News Column

Patent Issued for Validation Server, Validation Method, and Program

September 9, 2014

By a News Reporter-Staff News Editor at Information Technology Newsweekly -- Hitachi, Ltd. (Tokyo, JP) has been issued patent number 8819417, according to news reporting originating out of Alexandria, Virginia, by VerticalNews editors.

The patent's inventors are Hashimoto, Yoko (Yokohama, JP); Fujishiro, Takahiro (Yokohama, JP); Furuya, Masahiko (Narashino, JP); Uzawa, Masami (Tokyo, JP); Hane, Shingo (Tokyo, JP); Sato, Akane (Yokohama, JP).

This patent was filed on February 28, 2012 and was published online on August 26, 2014.

From the background information supplied by the inventors, news correspondents obtained the following quote: "The present invention relates to technology for validating certificates.

"When transmitting an electronic data such as an electronic document, the sender's digital signature (hereinafter also referred to as a signature) and a public key certificate (hereinafter also referred to as a certificate) may be attached to the electronic data to be sent. Upon receiving the electronic data with the digital signature and the certificate, the receiver checks validity of the signature and certificate, confirms that the attached electronic data is not falsified, and in addition, confirms the identification of the sender of the electronic data.

"The issuing and validation of public key certificates is conducted in a public key infrastructure, the reference specification of which is stipulated in literature such as RFC 5280 (Internet X.509 Public Key Infrastructure Certificate and CRL Profile). As stipulated in RFC 5280, Chapter 6 (Certification Path Validation), the receiver (hereinafter also referred to as the verifier) constructs a certification path to the certificate which is subjected to a validation from a certificate of a reliable certificate authority (hereinafter also referred to as the CA), and then conducts a validation of the constructed certification path.

"In the case where a number of CAs involve with a certificate validation and these CAs are respectively coupled by mutual authentications, a configuration for validation of certificates is likely to be complex, and thus, a process managing the construction and validation of a certification path becomes complicated, too. For this reason, a server (hereinafter referred to as a validation server) that provides services for conducting certificate validation processing instead of the verifier's device and then transmitting the validation result to the verifier may be used. The reference protocol for validation servers is stipulated in RFC 5055 (Server-Based Certificate Validation Protocol). Upon receiving a certificate validation request from a verifier, the validation server constructs a certification path between the reliable CA for the verifier and the certificate which is subjected to a validation and then conducts validation of the constructed certification path. The validation server then adds its signature and certificate to the above validation result and transmits the certificate to the verifier. Upon receiving the validation result from the validation server, the verifier validates the signature and certificate of the validation server that are attached to the validation result, thereby confirming that the validation result is trustworthy.

"In addition, in a validation server like the above, it is necessary to perform cryptographic calculations while performing certification path validation processing, such as signature validation processing for certificates or certificate revocation lists (hereinafter referred to as CRLs), and processing to generate a validation server signature for the validation result. In order to reduce the processing load of such cryptographic calculations, hardware security modules (hereinafter referred to as HSMs) like those described in the related Literature 1 (SafeNet, 'Luna SA 4.2', [online], SafeNet, P.1, [accessed Jan. 21, 2008], Internet>), Literature 2 (SafeNet, 'Luna PCM 2.2', [online], SafeNet, P.1, [accessed Jan. 21, 2008], Internet>), and Literature 3 (nCipher, 'netHSM', [online], nCipher, P.1, [accessed Jan. 21, 2008], Internet>) are used."

Supplementing the background information on this patent, VerticalNews reporters also obtained the inventors' summary information for this patent: "When conducting cryptographic calculations on a validation server using an HSM like those described in the above Literature 1, 2, and 3, if the processing performance of the validation server is better than that of the HSM or if a very large number of validation requests are received, processing by the HSM may turn out to be a bottleneck and deteriorate overall processing performance of the validation server.

"The object of the present invention is to improve the processing performance of a validation server using HSMs by reducing the required process time from receiving a validation request to responding with a validation result.

"In order to solve the foregoing problems, the present invention involves providing a validation server with a plurality of HSMs or similar cryptographic modules, and then conducting cryptographic calculations using the least loaded cryptographic module.

"For example, an embodiment of the present invention explains a validation server that conducts certificate validation processing comprising a plurality of cryptographic modules that conduct cryptographic calculations included in the validation processing, and a controller. The controller conducts processing to check the load states of the plurality of cryptographic modules, and processing to select the least loaded cryptographic module in accordance with a result of the checked load states, and then to conduct the cryptographic calculations using the selected cryptographic module.

"As described above, according to an embodiment of the present invention, the required process time from receiving a validation request to responding with a validation result is reduced on a validation server that uses HSMs, thereby improving the processing performance of the validation server."

For the URL and additional information on this patent, see: Hashimoto, Yoko; Fujishiro, Takahiro; Furuya, Masahiko; Uzawa, Masami; Hane, Shingo; Sato, Akane. Validation Server, Validation Method, and Program. U.S. Patent Number 8819417, filed February 28, 2012, and published online on August 26, 2014. Patent URL:

Keywords for this news article include: Hitachi, Hitachi Ltd., Information Technology, Information and Cryptography.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Information Technology Newsweekly

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters