CN102026161B - System and method for validity verification of certificate in mobile backhaul net - Google Patents
System and method for validity verification of certificate in mobile backhaul net Download PDFInfo
- Publication number
- CN102026161B CN102026161B CN200910171494.9A CN200910171494A CN102026161B CN 102026161 B CN102026161 B CN 102026161B CN 200910171494 A CN200910171494 A CN 200910171494A CN 102026161 B CN102026161 B CN 102026161B
- Authority
- CN
- China
- Prior art keywords
- ocsp
- certificate
- range
- responsor
- long
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention provides system and method for validity verification of a certificate in a mobile backhaul net. The method comprises the following steps of: when the validity of a domain certificate is verified, the client side of an online certificate status protocol (OCSP) sends an OCSP search request to an OCSP responser, and a request certificate table is carried; after the OCSP responser receives the OCSP search request, a certificate library is requested to verify the validity of the certificate in the request certificate table, and the certificate library searches the validity of the certificate in the request certificate table and transmits the search results of the validity of the certificate to the OCSP client side by the OCSP responser. The invention can efficiently verify the validity of the certificate in the mobile backhaul net in real time.
Description
Technical field
The present invention relates to communication technical field, specially refer to a kind of system and method for validity verification of certificate in mobile backhaul net.
Background technology
The safety problem of mobile backhaul net receives increasing concern.The tissues such as 3GPP, BBF and NGMN have carried out comparatively deep analysis to the demand for security of mobile backhaul net, and certificate management is the basis of mobile backhaul net security mechanism.
In 3GPP TS 33.401, propose based on NDS (Network Domain Security) mechanism protection mobile backhaul net safety, TS 33.310 related specifications are obeyed in the management of NDS certificate.Yet TS 33.310 works out for network domains certificate management demand, and is not exclusively applicable to validity verification of certificate in mobile backhaul net demand, therefore need to the certificate validity authentication mechanism in standard be strengthened.
The validation verification of TS 33.310 certificates is mainly realized based on CRL.CRL in TS 33.310 is divided three classes: Local CRL, the inner CRL of Public CRLHe operator, by the access to these CRL storehouses, realize the checking to certificate validity.The access method in CRL storehouse, 33.310 pairs of NDS territories of TS is illustrated, and SEGs is used LDAP access CRL storehouse, and NEs is by LDAP or HTTP access CRL storehouse.
There is certain defect in CRL mechanism, is not suitable for some scene.The subject matter of CRL is: the scale of (1) CRL, the size of CRL is directly proportional with the probability of CA territory end entity number, certificate life cycle and certificate revocation.And revocation information must exist issuing in the whole life cycle of certificate, this may cause CRL scale very large.CRL scale is excessive, has also increased the periodically offered load of CRL request.(2) real-time of the contained revocation information of CRL.CRL regularly publishes, and the arrival of cancelling request is random, so can not guarantee real-time and the accuracy of certificate revocation information.In sum, for needs, obtain in real time certificate status information, and only need the application scenarios of single certificate status information, be not suitable for using CRL mechanism.
In order to make up large, the non real-time problem of CRL expense, PKIX working group has proposed online certificate status protocol (Online Certificate Status Protocol, OCSP) in RFC2560, and OCSP can realize online certificate status checking.Other state information that OCSP responsor can also provide CRL mode not provide, as some extend informations.With CRL, compare, OCSP agreement has the following advantages:
(1) OCSP can provide fresh, instant certificate status information, has made up the deficiency of CRL, has avoided distributing the inconvenience that extensive CRL brings;
(2) mode of operation of OCSP is typical Client/Server, makes OCSP can support more user;
(3) OCSP response is less than sending whole CRL, can take the minimum network bandwidth, saves the network bandwidth;
(4) compare with the CRL regularly publishing, OCSP can provide better anonymity, because requestor must be to the specific certificate status information of filing a request, rather than removes simply to obtain whole certificate revocation list;
(5) OCSP requests/response messages can be propagated on TCP/IP network, and can transmit requests/response messages based on multiple transmission mechanism, as HTTP, and SMTP, LDAP etc.;
(6) because OCSP responsor carries out digital signature to definite response, therefore, if the information of terminal use's retention figures signature, the information such as the time that OCSP request is sent and effectively OCSP response, these information just can become the voucher of the non repudiation of historical trading, and this compares simple many with CRL mode.
For mobile backhaul net, exist some scenes to inquire about the validity of single certificate.The for example inquiry of H (e) NB to SEG certificate validity, eNB resets and to cause that eNB certificate validity that SEG need to sign and issue equipment vendor is inquired about etc.And in prior art, still there is not the scheme about validity verification of certificate in mobile backhaul net.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of system and method for validity verification of certificate in mobile backhaul net, how in real time to have solved, verified efficiently the problem of certificate validity in mobile backhaul net.
In order to address the above problem, the invention provides a kind of method of validity verification of certificate in mobile backhaul net, be applicable to the checking to certificate validity in territory, described method comprises:
Online certificate status protocol (OCSP) client sends OCSP inquiry request to OCSP responsor, wherein carry request certificate table, OCSP responsor asks certificate repository to verify the validity of the certificate in described request certificate table after receiving described OCSP inquiry request, the validity of the certificate in described certificate repository inquiry described request certificate table, and certificate validity result for retrieval is forwarded to OCSP client through described OCSP responsor.
Further, described OCSP inquiry request also comprises OCSP protocol version and requestor's name.
Further, described OCSP responsor request certificate repository verifies that the validity of network element certificate refers to, OCSP responsor sends certificate retrieval request message to certificate repository, wherein carries request certificate table;
Described request certificate table comprises the certificate of one or more network elements that OCSP client will be verified.
The present invention also provides a kind of method of validity verification of certificate in mobile backhaul net, is applicable to the checking to certificate validity between territory, and described method comprises:
Online certificate status protocol (OCSP) client sends OCSP inquiry request to local OCSP responsor, wherein carry domain-name information and the request certificate table of long-range OCSP responsor, described local OCSP responsor is received the IP address that goes out long-range OCSP responsor after described OCSP inquiry request according to the dns query message of described long-range OCSP responsor, to described long-range OCSP responsor, send OCSP inquiry request afterwards, wherein carry request certificate table;
The validity of the certificate in the long-range certificate repository checking of described long-range OCSP responsor request described request certificate table, the validity of the certificate in described long-range certificate repository inquiry described request certificate table, and certificate validity result for retrieval is forwarded to OCSP client through described long-range OCSP responsor and local OCSP responsor.
Further, described local OCSP responsor receives after described OCSP inquiry request that the IP address that goes out long-range OCSP responsor according to the dns query message of described long-range OCSP responsor refers to,
Local OCSP responsor obtains the domain-name information of the long-range OCSP responsor in described OCSP inquiry request, to domain name resolution server, send domain name resolution server request, carry the domain-name information of long-range OCSP responsor, domain name resolution server goes out the IP address of long-range OCSP responsor according to the dns query message of described long-range OCSP responsor, to described local OCSP responsor, return to domain name resolution server response, the IP address of wherein carrying described long-range OCSP responsor afterwards.
Further, the domain-name information of described long-range OCSP responsor carries by the positioning service device field of OCSP inquiry request.
The present invention also provides a kind of system of validity verification of certificate in mobile backhaul net, is applicable to the checking to certificate validity in territory, and described system comprises line certificate status protocol (OCSP) client, OCSP responsor and certificate repository;
Described OCSP client, for sending OCSP inquiry request to described OCSP responsor, wherein carries request certificate table;
Described OCSP responsor is asked the validity of the certificate of certificate repository checking described request certificate table after receiving described OCSP inquiry request, and the certificate validity result for retrieval of reception is sent to described OCSP client;
Described certificate repository, for inquire about the validity of the certificate of described request certificate table according to described request certificate table, and is sent to described OCSP responsor by certificate validity result for retrieval.
