KR101038331B1 - 인증서 폐기 목록의 관리 - Google Patents
인증서 폐기 목록의 관리 Download PDFInfo
- Publication number
- KR101038331B1 KR101038331B1 KR1020050036972A KR20050036972A KR101038331B1 KR 101038331 B1 KR101038331 B1 KR 101038331B1 KR 1020050036972 A KR1020050036972 A KR 1020050036972A KR 20050036972 A KR20050036972 A KR 20050036972A KR 101038331 B1 KR101038331 B1 KR 101038331B1
- Authority
- KR
- South Korea
- Prior art keywords
- crl
- certificate
- identifier
- ses
- revoked
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (27)
- 인증서 폐기 목록(CRL)을 관리하는 방법으로서,적어도 하나의 폐기 인증서 식별자(SNi)를 포함하는 CRL(33,67)을 제 1 장치에서 수신하는 단계;비밀 데이터(KCRL)를 이용하여 CRL(371, …, 37P)의 엔트리와 관련된 무결성 필드(MACi)를 상기 제 1 장치(31,61)에서 산출하는 단계로서, 상기 엔트리는 상기 CRL의 적어도 하나의 폐기 인증서 식별자를 포함하는 단계;상기 엔트리 및 상기 엔트리와 관련된 산출 무결성 필드를, 상기 제 1 장치와 다른 제 2 장치(32,62)로 전송하는 단계; 및상기 전송된 엔트리 및 상기 관련된 무결성 필드를 상기 제 2 장치에 저장하는 단계를 포함하는 것을 특징으로 하는 인증서 폐기 목록(CRL) 관리 방법.
- 인증서 폐기 목록(CRL)을 관리하는 장치(31,61)로서,적어도 하나의 폐기 인증서 식별자(SNi)를 포함하는 CRL(33,67)을 수신하는 수단;비밀 데이터(KCRL)를 이용하여 CRL(371, …, 37p)의 엔트리와 관련된 무결성 필드(MACi)를 산출하는 수단(36,38,39)으로서, 상기 엔트리는 상기 CRL의 적어도 하나의 폐기 인증서 식별자를 포함하는 수단; 및상기 엔트리 및 상기 엔트리와 관련된 산출 무결성 필드를, 상기 장치와 다른 제2 장치(32,62)로 전송하는 수단을 포함하는 것을 특징으로 하는 인증서 폐기 목록(CRL) 관리 장치.
- 인증서 폐기 목록(CRL)(33)과 관련된 분할 엔트리들을 저장하기 위한 장치(32,62)로서,상기 CRL의 적어도 하나의 폐기 인증서 식별자(SNi)를 포함하는 엔트리, 및 상기 엔트리와 관련된 무결성 필드(MACi)를 제 1 장치(31,61)로부터 수신하기 위한 수단; 및복수의 폐기 인증서 식별자(SNi)를 저장하기 위한 메모리(34,64)를 포함하고,상기 저장된 폐기 인증서 식별자들은 적어도 하나의 보안 엔트리 세트(SESi)의 목록내에 구성되고, 각 보안 엔트리 세트는 상기 CRL(33)의 적어도 하나의 폐기 인증서 식별자, 적어도 하나의 관련 무결성 필드(MACi), 및 CRL 식별자(NCRL)를 포함하고,각 보안 엔트리 세트(SESi)는 상기 장치내에 저장된 보안 엔트리 세트들의 목록내에서 상기 보안 엔트리 세트의 순서를 결정할 수 있게 하는 컨텐츠(i)를 갖는 목록 순서 필드(63i)를 포함하는 것을 특징으로 하는 저장 장치.
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
- 삭제
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04291124A EP1594250A1 (en) | 2004-05-03 | 2004-05-03 | Distributed management of a certificate revocation list |
EP04291124.8 | 2004-05-03 |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20060045882A KR20060045882A (ko) | 2006-05-17 |
KR101038331B1 true KR101038331B1 (ko) | 2011-05-31 |
Family
ID=34931067
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020050036972A KR101038331B1 (ko) | 2004-05-03 | 2005-05-03 | 인증서 폐기 목록의 관리 |
Country Status (8)
Country | Link |
---|---|
US (1) | US8131996B2 (ko) |
EP (1) | EP1594250A1 (ko) |
JP (1) | JP4774235B2 (ko) |
KR (1) | KR101038331B1 (ko) |
CN (1) | CN1707999B (ko) |
BR (1) | BRPI0501608A (ko) |
DE (1) | DE602005001351T2 (ko) |
TW (1) | TWI384829B (ko) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1594250A1 (en) * | 2004-05-03 | 2005-11-09 | Thomson Licensing | Distributed management of a certificate revocation list |
US8051052B2 (en) | 2004-12-21 | 2011-11-01 | Sandisk Technologies Inc. | Method for creating control structure for versatile content control |
US8504849B2 (en) | 2004-12-21 | 2013-08-06 | Sandisk Technologies Inc. | Method for versatile content control |
US8601283B2 (en) | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
US7748031B2 (en) | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
US9054879B2 (en) * | 2005-10-04 | 2015-06-09 | Google Technology Holdings LLC | Method and apparatus for delivering certificate revocation lists |
US9177114B2 (en) * | 2005-10-04 | 2015-11-03 | Google Technology Holdings LLC | Method and apparatus for determining the proximity of a client device |
IL174614A (en) * | 2006-03-29 | 2013-03-24 | Yaakov Levy | Method of enforcing use of certificate revocation lists |
KR101346734B1 (ko) * | 2006-05-12 | 2014-01-03 | 삼성전자주식회사 | 디지털 저작권 관리를 위한 다중 인증서 철회 목록 지원방법 및 장치 |
US8140843B2 (en) | 2006-07-07 | 2012-03-20 | Sandisk Technologies Inc. | Content control method using certificate chains |
US8639939B2 (en) | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
US8266711B2 (en) | 2006-07-07 | 2012-09-11 | Sandisk Technologies Inc. | Method for controlling information supplied from memory device |
CN101484903B (zh) * | 2006-07-07 | 2013-09-25 | 桑迪士克科技公司 | 用于控制从存储器装置供应的信息的系统和方法 |
KR20090028806A (ko) * | 2006-07-07 | 2009-03-19 | 쌘디스크 코포레이션 | 증명서 철회 리스트를 이용한 콘텐트 제어 시스템과 방법 |
US8613103B2 (en) | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
US8245031B2 (en) | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
KR101356736B1 (ko) * | 2007-01-19 | 2014-02-06 | 삼성전자주식회사 | 콘텐츠의 무결성을 확인하기 위한 콘텐츠 제공 장치 및방법 및 콘텐츠 사용 장치 및 방법, 및 콘텐츠 사용 장치를폐지하는 콘텐츠 제공 장치 및 방법 |
US8819450B2 (en) | 2008-11-25 | 2014-08-26 | Dell Products L.P. | System and method for providing data integrity |
US8347081B2 (en) * | 2008-12-10 | 2013-01-01 | Silicon Image, Inc. | Method, apparatus and system for employing a content protection system |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US20100205429A1 (en) * | 2009-02-10 | 2010-08-12 | Gm Global Technology Operations, Inc. | System and method for verifying that a remote device is a trusted entity |
CN101572707B (zh) * | 2009-05-31 | 2012-08-08 | 成都市华为赛门铁克科技有限公司 | 一种证书状态的验证方法、装置和系统 |
CN102315938A (zh) * | 2011-07-11 | 2012-01-11 | 北京信安世纪科技有限公司 | 一种提高数字证书撤销列表安全性的方法 |
TWI433558B (zh) | 2011-12-05 | 2014-04-01 | Ind Tech Res Inst | 動態調整憑證撤銷清單更新頻率的方法及系統 |
DE102014204044A1 (de) * | 2014-03-05 | 2015-09-10 | Robert Bosch Gmbh | Verfahren zum Widerrufen einer Gruppe von Zertifikaten |
CN104579689B (zh) * | 2015-01-20 | 2018-02-13 | 中城智慧科技有限公司 | 一种软密钥系统及实现方法 |
US10530587B2 (en) * | 2015-07-07 | 2020-01-07 | Openvpn Technologies, Inc. | Web scale authentication |
US10129025B2 (en) * | 2016-09-19 | 2018-11-13 | Red Hat, Inc. | Binding data to a network in the presence of an entity with revocation capabilities |
CN108365962B (zh) * | 2018-01-02 | 2021-04-06 | 北京信安世纪科技股份有限公司 | 一种证书吊销列表查询方法及装置 |
CN113256877B (zh) * | 2020-12-31 | 2024-02-02 | 深圳怡化电脑股份有限公司 | 纸币信息管理方法、装置、存储介质和计算机设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5793868A (en) * | 1996-08-29 | 1998-08-11 | Micali; Silvio | Certificate revocation system |
KR20010008268A (ko) * | 2000-11-20 | 2001-02-05 | 이계철 | 가입자 단말의 시스템 시간 설정을 위한 타임 스탬핑서비스 방법 |
US6487658B1 (en) * | 1995-10-02 | 2002-11-26 | Corestreet Security, Ltd. | Efficient certificate revocation |
US20030221097A1 (en) * | 2002-04-17 | 2003-11-27 | Toshihisa Nakano | Information input/output system, key management device, and user device |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2675032B2 (ja) * | 1987-12-21 | 1997-11-12 | 株式会社日立製作所 | 伝票圧縮文の作成方法 |
US6453416B1 (en) * | 1997-12-19 | 2002-09-17 | Koninklijke Philips Electronics N.V. | Secure proxy signing device and method of use |
JP3543618B2 (ja) * | 1998-05-27 | 2004-07-14 | 三菱電機株式会社 | 失効情報検証方式 |
JP2974019B1 (ja) * | 1998-08-26 | 1999-11-08 | 日本電気株式会社 | 移動通信システム、並びにソフトハンドオーバー処理方法及びこれが書き込まれた記憶媒体 |
KR20010087366A (ko) * | 1999-08-09 | 2001-09-15 | 요트.게.아. 롤페즈 | 상대편을 저지하기 위한 취소목록의 업데이팅 |
EP1237325A4 (en) * | 1999-12-03 | 2007-08-29 | Sanyo Electric Co | DATA DISTRIBUTION DEVICE AND ASSOCIATED RECORDING DEVICE |
US7120607B2 (en) * | 2000-06-16 | 2006-10-10 | Lenovo (Singapore) Pte. Ltd. | Business system and method using a distorted biometrics |
US20020073310A1 (en) * | 2000-12-11 | 2002-06-13 | Ibm Corporation | Method and system for a secure binding of a revoked X.509 certificate to its corresponding certificate revocation list |
EP1616334A1 (en) * | 2003-03-24 | 2006-01-18 | Matsushita Electric Industrial Co., Ltd. | Recording medium recording apparatus and reproducing apparatus |
JP2007515092A (ja) * | 2003-12-18 | 2007-06-07 | 松下電器産業株式会社 | プログラムデータファイル保存方法および認証プログラム実行方法 |
EP1594250A1 (en) * | 2004-05-03 | 2005-11-09 | Thomson Licensing | Distributed management of a certificate revocation list |
-
2004
- 2004-05-03 EP EP04291124A patent/EP1594250A1/en not_active Withdrawn
-
2005
- 2005-04-25 TW TW094113083A patent/TWI384829B/zh not_active IP Right Cessation
- 2005-04-26 JP JP2005128013A patent/JP4774235B2/ja not_active Expired - Fee Related
- 2005-04-27 DE DE602005001351T patent/DE602005001351T2/de active Active
- 2005-04-29 US US11/119,391 patent/US8131996B2/en not_active Expired - Fee Related
- 2005-04-30 CN CN2005100667730A patent/CN1707999B/zh not_active Expired - Fee Related
- 2005-05-03 BR BR0501608-8A patent/BRPI0501608A/pt not_active Application Discontinuation
- 2005-05-03 KR KR1020050036972A patent/KR101038331B1/ko active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6487658B1 (en) * | 1995-10-02 | 2002-11-26 | Corestreet Security, Ltd. | Efficient certificate revocation |
US5793868A (en) * | 1996-08-29 | 1998-08-11 | Micali; Silvio | Certificate revocation system |
KR20010008268A (ko) * | 2000-11-20 | 2001-02-05 | 이계철 | 가입자 단말의 시스템 시간 설정을 위한 타임 스탬핑서비스 방법 |
US20030221097A1 (en) * | 2002-04-17 | 2003-11-27 | Toshihisa Nakano | Information input/output system, key management device, and user device |
Also Published As
Publication number | Publication date |
---|---|
DE602005001351D1 (de) | 2007-07-26 |
BRPI0501608A (pt) | 2006-01-10 |
TWI384829B (zh) | 2013-02-01 |
JP2005341552A (ja) | 2005-12-08 |
US20050257046A1 (en) | 2005-11-17 |
DE602005001351T2 (de) | 2008-02-21 |
CN1707999A (zh) | 2005-12-14 |
EP1594250A1 (en) | 2005-11-09 |
JP4774235B2 (ja) | 2011-09-14 |
TW200605592A (en) | 2006-02-01 |
CN1707999B (zh) | 2010-12-22 |
US8131996B2 (en) | 2012-03-06 |
KR20060045882A (ko) | 2006-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101038331B1 (ko) | 인증서 폐기 목록의 관리 | |
US9300470B2 (en) | Semiconductor device and method of writing data to semiconductor device | |
CN106612180B (zh) | 实现会话标识同步的方法及装置 | |
KR101702545B1 (ko) | 데이터 인증방법 및 그 장치 | |
EP1415430B1 (en) | A method and a system for processing information in an electronic device | |
US6516413B1 (en) | Apparatus and method for user authentication | |
KR100702499B1 (ko) | 메시지 무결성 보증 시스템, 방법 및 기록 매체 | |
US11228438B2 (en) | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device | |
US7634816B2 (en) | Revocation information management | |
KR20010052105A (ko) | 생체 측정 데이터를 이용한 암호키 발생 | |
CN110995685B (zh) | 数据的加解密方法、装置、系统及存储介质 | |
EP2291787A2 (en) | Techniques for ensuring authentication and integrity of communications | |
CN110891061A (zh) | 数据的加解密方法、装置、存储介质及加密文件 | |
US20100161992A1 (en) | Device and method for protecting data, computer program, computer program product | |
KR101492514B1 (ko) | 보안 콘텐츠 보호 시스템을 사용하는 방법, 장치 및 시스템 | |
CN107026729B (zh) | 用于传输软件的方法和装置 | |
EP1594251B1 (en) | Distributed management of a certificate revocation list | |
CN116484379A (zh) | 系统启动方法、包含可信计算基软件的系统、设备及介质 | |
US20200036535A1 (en) | Storing Data On Target Data Processing Devices | |
KR20180052479A (ko) | 서명 체인을 이용한 유무선 공유기의 펌웨어 업데이트 시스템, 유무선 공유기 및 유무선 공유기의 펌웨어 업데이트 방법 | |
KR100416713B1 (ko) | 네트워크 시스템의 암호화 키 집합 검증 장치 및 방법 | |
CN112995096A (zh) | 数据加密、解密方法、装置及设备 | |
Pasupathinathan et al. | Security analysis of Australian and EU e-passport implementation | |
KR102005787B1 (ko) | 인증서 암호화 방법 | |
Steel | Towards a formal security analysis of the Sevecom API |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20140421 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20150417 Year of fee payment: 5 |
|
FPAY | Annual fee payment |
Payment date: 20160421 Year of fee payment: 6 |
|
FPAY | Annual fee payment |
Payment date: 20170504 Year of fee payment: 7 |
|
FPAY | Annual fee payment |
Payment date: 20180427 Year of fee payment: 8 |
|
FPAY | Annual fee payment |
Payment date: 20190425 Year of fee payment: 9 |