WO2006021665A1 - Procede d'attribution de certificat d'authentification et infrastructure d'attribution de certificat - Google Patents
Procede d'attribution de certificat d'authentification et infrastructure d'attribution de certificat Download PDFInfo
- Publication number
- WO2006021665A1 WO2006021665A1 PCT/FR2005/002040 FR2005002040W WO2006021665A1 WO 2006021665 A1 WO2006021665 A1 WO 2006021665A1 FR 2005002040 W FR2005002040 W FR 2005002040W WO 2006021665 A1 WO2006021665 A1 WO 2006021665A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identity
- server
- certificate
- identifier
- information
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
Definitions
- the invention relates to key management infrastructures for open network computer systems. More particularly, the invention relates to a certificate granting method as well as to a system for assigning a certificate according to the method.
- a certificate should be understood as the certificate for validating a cryptographic key used on an open computer network.
- a standard commonly used on the Internet for public key management, certificate and certificate revocation list infrastructures is known as X.509 and more particularly X.509v3 defined in RFC3280 ( Request For Comment n ° 3280) published by the Internet Engineering Task Force (IETF).
- the certificate is an object comprising, among others, a public key to be certified, the identity of its owner, a period of validity, a list of the rights of use of the key and a cryptographic signature of these data made using the public key of a Certificate Authority issuing the certificate.
- PKI Public Key Infrastructure
- Certificate management platform PKI's role is not only to create certificates but also to manage their validity, ie their revocation and renewal.
- Figure 1 shows an example of PKI according to the state of the art.
- the PKI mainly comprises a certification authority (CA) materialized by a certificate server 1, and a registration authority (RA) materialized by a registration server 2.
- CA certification authority
- RA registration authority
- the certificate server 1 and the registration server 2 are for example linked together via the Internet, and communicate securely.
- the certification authority is an organization recognized as competent and trusted to issue and manage certificates as well as to ensure their validity.
- the authority of certification calculates a public key and a private key to assign to a requester.
- the private key is then provided to the requester with the certificate so that the certificate can be used by the requester as a message signing key or access key to secure WEB services or for other applications requiring secure access.
- the certification authority will be asked to check the validity of this key and the various data concerning the certificate, including its validity and activation or revocation.
- the registration authority is used to establish a certificate request from the certificate authority for a certificate requester.
- the registration authority must establish a complete certificate request in which different information will be sent according to the requested certificate.
- the Registration Authority is responsible for verifying the information provided by the requester as to his identity and verifying if the requester is authorized to request such a certificate with the requested attribute list. in the certificate.
- the object of the invention is to eliminate the drawbacks mentioned above.
- a pre-registration of the identity of the applicant is carried out by a third party entity so that the registration authority can obtain certified information on the identity of the applicant.
- the registration server verifies information from an identity server previously informed about the identity of the applicant. Thanks to the use of an identifier for obtaining identity information certified from an identity server, the registration server can make the request more quickly by checking the validity and possibly complete, with the identity server, the information required on the identity and in a certified way, to obtain a new certificate.
- An applicant only needs to register once with an identity management authority to produce his or her identity with a plurality of registration servers. Also, the registration authority no longer needs to systematically verify identity information verified once and for all by the identity management authority.
- the invention is a method for assigning an electronic certificate in a distributed certificate allocation infrastructure in a network, the infrastructure including at least one certificate server, an identity server and a linked registration server. to the network.
- the identity server Prior to a request for a certificate request, information relating to the identity of a certificate requester is stored in the identity server, the identity information being accessible via an identifier.
- An applicant requires a certificate from the registration server.
- the identifier is sent to the identity server.
- the identity server After verifying the identifier, sends the previously registered identity of the requester, said identity being provided to the registration server.
- the registration server After receiving the identity, sends a certificate request including the identity of the requestor to the certificate server.
- the certificate server sends the certificate to the applicant.
- the registration server asks the requester for his identifier, in order to send it to the identity server.