Further, described OCSP inquiry request also comprises OCSP protocol version and requestor's name;
Described request certificate table comprises the certificate of one or more network elements that OCSP client will be verified.
The present invention also provides a kind of system of validity verification of certificate in mobile backhaul net, is applicable to the checking to certificate validity between territory, comprises line certificate status protocol (OCSP) client, local OCSP responsor, long-range OCSP responsor and long-range certificate repository;
Described OCSP client, for sending OCSP inquiry request to described local OCSP responsor, wherein carries the domain-name information of request certificate table and long-range OCSP responsor;
Described local OCSP responsor, for receiving the IP address that goes out long-range OCSP responsor after described OCSP inquiry request according to the dns query message of described long-range OCSP responsor, and send OCSP inquiry request to described long-range OCSP responsor, wherein carry request certificate table; Also for the certificate validity result for retrieval of reception is sent to described OCSP client;
Described long-range OCSP responsor is asked the validity of the certificate of described long-range certificate repository checking described request certificate table, and the certificate validity result for retrieval of reception is sent to described local OCSP responsor after receiving described OCSP inquiry request;
Described long-range certificate repository, for inquire about the validity of the certificate of described request certificate table according to described request certificate table, and is sent to described long-range OCSP responsor by certificate validity result for retrieval.
Further, described system also comprises domain name resolution server;
Described local OCSP responsor receives after described OCSP inquiry request that the IP address that goes out long-range OCSP responsor according to the dns query message of long-range OCSP responsor wherein refers to,
Local OCSP responsor obtains the domain-name information of the long-range OCSP responsor in described OCSP inquiry request, to domain name resolution server, sends domain name resolution server request, carries the domain-name information of long-range OCSP responsor;
Domain name resolution server is for going out the IP address of long-range OCSP responsor according to the dns query message of described long-range OCSP responsor, to described local OCSP responsor, return to domain name resolution server response, the IP address of wherein carrying described long-range OCSP responsor afterwards.
Further, described local OCSP responsor carries the domain-name information of described long-range OCSP responsor by the positioning service device field of OCSP inquiry request.
In sum, the invention provides a kind of system and method for validity verification of certificate in mobile backhaul net, can realize in real time, verify efficiently the validity of certificate in mobile backhaul net.
Accompanying drawing explanation
Fig. 1 verifies schematic diagram in the certificate validity territory based on OCSP;
Fig. 2 verifies schematic diagram between the certificate validity territory based on OCSP;
OCSP inquiry schematic diagram in Fig. 3 eNB/H (e) NB territory;
OCSP inquiry schematic diagram in Fig. 4 SEG/MME territory;
OCSP inquiry schematic diagram between Fig. 5 SEG/MME territory.
Embodiment
The invention provides a kind of system and method for validity verification of certificate in mobile backhaul net, how in real time to have solved, verified efficiently the problem of certificate validity in mobile backhaul net.
system embodiment
Embodiment mono-
The system of a kind of validity verification of certificate in mobile backhaul net of the present embodiment, is applicable to the checking to certificate validity in territory, and this system comprises line certificate status protocol (OCSP) client, OCSP responsor and certificate repository;
OCSP client, for sending OCSP inquiry request to OCSP responsor, wherein carries request certificate table;
OCSP responsor is asked the validity of the certificate of certificate repository checking request certificate table after receiving OCSP inquiry request, and the certificate validity result for retrieval of reception is sent to OCSP client;
Certificate repository, for according to the validity of the certificate of request certificate table inquiry request certificate table, and returns to certificate retrieval response message to OCSP responsor, wherein carries certificate validity result for retrieval.
OCSP inquiry request also comprises OCSP protocol version and requestor's name;
Request certificate table comprises the certificate of one or more network elements that OCSP client will be verified.
