Determination method for cryptographic algorithm used for signature, validation server and program

摘要

On the basis of revocation information of a certificate, information of a certification authority and of the certificate issued by the certification authority from a terminal device, and information of a cryptographic algorithm, validity of the certificate from the terminal device is determined. If the certificate is valid, a validation result treating the certificate as valid is created, and using information of the cryptographic algorithm from the terminal device and information of the cryptographic algorithm used for the signature of the certification authority which has been imparted to the revocation information of the certificate, a selection list of cryptographic algorithms used for the response signature to impart to the verification result of the certificate is created to determine the cryptographic algorithm used for the response signature to impart the verification result of the certificate on the basis of the created list and the cryptographic algorithms capable of being accommodated by the verification server.

主权项

1. A determination method of an encryption algorithm to be used in a response signature affixed to a validation result of a public key certificate, in a validation server for validating validity of a public key certificate issued by a certification authority,
the validation server comprising: a first storage unit for storing revocation information, the revocation information including information identifying a revoked public key certificate and information identifying a certification authority that issued the revoked public key certificate; and a second storage unit for storing information of the encryption algorithms that can be coped with by the validation server, the encryption algorithm determination method comprising: causing the validation server to receive a validation request from a terminal device, the validation request including information identifying the public key certificate, information identifying the certification authority, and information of the encryption algorithm; causing the validation server to create a validation result that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid, in a case where the received information of the public key certificate and information of the certification authority are not present in the first storage unit; causing the validation server to create a selection list of encryption algorithms that can be used for a response signature affixed to the validation result of the public key certificate in association with information indicating priorities thereof according to an order set to the validation request, by using the information of the encryption algorithm included in the validation request and information of an encryption algorithm used in a signature of the certification authority affixed to the revocation information; and causing the validation server to compare the encryption algorithms in the second storage unit with the encryption algorithms in the selection list to determine an encryption algorithm that is coincident and high in priority as an encryption algorithm to be used in a signature affixed to the validation result of the public key certificate.