- the identity server After verifying the identifier, the identity server sends the registration server the previously registered identity of the requester to the registration server (20).
- the certificate server sends the certificate to the registration server.
- the registration server provides the certificate to the requester.
- the identifier may be an anonymous identifier.
- the identifier can itself be a certificate.
- the identifier may be accompanied by a verification means.
- the verification means may be provided by the requestor to the registration server that provides it to the identity server, and the identity server returns the identity to the registration server only if the verification means validates the identifier.
- the verification means may be a certificate verified by the registration server.
- each server comprising complementary identity information registered prior to a request for a certificate request, the identity information being accessible via an identifier specific to each identity server.
- the registration server retrieves the identity information of the different identity servers in order to reconstruct a complete identity before sending it to the certificate server.
- the invention is also a computer program product comprising instructions for implementing the method during execution by processing means implementing the method.
- the invention relates to a computer readable recording medium, which comprises a computer program implementing the method when said program is executed by processing means implementing the method.
- the invention is a certificate allocation infrastructure on a computer network.
- the infrastructure has at least one authentication certificate server connected to the network and capable of providing an electronic certificate for an applicant, for a given duration and for a defined object, the certificate being issued after the receipt of an identity of a requester; an identity server connected to the network, the identity server containing information relating to the identity of a certificate requester, the identity server being able to provide, after receiving an identifier, the identity registered by the applicant; a registration server connected to the network and able to request the identity information relating to the requester from the identity server, following a certificate request from a requester, and then to send a certificate request to the certificate server including the identity information of the applicant.
- the identity server is able to verify the validity of the identifier in order to return the identity to the registration server only if the identifier is valid.
- a plurality of identity servers are connected to the network, each server comprising complementary identity information registered prior to a request for a certificate request, the identity information being accessible via an identifier specific to each identity server.
- the registration server is able to retrieve the identity information of the different identity servers in order to reconstruct a complete identity before sending it to the certificate server.
- FIG. 1 represents an example of a public key management infrastructure according to FIG. 2 represents a first embodiment of a public key management infrastructure according to the invention
- FIG. 3 schematically represents the exchanges inside the infrastructure of FIG. 2 to request a certificate
- FIG. 4 represents a second embodiment of a public key management infrastructure according to the invention
- Figure 5 schematically shows the exchanges required to obtain a certificate using the infrastructure of Figure 4.
- Figure 2 represents a first mode of implementation of a public key management infrastructure according to the invention.
- This infrastructure comprises a certificate server 10, a registration server 20 and an identity server 30. Said servers 10, 20 and 30 are physically distinct and are interconnected via the Internet and communicate by means of a link secure.
- the certificate server 10 materializes the certification authority.
- the certificate server 10 upon receipt of a certificate request request issued in good form by the registration server 20, is able to calculate a public key and a private key and then to provide a certificate containing the public key as well as the other attributes of the certificate.
- the registration server 20 materializes the registration authority.
- the registration server 20 is able to receive requests for registration requests from a user 40, possibly via a terminal 41, itself connected to the Internet.
- the registration server 20 is able to obtain from the identity server 30 the information concerning the identity of the requester 40.
- the identity server 30 embodies an identity management authority and contains information on the identity
- the interaction between the identity server 30 and the requester 40 can be via a terminal 40 via the Internet or directly, either physically or by another means of communication such as conventional mail with the applicant.
- Each server 10, 20 and 30 is provided with a computer program for interacting with the other servers in order to carry out the process for obtaining a certificate which will be described later.
- the program can be stored on a computer readable recording medium prior to implementation on said servers.
- a certificate application according to the invention is made in two phases as shown in FIG. 3.
- the The requester registers his identity with the identity server 30.
- the requester 40 provides the identity server with information concerning his identity, namely surname, first name, and others.
- the requestor 40 will provide the identity management authority with all the supporting documents necessary to prove the veracity of the information given in order to register them in the identity server 30.
- the identity is registered in the server 30 and the latter provides the requester 40 with an anonymous identifier associated with the identity information in the course of time.
- a second step 302. The identifier provides access to the identity information in the identity server. If the complete registration of the identity information could not be done during step 301, the applicant can in a third step 303, provide additional credentials to the identity management authority that will record in the identity server the additional information after having checked them.
- the identity management authority comprises, in addition to the identity server 30, interface means with the requestor 40.
- These interface means are, for example a physical operator located in an agency or near the server, or a remote agency connected to said server over the Internet via a secure link.
- the requestor 40 may provide the information and credentials of his identity in a step 301 or in two steps 301 and 303. When the identity and credentials are provided in two or more steps, the requestor can contact one or more agencies connected to said identity server 30.
- the requestor 40 will be able to request certificates from the public key management infrastructure via a terminal 41, the first phase is then completed.
- a second phase corresponding to the certificate request can then begin.
- the requestor sends to the server registration 20 a certificate request request.
- the registration server will, among other things, ask to justify its identity to the applicant.
- the applicant merely sends his identifier to said registration server 20.
- the registration server 20 Upon receipt of the identifier, the registration server 20 will request, during a step 306, the request. identity server 30 to send him the certified information corresponding to said identifier.
- the identity server 30 provides the registration server 20 with the information present in its database that is associated with said identifier and relating to the identity. the applicant 40.
- the registration server 20 Upon receipt of the identity information, and in a step 307, the registration server 20 sends a complete request for a certificate request to the certificate server 10.
- the certificate server 10 will then calculate a public key and a certificate. private key and establish a corresponding certificate for the applicant 40.
- the certificate and the private key are then transmitted during a step 309 to the registration server 20.
- the registration server 20 provides the applicant the certificate and the private key during a step 310.
- the information exchanged between the terminal 41 and the registration server 20 and between the three servers 10, 20 and 30 are via the Internet.
- a secure protocol for example the protocol known as HTTPS or HTTP (from the English HyperText Transfer Protocol) with SSL (English Secure Socket Layer).
- HTTPS HyperText Transfer Protocol
- SSL English Secure Socket Layer
- the advantage of such a public key management infrastructure as well as the process of certificate assignment comes from the fact that the identity, once stored in the identity server 30, can be used by a plurality of servers 20 and that this registration of identity is made only once.
- the identifier provided to the requestor 40 by the identity server 30 may be of different types. According to a first embodiment, the identifier can be a simple password allowing access to the identity information 30. The password is then securely provided to the registration server 20 which will then provide it to the identity server 30.
- the identity server 30 will provide the identity information corresponding to the identifier.
- the identifier can itself be a certificate.
- information relating to the identity of the applicant is filled in the fields of a form provided to the requestor 40 by the registration server.
- the fields are then signed using the private key associated with the. certificate of the identifier.
- the form thus signed is then sent by the registration server 20 to the identity server 30.
- the identity server 30 verifies the signature of the form using its public key and if the latter is verified, it provides then the registration server 20 the identity information of said form by certifying, and possibly adding additional identity information not present on the form.
- the certificate can also be a non-personal or anonymous certificate contained in a smart card accompanied by its PIN code.
- the identity information relating to a person can be relatively numerous. We have previously mentioned the name and surname. To these basic identity information can be added other complementary identity information such as date and place of birth, nationality, sex, but also biometric information or information, for example relating to the bank account. It is not necessary that all this information be provided for a given certificate request. Similarly, for reasons of confidentiality, it may be preferable not to store in a single server all this information relating to the identity of a person. Also, the storage of all the identity information relating to a person may require relatively large means that are difficult to manage by a single authority. For this purpose, an alternative embodiment of the infrastructure according to the invention is shown in FIG. 4. In this FIG.
- the identity server 30 is replaced by two identity servers 31 and 32 that are physically separate and connected. Internet.
- Identity servers 31 and 32 will have common and complementary identity information.
- the identity server 31 will include for example the name and first name of the person accompanied by biometric information such as fingerprints or voice signature.
- the identity server 32 will record him more conventional information such as civil identity information, surname, first name, date of birth, place of birth, nationality, sex, social security number, bank account number, etc.
- the identity server 31 it is imperative that the person moves for the measurement of the biometric information and that it justifies its identity with the aid of a legal identity document.
- all this information can be provided by mail, using conventional credentials.
- a certificate request is made in two phases as shown in Figure 5.
- the applicant will inform the servers 31 and 32 independently of one another.
- the requestor 40 will provide the server 31 with first information concerning its identity, for example, biometric information.
- the applicant 40 will therefore move to an agency that will first verify his identity by presenting an identity card and record for example these fingerprints or record a voice identification.
- the server 31 will provide a first identifier in the course of step 402. If by chance the requester 40 wishes to modify or record new biometric information, he may still do so during a step 403 by simultaneously providing its identifier with the data of the additional information by also moving to the identity management authority associated with the server 31.
- the applicant 40 will also take the necessary steps to register his identity with the server 32.
- a step 404 he will provide information accompanied by supporting documents of his identity, for example his card. identity as well as all the papers to prove that his home is real, etc.
- a second identifier is provided to the applicant 40 in the step 405.
- the applicant wishes to record other information about his identity, for example his bank account or possibly his number social security, it can always in a step 406 provide them with the necessary supporting documents accompanied by its identifier.
- the requestor 40 can then ask the registration server 20 to assign a certificate via a terminal 41 connected to the Internet.
- the request is sent during a step 416.
- the registration server and the requestor will dialogue in order to fill the forms required by the registration server for a certificate request and to provide at the registration server 20 the first and second identifiers respectively corresponding to the servers 31 and 32.
- the registration server Once the registration server has recovered the identifiers, it will simultaneously send them to the identity servers 31 and 32 during steps 408 and 409.
- the steps 408 and 409 are almost simultaneous and the registration server does not need to wait for the response of the identity servers before sending the next identifier.
- the identity server 31 will verify this first identifier and send the certified identity information in a step 410.
- the identity server 32 will verify this identifier and provide back the complementary identity information in a step 411.
- the registration server will compile the different identity information received in a single form to the certificate server 10. The information from the server 31 and those from the server 32 are put in a single form.
- the registration server sends the duly completed request containing the identity information of the requestor 40 to the certificate server 10. The latter in return calculates a public key and a secret key and establishes a certificate that it sends to the registration server during a step 413.
- the certificate is then issued by the registration server at applicant 40 during a step 414.
- the registration server may simply ask the identity server 31 or 32 for a limited number of information relating to the identity with respect to the information contained in said servers.
- the server 31 includes biometric information, for example fingerprints and voice signature, while the request for identity information may concern only the voice signature, it is therefore not necessary to transfer information relating to fingerprints.
- the requester 40 provides the identifier to the registration server 20 which queries the identity server 30 to obtain the identity information of the requester.
- the requestor 40 it is possible for the requestor 40 to query the identity server 30 directly for the identity server 30 to provide the identity information to the registration server 20.
- the identity is provided to the requestor. by the identity server 30 in the form of a certificate. The applicant can then produce the certificate to the registration server 20 which merely checks the validity of the certificate with the identity server.
