| 发明名称 | Validation server, validation method, and program | ||
| 摘要 | A validation server using HSM, which reduces required process time from receiving a validation request to responding with a validation result, and comprises a first software cryptographic module 142 and a second software cryptographic module 143 on a validation server 130 whose HSM is coupled with an I/F part 148. According to the validation server, load states of HSM, the first software cryptographic module 142 and the second software cryptographic module 143 are monitored by a cryptographic module monitor unit 141, and when cryptographic calculations in a validation process of certificates are conducted, the cryptographic calculations are executed by using the least loaded cryptographic module selected at a cryptographic module selector unit 140. | ||
| 申请公布号 | US8819417(B2) | 申请公布日期 | 2014.08.26 |
| 申请号 | US201213407376 | 申请日期 | 2012.02.28 |
| 申请人 | Hitachi, Ltd. | 发明人 | Hashimoto Yoko;Fujishiro Takahiro;Furuya Masahiko;Uzawa Masami;Hane Shingo;Sato Akane |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | McDermott Will & Emery LLP | 代理人 | McDermott Will & Emery LLP |
| 主权项 | 1. A validation server connecting to a HSM (Hardware Security Module) that conducts a reception of a request for a certificate validation, building a certification path, and validation of the certification path, comprising: a memory unit storing software cryptographic modules, and a controller, when conducting signature validation processing for a certificate, a certificate revocation list, or an OCSP (Online Certificate Status Protocol) response in the process of the certification path validation, performing functions to: calculate a hash value of the certificate, the certificate revocation list, or the OCSP response by using the software cryptographic module, decrypt a signature value of the certificate, the certificate revocation list, or the OCSP response which are to be validated by using the software cryptographic module, conduct the signature validation processing by comparing the calculated hash value and the decrypted data by using the software cryptographic module, calculate a hash value of a result of the signature validation processing by using the software cryptographic module, and encrypt the hash value of the result of the signature validation processing by using the HSM and a secret key of the HSM, and thereby generating a signature value. | ||
| 地址 | Tokyo JP | ||