Embodiment bis-
The system of a kind of validity verification of certificate in mobile backhaul net of the present embodiment, be applicable to the checking to certificate validity between territory, comprise line certificate status protocol (OCSP) client, local OCSP responsor, long-range OCSP responsor, DNS (domain name resolution server) and long-range certificate repository;
OCSP client, for sending OCSP inquiry request to local OCSP responsor, wherein carries the domain-name information of request certificate table and long-range OCSP responsor;
Local OCSP responsor goes out the IP address of long-range OCSP responsor according to the dns query message of long-range OCSP responsor, and sends OCSP inquiry request to long-range OCSP responsor after receiving OCSP inquiry request, wherein carries request certificate table; Also for the certificate validity result for retrieval of reception is sent to OCSP client;
Long-range OCSP responsor is asked the validity of the certificate of long-range certificate repository checking request certificate table, and the certificate validity result for retrieval of reception is sent to local OCSP responsor after receiving OCSP inquiry request;
Long-range certificate repository, for according to the validity of the certificate of request certificate table inquiry request certificate table, and returns to certificate retrieval response message to long-range OCSP responsor, wherein carries certificate validity result for retrieval.
Local OCSP responsor receives after OCSP inquiry request that the IP address that goes out long-range OCSP responsor according to the dns query message of long-range OCSP responsor wherein refers to, local OCSP responsor obtains the domain-name information of the long-range OCSP responsor in OCSP inquiry request, to DNS, send DNS request, carry the domain-name information of long-range OCSP responsor;
DNS, for go out the IP address of long-range OCSP responsor according to the dns query message of long-range OCSP responsor, returns to local dns response, the IP address of wherein carrying long-range OCSP responsor to local OCSP responsor afterwards.
Local OCSP responsor carries the domain-name information of long-range OCSP responsor by the positioning service device field of OCSP inquiry request.
embodiment of the method
Embodiment mono-
The present embodiment provides a kind of method of validity verification of certificate in mobile backhaul net, is applicable to certificate validation verification in territory, idiographic flow as shown in Figure 1:
Step 101:OCSP client sends OCSP inquiry request to OCSP responsor;
OCSP inquiry request comprises OCSP protocol version (version), requestor's name (requestorName), request certificate table (request List), requestor's name is the title of OCSP client herein, the certificate that request certificate table comprises one or more network elements that OCSP client will verify.
Step 102:OCSP responsor receives after OCSP inquiry request, to certificate repository, sends certificate retrieval request message, wherein carries request certificate table, with the validity of the certificate in inquiry request certificate table;
Step 103: certificate repository is received certificate retrieval request message, inquires about the validity of certificate, and returns to certificate retrieval response message to OCSP responsor according to request certificate table wherein, wherein carry certificate validity result for retrieval; Result for retrieval can be good, revoked or unknown.
The certificate validity result for retrieval of step 104:OCSP responsor based on receiving generates OCSP response message, is back to OCSP client, the result for retrieval that this OCSP response message comprises certificate.
Embodiment bis-
The present embodiment provides a kind of method of validity verification of certificate in mobile backhaul net, is applicable between territory certificate validity checking, idiographic flow as shown in Figure 2:
Step 201:OCSP client sends OCSP inquiry request to OCSP responsor, when generating OCSP inquiry request, the domain-name information of OCSP client is verified request long-range OCSP responsor to certificate is filled into service locator (positioning service device) field of OCSP inquiry request;
OCSP inquiry request comprises OCSP protocol version (version), requestor's name (requestorName), request certificate table (request List) and service Locator field; Requestor's name is the title of OCSP client herein, the certificate that request certificate table comprises one or more network elements that OCSP client will verify.
Step 202: local OCSP responsor receives after OCSP request, resolve service locator field, and send DNS request to DNS (domain name resolution server) server, wherein carry the domain-name information of the long-range OCSP responsor comprising in servicelocator field, inquire about the IP address that long-range OCSP responsor is corresponding;
Step 203:DNS server goes out the IP address of this long-range OCSP responsor according to the dns query message of long-range OCSP responsor, return to DNS afterwards reply to local OCSP responsor, wherein carries the IP address of long-range OCSP responsor;
Step 204: local OCSP responsor generates OCSP inquiry request, sends to long-range OCSP response server;
OCSP inquiry request comprises OCSP protocol version (version), requestor's name (requestorName), request certificate table (request List), requestor's file-name field is replaced with to the title of local responsor herein.