- the certificate and the associated private key provided by the certificate server 10 to the requestor 40 pass through the registration server 20. It is quite possible to issue the certificate and the private key to the applicant 40 without passing by the registration server 20.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE602005005201T DE602005005201T2 (de) | 2004-08-19 | 2005-08-05 | Verfahren zur zuweisung eines authentifizierungszertifikats und infrastruktur zur zuweisung eines zertifikats |
US11/660,543 US20070283426A1 (en) | 2004-08-19 | 2005-08-05 | Method for Assigning an Authentication Certificate and Infrastructure for Assigning Said Certificate |
EP05796241A EP1779635B1 (fr) | 2004-08-19 | 2005-08-05 | Procede d'attribution de certificat d'authentification et infrastructure d'attribution de certificat |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0408992 | 2004-08-19 | ||
FR0408992 | 2004-08-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006021665A1 true WO2006021665A1 (fr) | 2006-03-02 |
Family
ID=34948282
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2005/002040 WO2006021665A1 (fr) | 2004-08-19 | 2005-08-05 | Procede d'attribution de certificat d'authentification et infrastructure d'attribution de certificat |
Country Status (5)
Country | Link |
---|---|
US (1) | US20070283426A1 (fr) |
EP (1) | EP1779635B1 (fr) |
AT (1) | ATE388573T1 (fr) |
DE (1) | DE602005005201T2 (fr) |
WO (1) | WO2006021665A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009503967A (ja) * | 2005-07-26 | 2009-01-29 | フランス テレコム | 単一の物理デバイスを用いた保護されたトランザクションの制御方法、それに対応する物理デバイス、システム及びコンピュータプログラム |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011120583A1 (fr) * | 2010-04-01 | 2011-10-06 | Nokia Siemens Networks Oy | Autorité de certificat |
US10397215B2 (en) | 2016-09-27 | 2019-08-27 | Visa International Service Assocation | Secure element installation and provisioning |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020108042A1 (en) * | 2001-01-10 | 2002-08-08 | Makoto Oka | Public key certificate issuing system, Public key certificate issuing method, digital certification apparatus, and program storage medium |
US20020194471A1 (en) * | 2001-06-14 | 2002-12-19 | International Business Machines Corporation | Method and system for automatic LDAP removal of revoked X.509 digital certificates |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7680819B1 (en) * | 1999-11-12 | 2010-03-16 | Novell, Inc. | Managing digital identity information |
US8015600B2 (en) * | 2000-12-22 | 2011-09-06 | Oracle International Corporation | Employing electronic certificate workflows |
US20030154376A1 (en) * | 2001-02-05 | 2003-08-14 | Yeoul Hwangbo | Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using |
US20030074555A1 (en) * | 2001-10-17 | 2003-04-17 | Fahn Paul Neil | URL-based certificate in a PKI |
KR100449484B1 (ko) * | 2001-10-18 | 2004-09-21 | 한국전자통신연구원 | 공개키 기반 구조 인증시스템에서 생체정보를 이용한인증서 발급 방법 |
US7275260B2 (en) * | 2001-10-29 | 2007-09-25 | Sun Microsystems, Inc. | Enhanced privacy protection in identification in a data communications network |
US6641037B2 (en) * | 2001-12-13 | 2003-11-04 | Peter Williams | Method and system for interactively providing product related information on demand and providing personalized transactional benefits at a point of purchase |
US7376624B2 (en) * | 2002-02-27 | 2008-05-20 | Imagineer Software, Inc. | Secure communication and real-time watermarking using mutating identifiers |
US7472423B2 (en) * | 2002-03-27 | 2008-12-30 | Tvworks, Llc | Method and apparatus for anonymously tracking TV and internet usage |
US7558955B2 (en) * | 2002-11-20 | 2009-07-07 | Aol Llc, A Delaware Limited Liability Company | Method and apparatus for secure instant messaging utilizing server-supervised publication |
-
2005
- 2005-08-05 WO PCT/FR2005/002040 patent/WO2006021665A1/fr active IP Right Grant
