[Brief description of the drawings]
FIG. 1 is a diagram for explaining the principle of the present invention.
FIG. 2 is a principle configuration diagram of the present invention.
FIG. 3 is a block diagram of the IA system side in the public key certificate / user information management system of the present invention.
FIG. 4 is an example of a user information management table (before deletion) according to an embodiment of the present invention.
FIG. 5 is a flowchart (part 1) showing the operation of the embodiment of the present invention.
FIG. 6 is a flowchart (part 2) showing the operation of the embodiment of the present invention.
FIG. 7 is an example of a user information management table (after deletion) according to an embodiment of the present invention;
FIG. 8 is a diagram for explaining an applicant check method according to an embodiment of the present invention.
[Explanation of symbols]
1 RA user management necessity designation information setting means, RA user management necessity designation information setting section 2 RA user management necessity designation information extraction means, RA user management necessity designation information extraction section 3 User public key certificate revocation means User public key certificate revocation unit 4 User public key certificate revocation notification unit, user public key certificate revocation notification unit 5 User information deletion unit, user information deletion unit 21 IA system default value Setting table 22 RA user management necessity designation information 23 RA public key certificate revocation application 24 User information management table 25 Public key certificate database

Claims (10)

  1. A database that stores at least the user's public key certificate and user information, Registration Authority ( Registration Authority : hereinafter referred to as RA) user management necessity designation information setting means, RA user management necessity designation information extraction means, user public key certificate revocation means, user public key certificate revocation notification means, user information A public key certificate in an issuing authority (Issuing Authority: hereinafter referred to as IA) device that has a deleting means and provides an authentication service including public key registration and public key certificate invalidation based on an application from the RA. A user information management method ,
    In the RA user management necessity designation information setting means,
    RA user who sets RA user management necessity designation information in the IA system default value setting table indicating whether the RA registered in the IA is an RA that performs user management or is an RA that operates as a simple registration station Management necessity specification information setting step,
    In the RA user management necessity designation information extraction means,
    RA user management necessity designation information extraction step for extracting the RA user management necessity designation information set in the IA system default value setting table, and determining the contents of the RA user management necessity designation information;
    In the user public key certificate revocation means,
    When the determination result in the RA user management necessity designation information extraction step is that the RA user management necessity designation information is “necessary”, the RA's own public key certificate registered in the database is invalidated. A user public key certificate revocation step for revoking a user's public key certificate registered from the RA when processing is performed;
    In the user public key certificate revocation notification means,
    A user public key certificate that notifies the user of the destination registered by the user at the time of registering the public key held in the IA device that the user's public key certificate has been revoked Certificate invalidation notification step;
    In the user information deleting means,
    A user information deletion step of deleting all user information registered in the database when all of the user's public key certificates are revoked from the database;
    Public key certificate-user information management method and performing.
  2. In the user public key certificate revocation step,
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The public key certificate is revoked based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded.
    The public key certificate / user information management method according to claim 1.
  3. In the user public key certificate revocation notification step,
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The revocation information is notified based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded.
    The public key certificate / user information management method according to claim 1.
  4. In the user information deletion step,
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate Deleting the user information based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded;
    The public key certificate / user information management method according to claim 1.
  5. Registration Authority (Registration Authority: on the basis of the application from the following referred to as RA), public key registration and public key certificate issuing authority that provides authentication services, including disabled (Issuing Authority (hereinafter referred to as IA)
    At least a database that stores the user's public key certificate and user information;
    RA user who sets RA user management necessity designation information in the IA system default value setting table indicating whether the RA registered in the IA is an RA that performs user management or is an RA that operates as a simple registration station Management necessity designation information setting means,
    RA user management necessity designation information extracting means for extracting the RA user management necessity designation information set in the IA system default value setting table, and determining the contents of the RA user management necessity designation information;
    In the RA user management necessity specifying information extraction unit, when the RA user management necessity specifying information is "necessary", invalidation of the public key certificate of the RA itself registered in the database is performed A user public key certificate revocation means for revoking the user's public key certificate registered from the RA from the database,
    Relative to the user the user's destination registered at public key registration held in the IA apparatus, the user public key certificate of the public key certificate of the user to notify that it has been invalidated Certificate invalidation notification means;
    User information deletion means for deleting all user information registered in the database when all of the user's public key certificates are revoked from the database;
    An IA device characterized by comprising:
  6. The user public key certificate revocation means is
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate based on the user information management table that describes the certificate issued RA information indicating the RA name, perform the invalidation of the public key certificate,
    The IA device according to claim 5 .
  7. The user public key certificate revocation notification means
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate The revocation information is notified based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded.
    The IA device according to claim 5 .
  8. The user information deleting means includes
    Issued the subject name representing the user name, the destination indicating the notification destination to the user, the RA information indicating whether the user is the RA or the user, the certificate identification number indicating the identification number of the public key certificate, and the public key certificate Deleting the user information based on the user information management table in which the certificate issuance RA information indicating the RA name is recorded;
    The IA device according to claim 5 .
  9. Computer
    9. A public key certificate / user information management program for causing a function as the IA device according to claim 5 .
  10. Computer
    9. A storage medium storing a public key certificate / user information management program to function as the IA device according to claim 5 .
JP2001039184A 2001-02-15 2001-02-15 Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program Active JP3797116B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2001039184A JP3797116B2 (en) 2001-02-15 2001-02-15 Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2001039184A JP3797116B2 (en) 2001-02-15 2001-02-15 Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program

Publications (2)

Publication Number Publication Date
JP2002247028A JP2002247028A (en) 2002-08-30
JP3797116B2 true JP3797116B2 (en) 2006-07-12

Family

ID=18902035

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2001039184A Active JP3797116B2 (en) 2001-02-15 2001-02-15 Public key certificate / user information management method, issuing authority (IA) device, public key certificate / user information management program, and storage medium storing public key certificate / user information management program

Country Status (1)

Country Link
JP (1) JP3797116B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4758095B2 (en) 2004-01-09 2011-08-24 株式会社リコー Certificate invalidation device, communication device, certificate invalidation system, program, and recording medium

Also Published As

Publication number Publication date
JP2002247028A (en) 2002-08-30

Similar Documents

Publication Publication Date Title
US20160371693A1 (en) Transaction assessment and/or authentication
US9894064B2 (en) Biometric authentication
JP2016036170A (en) Electronic pen, registration system of handwritten signature, and authentication method of handwritten signature
US20130247142A1 (en) Authentication federation system and id provider device
CN104615852B (en) The method for order and the raising source service efficiency of registering for guarantee online booking
US8850594B2 (en) Digital rights management of captured content based on capture associated locations
CN105279449B (en) Data access control method, system and mobile equipment based on context
JP4477625B2 (en) Hidden data backup and search for secure devices
RU2434340C2 (en) Infrastructure for verifying biometric account data
DE60029567T2 (en) Digital data management and image manufacturing system and method with secured data marking
US9311470B2 (en) Method and system for authenticating a user
JP4358188B2 (en) Invalid click detection device in Internet search engine
US7035442B2 (en) User authenticating system and method using one-time fingerprint template
US20130210354A1 (en) Portable terminal and method for providing social network service using human body communication
JP4082028B2 (en) Information processing apparatus, information processing method, and program
JP4111810B2 (en) Personal authentication terminal, personal authentication method, and computer program
KR101105121B1 (en) System and method for the transmission, storage and retrieval of authenticated documents
JP4036333B2 (en) Sender mail server, receiver mail server, e-mail system, signature data management method, and program
US7895450B2 (en) Data management system, data management method and storage medium storing program for data management
CN101594351B (en) Information processing apparatus, authentication system and information processing method
US6996711B2 (en) Certification validation system
JP3943897B2 (en) Identification system and device
US20110029555A1 (en) Method, system and apparatus for content identification
JP2008547120A (en) Biometric authentication system
JP4508331B2 (en) Authentication agent device, authentication agent method, authentication agent service system, and computer-readable recording medium

Legal Events

Date Code Title Description
A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20051213

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20060209

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20060328

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20060410

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

Ref document number: 3797116

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090428

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20100428

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20100428

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110428

Year of fee payment: 5

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120428

Year of fee payment: 6

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130428

Year of fee payment: 7

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140428

Year of fee payment: 8

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350