Step 205: long-range OCSP responsor receives after inquiry request, sends certificate retrieval request message to certificate repository, wherein carries request certificate table, with the validity of the certificate in inquiry request certificate table;
Step 206: certificate repository is received certificate retrieval request message, according to request certificate table wherein, inquire about the validity of certificate, and return to certificate retrieval response message to long-range OCSP responsor, and wherein carrying certificate validity result for retrieval, result for retrieval can be good, revoked or unknown.
Step 207: the certificate validity result for retrieval of long-range OCSP response server based on receiving generates OCSP response message, is sent to local OCSP responsor, the result for retrieval that this OCSP response message comprises certificate.
Step 208: the OCSP response message card that local OCSP responsor just receives is forwarded to OCSP client.
By several application examples, further illustrate the present invention below
Application example one
Be OCSP inquiry schematic diagram in eNB/H (e) NB territory as shown in Figure 3, in this scene, eNB or H (e) NB need to verify the certificate validity of certain network element in same territory, and this territory can be security domain or belong to all territories of same manager.In eNB or H (e) NB, be deployed with OCSP client.
Step 301: when eNB or H (e) NB need to verify the certificate validity of certain or some network elements, its OCSP client sends OCSP inquiry request to OCSP responsor, and this OCSP inquiry request comprises OCSP protocol version (version), requestor's name (requestor Name), request certificate table (request List).
Step 302:OCSP responsor receives after OCSP inquiry request, to certificate repository, sends certificate retrieval request message, wherein carries request certificate table, retrieves local RA/CA certificate repository.
Step 303: local RA/CA certificate repository returns to certificate retrieval response message, wherein carries certificate validity result for retrieval to OCSP responsor.
The certificate validity result for retrieval of step 304:OCSP response server based on receiving generates OCSP response message, returns to eNB or H (e) NB.
Application example two
Be OCSP inquiry schematic diagram in SEG/MME territory as shown in Figure 4, in this scene, SEG or MME need to verify the validity of certain network element certificate in same territory, and this territory can be security domain or belong to all territories of same manager.SEG and MME are deployed with OCSP client.
Step 401: when SEG or MME need to verify the validity of certain or some network element certificates, its OCSP client sends OCSP inquiry request to OCSP responsor.
Step 402:OCSP responsor receives after inquiry request, to certificate repository, sends certificate retrieval request message, retrieves local RA/CA certificate repository.
Step 403: local RA/CA certificate repository returns to certificate retrieval response message, wherein carries certificate validity result for retrieval to OCSP responsor.
The certificate validity result for retrieval of step 404:OCSP response server based on receiving generates OCSP response message, returns to SEG or MME.
Application example three
Be OCSP inquiry schematic diagram between SEG/MME territory as shown in Figure 5, in this scene, SEG or MME need to verify the validity of certain network element certificate, and the certificate response device of this network element is not in this territory, need to carry out cross-domain OCSP inquiry.SEG and MME are deployed with OCSP client.
Step 501: when SEG or MME need to verify the validity of certain network element certificate, its OCSP client sends OCSP inquiry request to OCSP responsor, when generating OCSP inquiry request, OCSP client is filled into the long-range OCSP responsor domain-name information that needs authentication certificate the service locator field of OCSP inquiry request.
Step 502: local OCSP responsor receives after OCSP inquiry request, resolves servicelocator field, and sends DNS message to dns server, wherein carries the domain-name information of long-range OCSP responsor, inquires about the IP address that long-range OCSP responsor is corresponding;
Step 503:DNS server returns to DNS and replys, and response packet is containing the IP address of long-range OCSP response server.
Step 504: local OCSP responsor generates OCSP inquiry request, sends to long-range OCSP response server;
This OCSP inquiry request comprises OCSP protocol version (version), requestor's name (requestorName), request certificate table (request List), requestor's file-name field is replaced with to the title of local responsor herein.
Step 505: long-range OCSP responsor receives after inquiry request, the certificate repository in this territory sends certificate retrieval request message, retrieval RA/CA certificate repository.
Step 506:RA/CA certificate repository returns to certificate retrieval response message, wherein carries certificate validity result for retrieval to long-range OCSP responsor.
Step 507: the certificate validity result for retrieval of long-range OCSP response server based on receiving generates OCSP response message, is sent to local OCSP responsor.
Step 508: local OCSP responsor is forwarded to the OCSP response message of reception the OCSP client of SEG or MME.
Claims (4)
1. a method for validity verification of certificate in mobile backhaul net, is applicable to the checking to certificate validity between territory, it is characterized in that, described method comprises:
Online certificate status protocol OCSP client sends OCSP inquiry request to local OCSP responsor, wherein carry domain-name information and the request certificate table of long-range OCSP responsor, described local OCSP responsor is received the IP address that goes out long-range OCSP responsor after described OCSP inquiry request according to the dns query message of described long-range OCSP responsor, to described long-range OCSP responsor, send OCSP inquiry request afterwards, wherein carry request certificate table;
The validity of the certificate in the long-range certificate repository checking of described long-range OCSP responsor request described request certificate table, the validity of the certificate in described long-range certificate repository inquiry described request certificate table, and certificate validity result for retrieval is forwarded to OCSP client through described long-range OCSP responsor and local OCSP responsor;
Described local OCSP responsor receives after described OCSP inquiry request that the IP address that goes out long-range OCSP responsor according to the dns query message of described long-range OCSP responsor refers to,
Local OCSP responsor obtains the domain-name information of the long-range OCSP responsor in described OCSP inquiry request, to domain name resolution server, send domain name resolution server request, the domain-name information of long-range OCSP responsor is carried in this request, domain name resolution server goes out the IP address of long-range OCSP responsor according to the dns query message of described long-range OCSP responsor, to described local OCSP responsor, return to domain name resolution server response, the IP address of wherein carrying described long-range OCSP responsor afterwards.
2. the method for claim 1, is characterized in that:
The domain-name information of described long-range OCSP responsor carries by the positioning service device field of OCSP inquiry request.
3. a system for validity verification of certificate in mobile backhaul net, is applicable to the checking to certificate validity between territory, comprises line certificate status protocol OCSP client, local OCSP responsor, long-range OCSP responsor and long-range certificate repository; It is characterized in that:
Described OCSP client, for sending OCSP inquiry request to described local OCSP responsor, wherein carries the domain-name information of request certificate table and long-range OCSP responsor;
Described local OCSP responsor, for receiving the IP address that goes out long-range OCSP responsor after described OCSP inquiry request according to the dns query message of described long-range OCSP responsor, and send OCSP inquiry request to described long-range OCSP responsor, wherein carry request certificate table; Also for the certificate validity result for retrieval of reception is sent to described OCSP client;
Described long-range OCSP responsor is asked the validity of the certificate of described long-range certificate repository checking described request certificate table, and the certificate validity result for retrieval of reception is sent to described local OCSP responsor after receiving described OCSP inquiry request;
Described long-range certificate repository, for inquire about the validity of the certificate of described request certificate table according to described request certificate table, and is sent to described long-range OCSP responsor by certificate validity result for retrieval;
Described system also comprises domain name resolution server;
Described local OCSP responsor receives after described OCSP inquiry request that the IP address that goes out long-range OCSP responsor according to the dns query message of long-range OCSP responsor wherein refers to,
Local OCSP responsor obtains the domain-name information of the long-range OCSP responsor in described OCSP inquiry request, to domain name resolution server, sends domain name resolution server request, and the domain-name information of long-range OCSP responsor is carried in this request;
Domain name resolution server is for going out the IP address of long-range OCSP responsor according to the dns query message of described long-range OCSP responsor, to described local OCSP responsor, return to domain name resolution server response, the IP address of wherein carrying described long-range OCSP responsor afterwards.
4. system as claimed in claim 3, is characterized in that:
Described local OCSP responsor carries the domain-name information of described long-range OCSP responsor by the positioning service device field of OCSP inquiry request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910171494.9A CN102026161B (en) | 2009-09-21 | 2009-09-21 | System and method for validity verification of certificate in mobile backhaul net |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910171494.9A CN102026161B (en) | 2009-09-21 | 2009-09-21 | System and method for validity verification of certificate in mobile backhaul net |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102026161A CN102026161A (en) | 2011-04-20 |
| CN102026161B true CN102026161B (en) | 2014-11-05 |
Family
ID=43866885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910171494.9A Expired - Fee Related CN102026161B (en) | 2009-09-21 | 2009-09-21 | System and method for validity verification of certificate in mobile backhaul net |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102026161B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107786515B (en) * | 2016-08-29 | 2020-04-21 | 中国移动通信有限公司研究院 | Certificate authentication method and equipment |
| CN112994897A (en) * | 2021-03-22 | 2021-06-18 | 杭州迪普科技股份有限公司 | Certificate query method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1506869A (en) * | 2002-12-06 | 2004-06-23 | 国际商业机器公司 | Method and apparatus with high configuration capable of using on-line certificate status protocol transponder |
| CN1672380A (en) * | 2002-03-20 | 2005-09-21 | 捷讯研究有限公司 | System and method for checking digital certificate status |
| CN1794128A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method and system of adding region and obtaining authority object of mobile terminal |
-
2009
- 2009-09-21 CN CN200910171494.9A patent/CN102026161B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1672380A (en) * | 2002-03-20 | 2005-09-21 | 捷讯研究有限公司 | System and method for checking digital certificate status |
| CN1506869A (en) * | 2002-12-06 | 2004-06-23 | 国际商业机器公司 | Method and apparatus with high configuration capable of using on-line certificate status protocol transponder |
| CN1794128A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method and system of adding region and obtaining authority object of mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102026161A (en) | 2011-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10135620B2 (en) | Managing secure content in a content delivery network | |
| CN101056178B (en) | A method and system for controlling the user network access right | |
| US20070083749A1 (en) | Systems and methods for automated exchange of electronic mail encryption certificates | |
| KR20120005364A (en) | Electronic address, and eletronic document distribution system | |
| US20160373431A1 (en) | Method to enroll a certificate to a device using scep and respective management application | |
| US20080294891A1 (en) | Method for Authenticating a Mobile Node in a Communication Network | |
| CA2789495C (en) | Seamless mobile subscriber identification | |
| CN102868709B (en) | A kind of certificate management method based on P2P and device thereof | |
| CN101132326B (en) | Automatic configuration method, system and device | |
| CN103078877B (en) | Based on the user authentication of DNS and domain name access control method and system | |
| Tesei et al. | IOTA-VPKI: A DLT-based and resource efficient vehicular public key infrastructure | |
| CN104052736A (en) | Systems and methods for pre-signing of dnssec enabled zones into record sets | |
| CN102421098A (en) | User authentication method, device and system | |
| CN101399724A (en) | Disposal authentication method for network access and service application oriented to user | |
| CN102421097A (en) | User authorization method, device and system | |
| CN104468859B (en) | Support the DANE expanding query method and systems of carrying address of service information | |
| US10979750B2 (en) | Methods and devices for checking the validity of a delegation of distribution of encrypted content | |
| Lu et al. | Open architecture for internet-based C-ITS services | |
| CN102026161B (en) | System and method for validity verification of certificate in mobile backhaul net | |
| CN102457482B (en) | Authentication method, apparatus and system thereof | |
| EP1914960B1 (en) | Method for transmission of DHCP messages | |
| Damas et al. | Preventing use of recursive nameservers in reflector attacks | |
| Teniou et al. | Efficient and dynamic elliptic curve qu‐vanstone implicit certificates distribution scheme for vehicular cloud networks | |
| CN115580498B (en) | Cross-network communication method in converged network and converged network system | |
| US11070513B2 (en) | DNS-based method of transmitting data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141105 Termination date: 20200921 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |