JP6175600B2 - セキュリティドメインの制御方法 - Google Patents
セキュリティドメインの制御方法 Download PDFInfo
- Publication number
- JP6175600B2 JP6175600B2 JP2013550716A JP2013550716A JP6175600B2 JP 6175600 B2 JP6175600 B2 JP 6175600B2 JP 2013550716 A JP2013550716 A JP 2013550716A JP 2013550716 A JP2013550716 A JP 2013550716A JP 6175600 B2 JP6175600 B2 JP 6175600B2
- Authority
- JP
- Japan
- Prior art keywords
- security
- domain
- token
- series
- subscriber
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Description
Claims (6)
- 互いに通信する機能を有する複数のデバイスで構成されるネットワークシステムの通信の安全性を管理し制御する方法であって、
ホストサーバが、ドメインIDと鍵とをそれぞれに割り付けることにより一連のセキュリティドメインのシリーズを定義するステップと、
常に一つの前記セキュリティドメインのみがカレントドメインとなっているように、前記ホストサーバが、前記一連のセキュリティドメインのそれぞれをカレントドメインに順次選定するステップと、
前記ホストサーバが、前記カレントドメインの下で第1のセキュリティトークンを生成して、当該第1のセキュリティトークンを第1のデバイスに配信するステップと、
を含み、
前記第1のセキュリティトークンは、
前記第1のデバイスに、前記カレントドメインの下で前記ホストサーバが生成した第2のセキュリティトークンを持つ第2のデバイスとの間、前記セキュリティドメインの前記シリーズにおいて前記カレントドメインの次に位置する前記セキュリティドメインの下で前記ホストサーバが生成した第3のセキュリティトークンを持つ第3のデバイスとの間、及び前記セキュリティドメインの前記シリーズにおいて前記カレントドメインの前に位置する前記セキュリティドメインの下で前記ホストサーバが生成した第4のセキュリティトークンを持つ第4のデバイスとの間、での、暗号により安全が保証されたメッセージの交換を可能にさせるように、
前記カレントドメインにおける少なくとも一つの鍵と、前記カレントドメインの次に位置する前記セキュリティドメインにおける少なくとも一つの鍵と、前記カレントドメインの前に位置する前記セキュリティドメインにおける少なくとも一つの鍵と、を含む一組の鍵で構成されている、
方法。 - 前記第1のセキュリティトークンは、前記第1のデバイスに、前記セキュリティドメインの前記シリーズにおいて前記カレントドメインの前に位置する2つの前記セキュリティドメインの下で前記ホストサーバが生成した第5のセキュリティトークンを持つ第5のデバイスと間での、暗号化により安全が保証されたメッセージの交換を可能にさせるよう構成されている、請求項1に記載の方法。
- 前記各セキュリティドメインは、公開鍵基盤(PKI、Public Key Infrastructure)を用いて定義され、かつ、それぞれに公開鍵を備える、請求項1に記載の方法。
- 前記第1のセキュリティトークンは、前記カレントドメイン、前記シリーズにおけるその次のセキュリティドメイン、及び前記系列におけるその前のセキュリティドメインのそれぞれの公開鍵を有する、請求項3に記載の方法。
- 前記第1のセキュリティトークンは、さらに、前記シリーズにおける二つ前のセキュリティドメインの公開鍵を備える、請求項4に記載の方法。
- 前記ネットワークの安全が保証されたサーバにデバイスがログインしたときに、当該デバイス内に保持されているセキュリティトークンを自動的に更新するステップ、を更に有する、請求項1に記載の方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161437147P | 2011-01-28 | 2011-01-28 | |
US61/437,147 | 2011-01-28 | ||
PCT/CA2012/050043 WO2012100352A1 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2014504120A JP2014504120A (ja) | 2014-02-13 |
JP6175600B2 true JP6175600B2 (ja) | 2017-08-09 |
Family
ID=46580160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2013550716A Expired - Fee Related JP6175600B2 (ja) | 2011-01-28 | 2012-01-27 | セキュリティドメインの制御方法 |
Country Status (8)
Country | Link |
---|---|
US (1) | US8699710B2 (ja) |
EP (1) | EP2668737A4 (ja) |
JP (1) | JP6175600B2 (ja) |
KR (1) | KR101690093B1 (ja) |
CN (1) | CN103416020B (ja) |
AU (1) | AU2012210978B2 (ja) |
CA (1) | CA2824696A1 (ja) |
WO (1) | WO2012100352A1 (ja) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013144719A1 (en) * | 2012-03-26 | 2013-10-03 | Assa Abloy Ab | Field revisions for a personal security device |
US10897360B2 (en) * | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using clean room provisioning |
US11838284B2 (en) * | 2020-02-03 | 2023-12-05 | T-Mobile Usa, Inc. | Cross-domain proof-of-possession |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020062451A1 (en) * | 1998-09-01 | 2002-05-23 | Scheidt Edward M. | System and method of providing communication security |
US7065210B1 (en) * | 1999-01-25 | 2006-06-20 | Murata Kikai Kabushiki Kaisha | Secret key generation method, encryption method, cryptographic communications method, common key generator, cryptographic communications system, and recording media |
US7103784B1 (en) * | 2000-05-05 | 2006-09-05 | Microsoft Corporation | Group types for administration of networks |
US20020031230A1 (en) * | 2000-08-15 | 2002-03-14 | Sweet William B. | Method and apparatus for a web-based application service model for security management |
JP3588042B2 (ja) * | 2000-08-30 | 2004-11-10 | 株式会社日立製作所 | 証明書の有効性確認方法および装置 |
US20020071563A1 (en) * | 2000-12-12 | 2002-06-13 | Kurn David Michael | Method and apparatus for cryptographic key rollover during operation |
JP2001242785A (ja) * | 2001-04-20 | 2001-09-07 | Ntt Data Corp | ディジタル署名システム |
US7568218B2 (en) * | 2002-10-31 | 2009-07-28 | Microsoft Corporation | Selective cross-realm authentication |
US6886096B2 (en) * | 2002-11-14 | 2005-04-26 | Voltage Security, Inc. | Identity-based encryption system |
JP2004166154A (ja) * | 2002-11-15 | 2004-06-10 | Nec Corp | マルチキャスト配信のための鍵管理方式 |
US20040123152A1 (en) * | 2002-12-18 | 2004-06-24 | Eric Le Saint | Uniform framework for security tokens |
CA2513375C (en) * | 2003-04-16 | 2012-10-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Authentication method |
JP3894181B2 (ja) * | 2003-10-10 | 2007-03-14 | 株式会社日立製作所 | 公開鍵証明書検証の高速化方法、および装置 |
EP1676281B1 (en) * | 2003-10-14 | 2018-03-14 | Selander, Göran | Efficient management of cryptographic key generations |
WO2007001329A2 (en) * | 2004-07-29 | 2007-01-04 | Infoassure, Inc. | Cryptographic key management |
US7130998B2 (en) * | 2004-10-14 | 2006-10-31 | Palo Alto Research Center, Inc. | Using a portable security token to facilitate cross-certification between certification authorities |
US20060218628A1 (en) * | 2005-03-22 | 2006-09-28 | Hinton Heather M | Method and system for enhanced federated single logout |
US7620187B1 (en) * | 2005-03-30 | 2009-11-17 | Rockwell Collins, Inc. | Method and apparatus for ad hoc cryptographic key transfer |
US7788484B2 (en) * | 2005-11-30 | 2010-08-31 | Microsoft Corporation | Using hierarchical identity based cryptography for authenticating outbound mail |
JP4635855B2 (ja) * | 2005-12-13 | 2011-02-23 | 株式会社日立製作所 | データ通信方法およびシステム |
CN100546245C (zh) * | 2006-01-11 | 2009-09-30 | 西安电子科技大学 | 跨安全域的网络认证和密钥分配方法 |
JP4270219B2 (ja) * | 2006-03-31 | 2009-05-27 | ブラザー工業株式会社 | 通信システム、サーバ装置、及び、プログラム |
US8538028B2 (en) * | 2006-11-20 | 2013-09-17 | Toposis Corporation | System and method for secure electronic communication services |
EP1976220A1 (en) * | 2007-03-30 | 2008-10-01 | British Telecommunications Public Limited Company | Computer network |
JP4594962B2 (ja) * | 2007-06-04 | 2010-12-08 | 株式会社日立製作所 | 検証サーバ、プログラム及び検証方法 |
US8037298B2 (en) * | 2008-01-31 | 2011-10-11 | Park Avenue Capital LLC | System and method for providing security via a top level domain |
JP5077186B2 (ja) * | 2008-10-17 | 2012-11-21 | 富士通株式会社 | 通信装置、通信方法及び通信プログラム |
JP5329184B2 (ja) * | 2008-11-12 | 2013-10-30 | 株式会社日立製作所 | 公開鍵証明書の検証方法及び検証サーバ |
US8990562B2 (en) * | 2010-10-08 | 2015-03-24 | Microsoft Technology Licensing, Llc | Secure deployment of provable identity for dynamic application environments |
-
2012
- 2012-01-27 EP EP12738926.0A patent/EP2668737A4/en not_active Withdrawn
- 2012-01-27 US US13/360,337 patent/US8699710B2/en not_active Expired - Fee Related
- 2012-01-27 CA CA2824696A patent/CA2824696A1/en not_active Abandoned
- 2012-01-27 AU AU2012210978A patent/AU2012210978B2/en not_active Ceased
- 2012-01-27 WO PCT/CA2012/050043 patent/WO2012100352A1/en active Application Filing
- 2012-01-27 JP JP2013550716A patent/JP6175600B2/ja not_active Expired - Fee Related
- 2012-01-27 KR KR1020137020013A patent/KR101690093B1/ko active IP Right Grant
- 2012-01-27 CN CN201280006590.8A patent/CN103416020B/zh not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
EP2668737A1 (en) | 2013-12-04 |
KR101690093B1 (ko) | 2016-12-27 |
CN103416020B (zh) | 2015-12-23 |
CA2824696A1 (en) | 2012-08-02 |
WO2012100352A1 (en) | 2012-08-02 |
KR20140004703A (ko) | 2014-01-13 |
AU2012210978B2 (en) | 2015-11-26 |
CN103416020A (zh) | 2013-11-27 |
JP2014504120A (ja) | 2014-02-13 |
US20120257751A1 (en) | 2012-10-11 |
AU2012210978A1 (en) | 2013-08-01 |
US8699710B2 (en) | 2014-04-15 |
EP2668737A4 (en) | 2016-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20100195824A1 (en) | Method and Apparatus for Dynamic Generation of Symmetric Encryption Keys and Exchange of Dynamic Symmetric Key Infrastructure | |
CN113691560B (zh) | 数据传送方法、控制数据使用的方法以及密码设备 | |
TWI454112B (zh) | 通信網路金鑰管理 | |
US10469491B2 (en) | Access control in an information centric network | |
US20200320178A1 (en) | Digital rights management authorization token pairing | |
US20170201382A1 (en) | Secure Endpoint Devices | |
US20160344725A1 (en) | Signal haystacks | |
CN111934884B (zh) | 一种证书管理方法及装置 | |
US8006249B2 (en) | Method of implementing a state tracking mechanism in a communications session between a server and a client system | |
US8997252B2 (en) | Downloadable security based on certificate status | |
US20160006724A1 (en) | Secure installation of software in a device for accessing protected content | |
US20120155647A1 (en) | Cryptographic devices & methods | |
JP6175600B2 (ja) | セキュリティドメインの制御方法 | |
EP3216163B1 (en) | Providing forward secrecy in a terminating ssl/tls connection proxy using ephemeral diffie-hellman key exchange | |
US20240064143A1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
KR101241864B1 (ko) | 사용자 중심의 아이덴터티 관리 시스템 및 그 방법 | |
US11658955B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
US11743035B2 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
CN113918971A (zh) | 基于区块链的消息传输方法、装置、设备及可读存储介质 | |
JP5768622B2 (ja) | メッセージ認証システム、通信装置及び通信プログラム | |
US11843636B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
KR101881205B1 (ko) | 서버 및 p2p 네트워크의 해킹 방지 방법 | |
CA2706147C (en) | Downloadable security based on certificate status | |
KR20090000265A (ko) | P3p를 위한 보안 시스템 및 그 보안 방법 | |
KR20190135063A (ko) | 공개키기반 인증방법과 최소공개키기반 인증방법을 결합한 스마트팜디바이스 인증방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20130719 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20141117 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20150630 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20150708 |
|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20151001 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20160407 |
|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20160630 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20160728 |
|
A711 | Notification of change in applicant |
Free format text: JAPANESE INTERMEDIATE CODE: A711 Effective date: 20160824 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20160824 |
|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20170510 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6175600 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7424 Effective date: 20170726 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: R3D04 |
|
LAPS | Cancellation because of no payment of annual fees |