WO2007108114A1 - Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu - Google Patents

Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu Download PDF

Info

Publication number
WO2007108114A1
WO2007108114A1 PCT/JP2006/305729 JP2006305729W WO2007108114A1 WO 2007108114 A1 WO2007108114 A1 WO 2007108114A1 JP 2006305729 W JP2006305729 W JP 2006305729W WO 2007108114 A1 WO2007108114 A1 WO 2007108114A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
attribute certificate
certificate
communication terminal
attribute
Prior art date
Application number
PCT/JP2006/305729
Other languages
English (en)
Japanese (ja)
Inventor
Satoshi Ohta
Original Assignee
Matsushita Electric Industrial Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co., Ltd. filed Critical Matsushita Electric Industrial Co., Ltd.
Priority to PCT/JP2006/305729 priority Critical patent/WO2007108114A1/fr
Publication of WO2007108114A1 publication Critical patent/WO2007108114A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to a domain participation method, an attribute certificate selection method, a communication terminal, an IC card, a CE device, and an attribute certificate, in which content is acquired by a secure method using one CE device in a plurality of user environments. It relates to an issuing authority and a content server.
  • PKI Public Key Infrastructure
  • PKI is an infrastructure that provides security services such as confidentiality, authentication, integrity, and non-repudiation by providing encryption and digital signature functions.
  • a certificate authority issues a public key certificate as proof of the user's identity.
  • the client device and the server device obtain each other's public key certificate.
  • Methods of obtaining a public key certificate include obtaining the other party's public key certificate and obtaining it from the repository.
  • each device of the client device and the server device acquires the public key certificate of the communication partner, it verifies the validity 'validity by the signature of the acquired public key certificate, expiration date, etc. Prove.
  • Each device signs the value shared with the other party with the private key owned by itself and transmits it to the other party, thereby making it possible for each other to obtain the public key certificate acquired earlier. We can verify that we are the rightful owner.
  • Examples of applications that provide authentication and encryption communication using a public key certificate as described above include SSL, IPsec, and the like.
  • the user can authenticate the user by possessing the public key / private key pair.
  • a data communication system including attribute confirmation processing and a data communication method including attribute confirmation processing are known as a system using such authentication by public key certificate and access control by attribute certificate. Teach (see Patent Document 1).
  • the shop server and the user device are expressed as an entity.
  • the shop server and the user device own the public key certificate and the attribute certificate.
  • Patent Document 1 an attribute code is added to each function of an entity that executes data communication, for example, each function such as a device that executes content purchase and a server that receives a content purchase request. There is.
  • the functions that the entity can execute are determined by the attribute code of the attribute certificate.
  • Each entity performs mutual authentication between entities when attempting to perform a certain function in data communication with another entity. If this mutual authentication is successful, attribute authentication is performed to confirm what function the communication partner can execute.
  • An entity uses an attribute certificate when performing attribute authentication of the entity with which it is communicating, and the method of obtaining this attribute certificate may be sent by the other party, obtained from a repository, etc. There is a way.
  • An entity that has acquired the attribute certificate of the other party of communication verifies the attribute certificate. As a result of verification, if it is determined that the attribute certificate is correct, the attribute described in the attribute certificate is confirmed. If the confirmed attribute matches the one assumed, the entity permits the other party to perform the function given by the attribute.
  • the entity rejects the communication partner from executing the function.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2002-139998
  • a family or a plurality of users use one CE (Consumer Electronics) device.
  • CE Consumer Electronics
  • the CE device has to be limited to one user, there is a problem if the user who performs content acquisition with the CE device is limited.
  • An object of the present invention is to provide a domain participation method, an attribute certificate selection method, a communication terminal, and an IC card, in which one CE device can be used in a plurality of user environments and content can be acquired in a secure manner. , CE equipment, attribute certificate issuing authority, and content server.
  • the domain participation method of the present invention is a domain participation method for acquiring content in a secure manner using one CE device in a plurality of user environments, and the public key of the CE device as a domain representative. Based on the certificate, the memory with the IC card function where the attribute certificate is stored, and the attribute certificate of the communication terminal who is the domain participant, domain participation permission is permitted.