- 2005-08-05 EP EP05796241A patent/EP1779635B1/fr not_active Not-in-force
- 2005-08-05 US US11/660,543 patent/US20070283426A1/en not_active Abandoned
- 2005-08-05 DE DE602005005201T patent/DE602005005201T2/de active Active
- 2005-08-05 AT AT05796241T patent/ATE388573T1/de not_active IP Right Cessation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020108042A1 (en) * | 2001-01-10 | 2002-08-08 | Makoto Oka | Public key certificate issuing system, Public key certificate issuing method, digital certification apparatus, and program storage medium |
US20020194471A1 (en) * | 2001-06-14 | 2002-12-19 | International Business Machines Corporation | Method and system for automatic LDAP removal of revoked X.509 digital certificates |
Non-Patent Citations (2)
Title |
---|
ADAMS C. ET AL: "Internet X.509 Public Key Infrastructure Certificate Management Protocols", IETF, RFC 2510, March 1999 (1999-03-01), XP015008293 * |
ADAMS C., LLOYD S.: "Understanding PKI, Concepts, Standards, and Deployment Considerations", 2003, ADDISON-WESLEY, BOSTON, XP002316632 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009503967A (ja) * | 2005-07-26 | 2009-01-29 | フランス テレコム | 単一の物理デバイスを用いた保護されたトランザクションの制御方法、それに対応する物理デバイス、システム及びコンピュータプログラム |
Also Published As
Publication number | Publication date |
---|---|
US20070283426A1 (en) | 2007-12-06 |
DE602005005201D1 (de) | 2008-04-17 |
ATE388573T1 (de) | 2008-03-15 |
EP1779635A1 (fr) | 2007-05-02 |
EP1779635B1 (fr) | 2008-03-05 |
DE602005005201T2 (de) | 2009-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
TWI725793B (zh) | 用於將分散識別符映射到真實世界實體的系統及方法 | |
CN111316278B (zh) | 安全身份和档案管理系统 | |
EP3547203A1 (fr) | Méthode et système de gestion d'accès à des données personnelles au moyen d'un contrat intelligent | |
US7293098B2 (en) | System and apparatus for storage and transfer of secure data on web | |
US8019881B2 (en) | Secure cookies | |
RU2434340C2 (ru) | Инфраструктура верификации биометрических учетных данных | |
KR101105121B1 (ko) | 진정문서의 전달, 저장 및 회복에 대한 시스템 및 방법 | |
CA2647248C (fr) | Procede et serveur de coffres-forts electroniques avec mutualisation d'informations | |
US7925878B2 (en) | System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials | |
EP3343425A1 (fr) | Système et procédé pour la création et la gestion d'autorisations décentralisées pour des objets connectés | |
KR102410006B1 (ko) | 사용자 권한 관리가 가능한 did 생성 방법 및 이를 이용한 사용자 권한 관리 시스템 | |
KR101816652B1 (ko) | Utxo 기반 프로토콜에서 머클 트리 구조를 사용하여 서비스 제공 서버에 의하여 제공되는 서비스를 이용하기 위한 사용자의 로그인 요청에 대하여 pki 기반의 인증을 통해 로그인을 대행하는 방법 및 이를 이용한 서버 | |
CN109862024A (zh) | 一种云管理系统的网络授权协议访问控制方法及系统 | |
EP1779635B1 (fr) | Procede d'attribution de certificat d'authentification et infrastructure d'attribution de certificat | |
Adams et al. | PKI: Ten years later | |
Yeh et al. | Applying lightweight directory access protocol service on session certification authority | |
JP2002132996A (ja) | 情報存在証明サーバ、情報存在証明方法、および情報存在証明制御プログラム | |
JP4783992B2 (ja) | 属性証明書管理サーバ、属性証明書管理方法およびそのプログラム | |
US11954672B1 (en) | Systems and methods for cryptocurrency pool management | |
CN114444129B (zh) | 一种对电子印章进行动态控制的方法及系统 | |
FR2898423A1 (fr) | Procede securise de configuration d'un dispositif de generation de signature electronique. | |
Park | Secure attribute services on the web | |
EP4078495A1 (fr) | Procédé et dispositif de gestion d'une autorisation d'accès à un service de paiement fourni à un utilisateur | |
EP1258844A1 (fr) | Procédé et système pour l'établissement de la preuve d'une transaction électronique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11660543 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005796241 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2005796241 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 11660543 Country of ref document: US |
|
WWG | Wipo information: grant in national office |
Ref document number: 2005796241 Country of ref document: EP |