  • the domain participation notification step of notifying domain participation to the attribute certificate issuing authority that issues the attribute certificate, and the attribute certificate issuing office receiving the domain participation notification from the communication terminal enables the CE device to be published.
  • Domain participation which issues a domain participation permission attribute certificate in which a key certificate is associated with an attribute certificate of the communication terminal, and a public key certificate of the CE device is associated with an attribute certificate of the communication terminal to the communication terminal And a step of issuing a permission attribute certificate.
  • FIG. 1 is a block diagram showing an example of a communication system for realizing a domain joining method according to an embodiment of the present invention.
  • FIG. 2 A block diagram showing a configuration of a communication terminal in a communication system for realizing a domain joining method according to an embodiment of the present invention.
  • FIG. 3 A block diagram showing a configuration of an IC card in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • FIG. 4 A block diagram showing a configuration of a CE device in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • FIG. 5 A block diagram showing a configuration of an attribute certificate issuing station in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • FIG. 6 A sequence diagram showing an example of a communication procedure of a system for realizing a domain joining method according to an embodiment of the present invention.
  • FIG. 7 A block diagram for explaining the operation at the time of domain participation application of a communication terminal in the communication system for realizing the domain participation method according to one embodiment of the present invention.
  • FIG. 8 In a communication system for realizing a domain participation method according to an embodiment of the present invention Block diagram for explaining the operation at the time of content acquisition of the communication terminal
  • FIG. 9 A block diagram for explaining the operation at the time of applying for a domain participant in an IC card in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • FIG. 10 A block diagram for explaining an operation at the time of content acquisition of an IC card in a communication system realizing a domain participation method according to an embodiment of the present invention
  • FIG. 11 A block diagram for explaining a method of issuing a domain participation permission attribute certificate of an attribute certificate issuing authority in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • FIG. 12 A block diagram for explaining a processing method at the time of content acquisition of a CE device in a communication system for realizing a domain participation method according to an embodiment of the present invention. Best Mode for Carrying Out the Invention
  • FIG. 1 is a block diagram showing an example of a communication system for realizing a domain joining method according to an embodiment of the present invention.
  • the communication system 100 for realizing the domain participation method of this example is a communication terminal 200, an IC card 300, a CE device 400, an attribute certificate issuing station 500, and a content server 60.
  • communication terminal 200 and CE device 400 are connected to network 800 via access point (AP) 700, and communication in this communication system 100 is performed.
  • the network may be in the form of direct communication between devices as long as data transfer is possible.
  • FIG. 2 is a block diagram showing a configuration of a communication terminal in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the communication terminal 200 used in the communication system 100 includes a network input / output unit 201, an external device access request unit 202, an external device operation unit 203, a device information storage unit 204, and a public key certificate.
  • Storage unit 205 domain participation permission attribute certificate issuance request unit 206, An attribute certificate storage unit 207, a domain participation permission attribute certificate reception unit 208, a domain participation permission attribute certificate output unit 209, and a card slot input / output unit 210 are provided.
  • the network input / output unit 201 transmits and receives information to and from the attribute certificate issuing authority 500 and the content server 600 connected to the CE device 400 and the network 800.
  • the external device access request unit 202 requests the CE device 400, which is an external device, to access including user information.
  • the external device operation unit 203 selects content from the communication terminal 200 and determines content acquisition.
  • the device information storage unit 204 stores device information of an external device input via the network input / output unit 201, user information of the communication terminal 200, and the like.
  • Public key certificate storage unit 205 stores the public key certificate of the user of communication terminal 200.
  • Domain participation permission attribute certificate issuance request unit 206 sends attribute certificate issuance authority 500 via network I / O unit 201 and network 800 in order to join CE device 400 as a domain representative. Apply for domain advisors.
  • the attribute certificate storage unit 207 stores the attribute certificate of the communication terminal 200.
  • the domain participation permission attribute certificate reception unit 208 receives the domain participation permission attribute certificate issued from the attribute certificate issuing station 500 via the network input / output unit 201 and the network 800.
  • the domain participation permission attribute certificate output unit 209 sends the domain participation permission attribute certificate received by the domain participation permission attribute certificate receiving unit 220 from the attribute certificate issuing station 500 to the card slot input / output unit 210. .
  • the card slot input / output unit 210 receives the domain participation permission attribute certificate received from the domain participation permission attribute certificate output unit 209 and the user of the communication terminal 200 stored in the public key certificate storage unit 205.
  • the public key certificate or the like is transmitted to the IC card 300 connected to the card slot input / output unit 210.
  • the card slot input / output unit 210 is stored in the IC card 300 connected thereto. Receive card information.
  • FIG. 3 is a block diagram showing a configuration of an IC card in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the IC card 300 used in the communication system 100 includes an input / output unit 301, a certificate transmission unit 302, a public key certificate storage unit 303, an attribute certificate storage unit 304, and device information reading. Part 305, certificate verification and notification part 306, certificate comparison and verification part 307, domain management part 3
  • the input / output unit 301 transmits / receives information to / from the communication terminal 200, the CE device 400, and the like.
  • the certificate transmission unit 302 receives the public key certificate and the attribute certificate read out from the public key certificate storage unit 303 and the attribute certificate storage unit 304 when applying for domain participation of the communication terminal 200, and outputs the certificate to the input / output unit 301. Send to an external device via
  • the public key certificate storage unit 303 stores the public key certificate of the device to which the IC card 300 is connected.
  • the attribute certificate storage unit 304 stores the attribute certificate of the device to which the IC card 300 is connected.
  • the device information reading unit 305 reads the information of the public key certificate and the attribute certificate of the CE device 400 which is the domain representative, in order to establish a connection with the CE device 400.
  • the certificate verification notification unit 306 notifies the CE device 400 via the input / output unit 301 whether or not the user compared and verified by the certificate comparison verification unit 307 is an appropriate user.
  • the certificate comparison and verification unit 307 compares and verifies the user information acquired from the communication terminal 200 by the device information reading unit 305 and the attribute certificate stored in the attribute certificate storage unit 304.
  • the domain management unit 308 manages whether or not the domain participation permission attribute certificate associated with the public key certificate of the CE device 400 that is the domain representative is the correct domain.
  • FIG. 4 is a block diagram showing the configuration of a CE device in a communication system for realizing the domain participation method according to an embodiment of the present invention.
  • CE device 400 used in communication system 100 is connected to the network. Force unit 401, user information transfer unit 402, card slot input / output unit 403, authentication result notification unit 4
  • a device information reading unit 405 an external device access request providing unit 406, and a screen display device connection unit 407.
  • network input / output unit 401 transmits / receives information to / from devices connected to network 800.
  • the user information transfer unit 402 transmits the user information acquired from the communication terminal 200 to the IC card 300.
  • the card slot input / output unit 403 transmits / receives information to / from the IC card 300 connected thereto.
  • the authentication result notification unit 404 receives a notification of a diagnosis result as to whether the user information of the communication terminal 200 is appropriate or not from the certificate verification notification unit 306 of the IC card 300.
  • the device information reading unit 405 reads the device information of the device connected to the network 800 via the network input / output unit 401.
  • the external device access request providing unit 406 transfers the content request of the communication terminal 200 to the content server 600.
  • the screen display device connection unit 407 transmits the content information acquired from the content server 600 to the screen display device 900 shown in FIG. 1 connected thereto.
  • FIG. 5 is a block diagram showing a configuration of an attribute certificate issuing station in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the attribute certificate issuing station 500 used in the communication system 100 includes a network input / output unit 501, a domain participation reception unit 502, a domain creation unit 503, and a domain storage unit 5.
  • the domain participation permission attribute certificate issuing unit 505 is provided.
  • network input / output unit 501 transmits / receives information to / from devices connected to network 800.
  • the domain participation reception unit 502 receives the CE device 40 received via the network input / output unit 501.
  • a domain creation unit 503 is a CE that is a domain representative received by the domain participation reception unit 502.
  • the public key certificate of the device 400 and the attribute certificate of the communication terminal 200 that participates in the domain are associated with the domain by the dull attribute, and the associated domain participation permission attribute certificate is sent to the domain storage unit 504.
  • the domain storage unit 504 stores the domain participation permission attribute certificate associated by the domain creation unit 503 for each domain.
  • the domain participation permission attribute certificate issuing unit 505 stores the domain participation permission attribute stored in the domain storage unit 504 with respect to the communication terminal 200 that performs domain participation via the network input / output unit 501. Read the certificate from time to time and issue it.
  • FIG. 6 is a sequence diagram showing an example of a communication procedure of a system for realizing the domain participation method according to an embodiment of the present invention.
  • the communication terminal 200 needs to join the domain with the CE device 400 as the domain representative. .
  • CE device 400 which is a domain representative, stores its own public key certificate and attribute certificate in IC card 300 (step ST601), and this public key certificate is stored.
  • the IC card 300 storing the document and the attribute certificate is delivered to the communication terminal 200 which is a domain participant (step ST602).
  • Communication terminal 200 which has acquired IC card 300 has an attribute certificate of its own attribute certificate and the public key certificate and attribute certificate of CE device 400 which is the domain representative stored in IC card 300. Book publishing agency 500 (step ST603).
  • Attribute certificate issuing authority 500 associates the public key certificate of CE device 400 that is the domain representative with the attribute certificate of communication terminal 200, and creates a domain participation permission attribute certificate (step ST 604). And issue the created domain participation permission attribute certificate to the communication terminal 200 (step ST605).
  • the communication terminal 200 having issued the domain participation permission attribute certificate from the attribute certificate issuing station 500 stores the received domain participation permission attribute certificate in the IC card 300 (step ST 606).
  • communication terminal 200 can participate in a domain in which CE device 400 is the domain representative, and can use CE device 400.
  • the communication terminal 200 that is permitted to join the domain with the CE device 400 as the domain representative is the IC device 300 in which the domain participation permission attribute certificate is stored.
  • the CE device 400 having the IC card 300 returned from the communication terminal 200 inserts the IC card 300 returned from the communication terminal 200 into a card slot (not shown) (step ST 608).
  • the input / output unit 301 of the IC card 300 is connected to the card slot input / output unit 210 of the CE device 400.
  • communication terminal 200 participates in a domain in which CE device 400 is the domain representative.
  • CE device 400 compares the user information with the domain participation permission attribute certificate in IC card 300. (Step ST610).
  • Communication terminal 200 acquires access information at the time of authentication with CE device 400.
  • the authentication method at the time of access between the communication terminal 200 and the CE device 400 is not particularly limited.
  • mutual authentication using a public key certificate or an attribute using an attribute certificate It may be any of the certification.
  • CE device 400 determines that the access information from communication terminal 200 is user information of a domain participant, content request and disclosure of the domain representative in IC card 300 inserted are made.
  • the key certificate and the attribute certificate of the communication terminal 200 are transmitted (provided) to the content server 600 (step ST611).
  • Content server 600 identifies (authenticates) the public key certificate provided from CE device 400 with the device information and the attribute certificate (user information) (step ST 612), and reproduces the CE key according to the user. Send (provide) possible content to the CE device 400 (step ST613)
  • FIG. 21 is a block diagram for explaining an operation at the time of domain participation application for a communication terminal in the communication system in the communication system for realizing the domain participation method according to the embodiment of the present invention.
  • domain participation permission attribute certificate issuance request section 206 performs network entry / output section 201 and domain input / output section 201 for domain participation. Apply to the attribute certificate issuing authority 500 via the network 800 for participation in the domain.
  • the communication terminal 200 provides the attribute certificate issuing station 500 with the attribute certificate stored in the attribute certificate storage unit 207 in order to indicate that the communication terminal 200 itself is a domain participant.
  • the attribute certificate stored in the attribute certificate storage unit 207 in order to indicate that the communication terminal 200 itself is a domain participant.
  • attribute certificate issuing authority 500 associates the public key certificate of CE device 400 that is the domain representative with the attribute certificate of communication terminal 200, creates a domain participation permission attribute certificate, and creates it.
  • the domain participation permission attribute certificate is issued to the communication terminal 200.
  • Communication terminal 200 receives the domain participation request attribute certificate issued from attribute certificate issuing station 500 via domain 800 and network input / output unit 201, and domain certificate for packet participation permission attribute certificate receiving unit 208 Do.
  • the domain participation permission attribute certificate receiving unit 208 sends the domain participation permission attribute certificate received from the attribute certificate issuing station 500 to the domain participation permission attribute certificate output unit 209.
  • the domain participation permission attribute certificate output unit 209 stores the domain participation permission attribute certificate received from the domain participation permission attribute certificate reception unit 208 in the IC card 300 connected to the card slot output unit 210. .
  • communication terminal 200 can communicate with CE device 400 by participating in a domain in which CE device 400 is the domain representative.
  • FIG. 8 is a block diagram for explaining the operation at the time of content acquisition of the communication terminal in the communication system for realizing the domain participation method according to the embodiment of the present invention.
  • the external device access request unit 202 accesses the CE device 400 that is the external device via the network input / output unit 201 including user information.
  • the device authentication at the time of access between the communication terminal 200 and the CE device 400 at this time is mutual authentication using the public key certificate of the user stored in the public key certificate storage unit 205, or the attribute certificate It is possible to use any of the attribute authentication methods using the attribute certificate stored in the storage unit 207, and is not particularly limited.
  • the external device operation unit 203 performs content selection from the communication terminal 200 and content acquisition determination.
  • FIG. 9 is a block diagram for explaining an operation at the time of applying for a domain participant in an IC card in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the IC card 300 is first inserted into the CE device 400 as shown in FIG.
  • the device information reading unit 305 is a CE device.
  • the public key certificate and the attribute certificate of the CE device 400 read by the device information reading unit 305 are stored in the public key certificate storage unit 303 and the attribute certificate storage unit 304.
  • the IC card 300 storing the public key certificate and the attribute certificate of the CE device 400 which is the domain representative is connected to the card slot input / output unit 210 of the communication terminal 200 as shown in FIG. .
  • certificate sending unit 302 of IC card 300 receives CE device 400 which is a domain representative from public key certificate storage unit 303 and attribute certificate storage unit 304 when domain participation application for communication terminal 200 is applied. Read out the public key certificate and attribute certificate of and send the public key certificate and attribute certificate of this CE device 400 to the attribute certificate issuing authority 500.
  • the attribute certificate issuing authority 500 having received this receives the domain participation permission attribute certificate which is created by associating the public key certificate of the CE device 400 which is the domain representative with the attribute certificate of the communication terminal 200 as a communication terminal. Issue to 200
  • the IC card 300 inserted in the communication terminal 200 has the domain participation permission attribute certificate issued from the attribute certificate issuing station 500 to the communication terminal 200, and the attribute certificate storage unit 304 performs communication end. Received from the end 200.
  • IC card 300 having received the domain participation permission attribute certificate from communication terminal 200 has domain participation permission attribute associated with the public key certificate of CE device 400 which is the domain representative in domain management unit 308. Manage whether the certificate is in the correct domain.
  • FIG. 10 is a block diagram for explaining an operation at the time of content acquisition of an IC card in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the IC card 300 at the time of content acquisition compares the user information acquired from the communication terminal 200 by the device information reading unit 305 with the attribute certificate stored in the attribute certificate storage unit 304 by certificate comparison and verification.
  • the part 307 compares and verifies.
  • the IC card 300 completes the comparison and verification of the user information and the attribute certificate in the certificate comparison and verification unit 307
  • the user compared and verified in the certificate comparison and verification unit 307 is an appropriate user.
  • the certificate verification and notification unit 306 notifies the CE device 400 via the input / output unit 301 whether or not the certificate verification notification unit 306 has received the certificate.
  • the certificate transmission unit 302 of the IC card 300 determines that the user compared and verified by the certificate comparison / verification unit 307 is an appropriate user from the certificate verification notification unit 306 to the CE device 400. After being notified, the content server of the CE device 400 who is the domain representative and the attribute certificate of the user of the communication terminal 200 who is the domain participant from the CE device 400 via the network 800 via the content server Send to 600
  • FIG. 11 is a block diagram for explaining a method of issuing a domain participation permission attribute certificate of an attribute certificate issuing authority in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the attribute certificate issuing station 500 in the case of issuing a domain participation permission attribute certificate has a domain participation reception unit 502 that is a public key certificate of CE device 400 whose domain representative is And an attribute certificate, and an attribute certificate of the communication terminal 200 which is a domain participant, through the network input / output unit 501. Then, the domain participation reception unit 502 sends the public key certificate and attribute certificate of the CE device 400 received via the network input / output unit 501 and the attribute certificate of the communication terminal 200 to the domain creation unit 503.
  • Domain creation section 503 has the public key certificate of CE device 400 that is the domain representative received by domain participation reception section 502 and the attribute certificate of communication terminal 200 that participates in domain with the domain attribute. Associating of, and sending the associated domain participation permission attribute certificate to the domain storage unit 504.
  • the domain storage unit 504 stores the domain participation permission attribute certificate associated in the domain creation unit 503 for each domain.
  • domain participation permission attribute certificate issuing unit 505 transmits the domain participation stored in domain storage unit 504 to communication terminal 200 performing domain participation via network input / output unit 501. Read out and issue permission attribute certificates as appropriate.
  • FIG. 12 is a block diagram for explaining a processing method at the time of content acquisition of a CE device in a communication system for realizing a domain participation method according to an embodiment of the present invention.
  • the CE device 400 at the time of content acquisition is connected in advance to the content server 600 via the network 800, and a screen display device 900 for displaying content information is connected, Shall be
  • the user information transfer unit 402 of the CE device 400 transfers, to the IC card 300, the user information for which the communication terminal 200 has also been obtained in advance.
  • the authentication result notification unit 404 of the CE device 400 receives, from the certificate verification notification unit 306 of the IC card 300, a notification of a diagnosis result as to whether the user information of the communication terminal 200 is appropriate.
  • the external device access request providing unit 406 of the CE device 400 transfers the content request of the communication terminal 200 to the content server 600.
  • the domain participation in the IC card 300 can be used.
  • Content from CE device 400 with password for using authorization attribute certificate Acquisition is possible.
  • the power of storing one public key certificate and a plurality of attribute certificates in one domain using an IC card 300 is disclosed.
  • the storage medium for storing the document may be, for example, a flash memory having an IC card function, as long as it is removable and retains the security function equivalent to that of the IC card 300.
  • one public key certificate and a plurality of attribute certificates can be stored in association with one domain using an IC card, and domain management can be facilitated. Therefore, domain participation method, attribute certificate selection method, communication terminal, IC card, CE device, attribute certificate that acquires content in a secure way using one CE device in multiple user environments Useful as an issuing authority and content server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé de participation à un domaine capable d'acquérir un contenu par un procédé sécurisé en utilisant un dispositif CE dans une pluralité d'environnements utilisateur. Le procédé de participation à un domaine comprend les étapes suivantes : étape de signalisation de participation à un domaine destinée à signaler une participation à un domaine à une station émettrice de certificat d'attribut (500) qui émet un certificat d'autorisation de participation à un domaine en fonction d'un certificat de clé publique d'un dispositif CE (400) en tant que représentant du domaine, une carte à circuit imprimé (300) contenant le certificat d'attribut, et un certificat d'attribut d'un terminal de communication (200) en tant que participant au domaine ; et une étape d'émission de certificat d'attribut d'autorisation de participation au cours de laquelle la station d'émission de certificat d'attribut (500) reçoit le rapport de participation à un domaine de la part du terminal de communication (200), corrèle le certificat de clé publique du dispositif CE (400) au certificat d'attribut du terminal de communication (200) et émet à l'adresse du terminal de communication (200) un certificat d'attribut d'autorisation de participation à un domaine dans lequel le certificat de clé publique du dispositif CE (400) est corrélé au certificat d'attribut du terminal de communication (200).
PCT/JP2006/305729 2006-03-22 2006-03-22 Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu WO2007108114A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/305729 WO2007108114A1 (fr) 2006-03-22 2006-03-22 Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/305729 WO2007108114A1 (fr) 2006-03-22 2006-03-22 Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu

Publications (1)

Publication Number Publication Date
WO2007108114A1 true WO2007108114A1 (fr) 2007-09-27

Family

ID=38522154

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/305729 WO2007108114A1 (fr) 2006-03-22 2006-03-22 Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu

Country Status (1)

Country Link
WO (1) WO2007108114A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130031884A (ko) * 2010-09-17 2013-03-29 노키아 지멘스 네트웍스 오와이 통신 네트워크에서의 속성들의 원격 검증
US9215220B2 (en) 2010-06-21 2015-12-15 Nokia Solutions And Networks Oy Remote verification of attributes in a communication network
JP2016510564A (ja) * 2013-02-01 2016-04-07 マイクロソフト テクノロジー ライセンシング,エルエルシー コンピューティングデバイスアクセサリをセキュアにすること

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004015530A (ja) * 2002-06-07 2004-01-15 Sony Corp アクセス権限管理システム、中継サーバ、および方法、並びにコンピュータ・プログラム
JP2004046430A (ja) * 2002-07-10 2004-02-12 Sony Corp リモートアクセスシステム、リモートアクセス方法、リモートアクセスプログラム及びリモートアクセスプログラムが記録された記録媒体
JP2005250939A (ja) * 2004-03-05 2005-09-15 Matsushita Electric Ind Co Ltd 連携可能機器群を管理するための装置および方法
JP2006500652A (ja) * 2002-09-23 2006-01-05 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 証明書に基づく認証ドメイン
JP2006014325A (ja) * 2004-06-24 2006-01-12 Palo Alto Research Center Inc ポータブルセキュリティトークンを使用して、ネットワークにおけるデバイス群に関する公開鍵証明を円滑にするための方法及び装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004015530A (ja) * 2002-06-07 2004-01-15 Sony Corp アクセス権限管理システム、中継サーバ、および方法、並びにコンピュータ・プログラム
JP2004046430A (ja) * 2002-07-10 2004-02-12 Sony Corp リモートアクセスシステム、リモートアクセス方法、リモートアクセスプログラム及びリモートアクセスプログラムが記録された記録媒体
JP2006500652A (ja) * 2002-09-23 2006-01-05 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 証明書に基づく認証ドメイン
JP2005250939A (ja) * 2004-03-05 2005-09-15 Matsushita Electric Ind Co Ltd 連携可能機器群を管理するための装置および方法
JP2006014325A (ja) * 2004-06-24 2006-01-12 Palo Alto Research Center Inc ポータブルセキュリティトークンを使用して、ネットワークにおけるデバイス群に関する公開鍵証明を円滑にするための方法及び装置

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9215220B2 (en) 2010-06-21 2015-12-15 Nokia Solutions And Networks Oy Remote verification of attributes in a communication network
US10218514B2 (en) 2010-06-21 2019-02-26 Nokia Technologies Oy Remote verification of attributes in a communication network
KR20130031884A (ko) * 2010-09-17 2013-03-29 노키아 지멘스 네트웍스 오와이 통신 네트워크에서의 속성들의 원격 검증
JP2013530650A (ja) * 2010-09-17 2013-07-25 ノキア シーメンス ネットワークス オサケユキチュア 通信ネットワークにおける属性の遠隔検証
KR101580443B1 (ko) * 2010-09-17 2015-12-28 노키아 솔루션스 앤드 네트웍스 오와이 통신 네트워크에서의 속성들의 원격 검증
JP2016510564A (ja) * 2013-02-01 2016-04-07 マイクロソフト テクノロジー ライセンシング,エルエルシー コンピューティングデバイスアクセサリをセキュアにすること
US9948636B2 (en) 2013-02-01 2018-04-17 Microsoft Technology Licensing, Llc Securing a computing device accessory

Similar Documents

Publication Publication Date Title
JP4965558B2 (ja) ピアツーピア認証及び権限付与
US10567370B2 (en) Certificate authority
US6880079B2 (en) Methods and systems for secure transmission of information using a mobile device
US7818576B2 (en) User controlled anonymity when evaluating into a role
US8752203B2 (en) System for managing computer data security through portable data access security tokens
AU2008344384B2 (en) Information distribution system and program for the same
US20100229241A1 (en) Method of accessing service, device and system thereof
US11128604B2 (en) Anonymous communication system and method for subscribing to said communication system
JP2005532736A (ja) 生物測定学的私設キーインフラストラクチャ
WO2007099608A1 (fr) Systeme d'authentification, dispositif ce, terminal mobile, station d'emission de certificat de cle et procede d'acquisition de certificat de cle
KR20170106515A (ko) 다중 팩터 인증 기관
JP2003067326A (ja) ネットワーク上の資源流通システム、及び相互認証システム
EP2957064B1 (fr) Procédé de preuve de fiabilité du respect de confidentialité entre trois parties qui communiquent
JP2009086802A (ja) 認証仲介方法およびシステム
US8234497B2 (en) Method and apparatus for providing secure linking to a user identity in a digital rights management system
JP2001186122A (ja) 認証システム及び認証方法
JP2015194879A (ja) 認証システム、方法、及び提供装置
WO2007108114A1 (fr) Procede de participation a un domaine, procede de selection de certificat d'attribut, terminal de communication, carte a circuit imprime, dispositif ce, station emettrice de certificat d'attribut et serveur de contenu
CN116506118A (zh) 一种pki证书透明化服务中身份隐私性保护方法
JP4552785B2 (ja) 暗号化通信管理サーバ
EP1959607B1 (fr) Procédé et système d'authentification d'identité
KR100993333B1 (ko) 인터넷 접속 도구를 고려한 사용자 인증 방법 및 시스템
CN110099063B (zh) 一种会议报名凭证的生成方法
JP2005318269A (ja) 電子証明書管理システム、電子証明書管理方法、及び、サーバ
JP5660454B2 (ja) プライバシを保障した機器間接続方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06729696

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06729696

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP