CN106911477A - The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed - Google Patents
The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed Download PDFInfo
- Publication number
- CN106911477A CN106911477A CN201510981201.9A CN201510981201A CN106911477A CN 106911477 A CN106911477 A CN 106911477A CN 201510981201 A CN201510981201 A CN 201510981201A CN 106911477 A CN106911477 A CN 106911477A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- determined
- cache
- authentication equipment
- authenticated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention discloses the accelerated method that its result is cached for digital certificate authentication equipment at a slow speed, comprise the following steps:The step of obtaining the digital certificate full text for needing to be authenticated;The step of cache table of enquiring digital certification authentication equipment;The step of whether digital certificate hits the cache entry in the cache table of digital certificate authentication equipment in full judged;The step of digital certificate is authenticated operation;The step of whether digital certificate is proved to be successful judged;Judge the whether expired step of the digital certificate being proved to be successful;The step of whether digital certificate that judgement is proved to be successful is revoked;The step of output digital certificate authentication success or failure.Accelerated method of the invention is by the caching digital certificate and certificate verification result in digital certificate authentication equipment, avoiding hardware device carries out the slow procedure of digital certificate authentication, so as to greatly speed up verification process, can be brought up to thousands of to tens of thousands of times per second from the verifying speed of original tens to hundreds of times per second.
Description
Technical field
It is the present invention relates to the technical field of digital certificate authentication more particularly to a kind of for numeral card at a slow speed
Book checking equipment caches the accelerated method of its result.
Background technology
Some digital certificate hardware devices are unable to reach speed higher, and user etc. can be caused during a large amount of requests
Treat overlong time or service cannot be provided.Such as, support that the encryption device of SM2 algorithms typically verifies number of times
Per second 200-300 times, some intensity proof of algorithm speed higher can be slower, is likely lower than 50 times per second.
Current digital certificate cannot meet the requirement of fast verification.Therefore, applicant carried out beneficial exploration
And trial, result of the above problems is have found, technical scheme described below is this
Produced under background.
The content of the invention
It is an object of the invention to:There is provided a kind of in the case where its security is ensured, accelerate verification process
The accelerated method that its result is cached for digital certificate authentication equipment at a slow speed, because certification passes through
Digital certificate before the deadline, if be not revoked, continuously effective, accelerated method of the invention
It is then, by cached certificates and certificate verification result, to avoid carrying out digital card using hardware device every time
The slow procedure of book certification, so as to greatly speed up verification process.
Technical problem solved by the invention can be realized using following technical scheme:
The accelerated method of its result, including following step are cached for digital certificate authentication equipment at a slow speed
Suddenly:
Step 1, obtaining needs the digital certificate being authenticated in full;
Step 2, the caching of the digital certificate full-text query digital certificate authentication equipment obtained according to step 1
Table;
Step 3, judges whether the digital certificate that step 1 is obtained hits the slow of digital certificate authentication equipment in full
The cache entry in table is deposited, if it is determined that being hit, then into step 7, if it is determined that being miss, then enters step
Rapid 4;
Step 4, behaviour is authenticated using digital certificate authentication equipment to the digital certificate that needs are authenticated
Make;
Step 5, judge digital certificate authentication equipment whether to the digital certificate authentication that is authenticated of needs into
Work(, if it is determined that to be proved to be successful, then into step 6, if it is determined that be authentication failed, then into step 10;
Step 6, the digital certificate that will be proved to be successful and caching entry-into-force time are inserted into digital card as cache entry
In the cache table of book checking equipment;
Whether step 7, the digital certificate that judgement is proved to be successful is expired, if it is determined that be expired, then into step
10, if it is determined that be not out of date, then into step 8;
Whether step 8, the digital certificate that judgement is proved to be successful is revoked, if it is determined that to be revoked, then entering
Step 10, if it is determined that not to be revoked, then into step 9;
Step 9, output digital certificate authentication success;
Step 10, output digital certificate authentication failure.
In a preferred embodiment of invention, the step 2 is comprised the following steps:
Step 2.1, obtains the certificate fingerprint of digital certificate, and using the certificate fingerprint as the key assignments of index;
Step 2.2, the cache table of the key assignments enquiring digital certification authentication equipment according to step 2.1;
Step 2.3, judges that the key assignments whether there is in cache table, if it is determined that be presence, then into step
2.4, if it is determined that being in the absence of then into step 2.9;
Step 2.4, judges whether the cache entry corresponding to the key assignments is out of date, if it is determined that for out of date, then
Cache entry corresponding to the key assignments is deleted from cache table, step 2.9 is subsequently entered, if it is determined that being non-mistake
Phase, then into step 2.5;
Step 2.5, the cache entry corresponding to the key assignments is carried out in full with the digital certificate for needing to be authenticated
Compare;
Step 2.6, judges that the cache entry corresponding to the key assignments is in full with the digital certificate for needing to be authenticated
No matching, if it is determined that for the match is successful, then into step 2.7, if it is determined that for it fails to match, then entering step
Rapid 2.8;
Step 2.7, exports cache hit;
Step 2.8, exports cache miss.
As a result of technical scheme as above, the beneficial effects of the present invention are:Acceleration side of the invention
Method works as digital certificate by caching digital certificate and certificate verification result in digital certificate authentication equipment
When needing to be authenticated, first the caching to digital certificate authentication equipment is inquired about, if finding cache entry,
Then digital certificate authentication is carried out without using hardware device, it is to avoid hardware device carries out digital certificate authentication
Slow procedure, so as to greatly speed up verification process, can be from the speed of the checking of original tens to hundreds of times per second
Degree brings up to thousands of to tens of thousands of times per second.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to reality
The accompanying drawing to be used needed for example or description of the prior art is applied to be briefly described, it should be apparent that, below
Accompanying drawing in description is only some embodiments of the present invention, for those of ordinary skill in the art,
On the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the acceleration side that its result is cached for digital certificate authentication equipment at a slow speed of the invention
The flow chart of method.
Fig. 2 is the flow chart of the cache table of enquiring digital certifying device of the invention.
Specific embodiment
In order that technological means, creation characteristic, reached purpose and effect that the present invention is realized are readily apparent from
Solution, with reference to being specifically illustrating, is expanded on further the present invention.
Referring to Fig. 1, what is be given in figure is of the invention to cache it for digital certificate authentication equipment at a slow speed and test
The accelerated method of result is demonstrate,proved, is comprised the following steps:
Step 0, starts digital certificate authentication;
Step 1, input needs the digital certificate being authenticated in full;
Step 2, the digital certificate of the input of obtaining step 1 in full, and according to the digital certificate full-text query number
The cache table of word certification authentication equipment;
Step 3, judges whether the digital certificate of step 1 input hits the slow of digital certificate authentication equipment in full
The cache entry in table is deposited, if it is determined that being hit, then into step 7, if it is determined that being miss, then enters step
Rapid 4;
Step 4, behaviour is authenticated using digital certificate authentication equipment to the digital certificate that needs are authenticated
Make;
Step 5, judge digital certificate authentication equipment whether to the digital certificate authentication that is authenticated of needs into
Work(, if it is determined that to be proved to be successful, then into step 6, if it is determined that be authentication failed, then into step 10;
Step 6, the digital certificate that will be proved to be successful and caching entry-into-force time are inserted into digital card as cache entry
In the cache table of book checking equipment;
Whether step 7, the digital certificate that judgement is proved to be successful is expired, if it is determined that be expired, then into step
10, if it is determined that be not out of date, then into step 8;
Whether step 8, the digital certificate that judgement is proved to be successful is revoked, if it is determined that to be revoked, then entering
Step 10, if it is determined that not to be revoked, then into step 9;
Step 9, output digital certificate authentication success;
Step 10, output digital certificate authentication failure.
Step 11, terminates this digital certificate authentication.
In the present embodiment, referring to Fig. 2, step 2 is comprised the following steps:
Step 2.0, starts a query at the cache table of digital certificate equipment;
Step 2.1, the digital certificate of the input of obtaining step 1 is in full;
Step 2.2, the certificate fingerprint of the digital certificate full text of the input of obtaining step 1, and with the certificate fingerprint
As the key assignments of index;
Step 2.3, the cache table of the key assignments enquiring digital certification authentication equipment according to step 2.2;
Step 2.4, judges that the key assignments whether there is in cache table, if it is determined that be presence, then into step
2.5, if it is determined that being in the absence of then into step 2.10;
Step 2.5, obtains the entry-into-force time in the cache entry corresponding with the key assignments, and by the entry-into-force time
It is compared with current time, is used to judge whether the cache entry corresponding to the key assignments is out of date, if it is determined that
For out of date, then the cache entry corresponding to the key assignments is deleted from cache table, subsequently enters step 2.10,
If it is determined that be not out of date, then into step 2.6;
Step 2.6, the cache entry corresponding to the key assignments is carried out in full with the digital certificate for needing to be authenticated
Compare;
Step 2.7, judges that the cache entry corresponding to the key assignments is in full with the digital certificate for needing to be authenticated
No matching, if it is determined that for the match is successful, then into step 2.8, if it is determined that for it fails to match, then entering step
Rapid 2.9;
Step 2.8, exports cache hit;
Step 2.9, exports cache miss.
Step 2.10, terminates the cache table of this enquiring digital certifying device.
General principle of the invention and principal character and advantages of the present invention has been shown and described above.One's own profession
The technical staff of industry it should be appreciated that the present invention is not limited to the above embodiments, above-described embodiment and explanation
Merely illustrating the principles of the invention described in book, without departing from the spirit and scope of the present invention,
Various changes and modifications of the present invention are possible, and these changes and improvements both fall within claimed invention model
In enclosing.The claimed scope of the invention is by appending claims and its equivalent thereof.
Claims (2)
1. the accelerated method of its result is cached for digital certificate authentication equipment at a slow speed, and its feature exists
In comprising the following steps:
Step 1, obtaining needs the digital certificate being authenticated in full;
Step 2, the caching of the digital certificate full-text query digital certificate authentication equipment obtained according to step 1
Table;
Step 3, judges whether the digital certificate that step 1 is obtained hits the slow of digital certificate authentication equipment in full
The cache entry in table is deposited, if it is determined that being hit, then into step 7, if it is determined that being miss, then enters step
Rapid 4;
Step 4, behaviour is authenticated using digital certificate authentication equipment to the digital certificate that needs are authenticated
Make;
Step 5, judge digital certificate authentication equipment whether to the digital certificate authentication that is authenticated of needs into
Work(, if it is determined that to be proved to be successful, then into step 6, if it is determined that be authentication failed, then into step 10;
Step 6, the digital certificate that will be proved to be successful and caching entry-into-force time are inserted into digital card as cache entry
In the cache table of book checking equipment;
Whether step 7, the digital certificate that judgement is proved to be successful is expired, if it is determined that be expired, then into step
10, if it is determined that be not out of date, then into step 8;
Whether step 8, the digital certificate that judgement is proved to be successful is revoked, if it is determined that to be revoked, then entering
Step 10, if it is determined that not to be revoked, then into step 9;
Step 9, output digital certificate authentication success;
Step 10, output digital certificate authentication failure.
2. it is as claimed in claim 1 to cache its result for digital certificate authentication equipment at a slow speed
Accelerated method, it is characterised in that the step 2 is comprised the following steps:
Step 2.1, obtains the certificate fingerprint of digital certificate, and using the certificate fingerprint as the key assignments of index;
Step 2.2, the cache table of the key assignments enquiring digital certification authentication equipment according to step 2.1;
Step 2.3, judges that the key assignments whether there is in cache table, if it is determined that be presence, then into step
2.4, if it is determined that being in the absence of then into step 2.9;
Step 2.4, judges whether the cache entry corresponding to the key assignments is out of date, if it is determined that for out of date, then
Cache entry corresponding to the key assignments is deleted from cache table, step 2.9 is subsequently entered, if it is determined that being non-mistake
Phase, then into step 2.5;
Step 2.5, the cache entry corresponding to the key assignments is carried out in full with the digital certificate for needing to be authenticated
Compare;
Step 2.6, judges that the cache entry corresponding to the key assignments is in full with the digital certificate for needing to be authenticated
No matching, if it is determined that for the match is successful, then into step 2.7, if it is determined that for it fails to match, then entering step
Rapid 2.8;
Step 2.7, exports cache hit;
Step 2.8, exports cache miss.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510981201.9A CN106911477A (en) | 2015-12-23 | 2015-12-23 | The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510981201.9A CN106911477A (en) | 2015-12-23 | 2015-12-23 | The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106911477A true CN106911477A (en) | 2017-06-30 |
Family
ID=59200162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510981201.9A Pending CN106911477A (en) | 2015-12-23 | 2015-12-23 | The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106911477A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462696A (en) * | 2018-02-05 | 2018-08-28 | 上海千加信息科技有限公司 | A kind of block chain intelligent identity identification system of decentralization |
| CN109117628A (en) * | 2018-08-20 | 2019-01-01 | 郑州云海信息技术有限公司 | A kind of white list control method and system |
| CN111510302A (en) * | 2020-04-14 | 2020-08-07 | 北京信安世纪科技股份有限公司 | Method and system for improving certificate verification efficiency in secure communication protocol |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1705265A (en) * | 2004-06-03 | 2005-12-07 | 国际商业机器公司 | Authentication with credentials in JAVA messaging service |
| CH699083A2 (en) * | 2008-07-28 | 2010-01-29 | Wisekey Sa | Digital certification method for e.g. precious watch, involves issuing storage unit with digital authenticity certificate, verifying validity of certificate using network computing units, and modifying validity state of certificate |
| CN102024102A (en) * | 2010-06-07 | 2011-04-20 | 无敌科技(西安)有限公司 | Offline DRM certificate management and control method in embedded equipment |
| CN103490881A (en) * | 2013-09-06 | 2014-01-01 | 广东数字证书认证中心有限公司 | Authentication service system, user authentication method, and authentication information processing method and system |
| CN103560889A (en) * | 2013-11-05 | 2014-02-05 | 江苏先安科技有限公司 | Precision identity authentication method between X509 digital certificate and certificate application |
-
2015
- 2015-12-23 CN CN201510981201.9A patent/CN106911477A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1705265A (en) * | 2004-06-03 | 2005-12-07 | 国际商业机器公司 | Authentication with credentials in JAVA messaging service |
| CH699083A2 (en) * | 2008-07-28 | 2010-01-29 | Wisekey Sa | Digital certification method for e.g. precious watch, involves issuing storage unit with digital authenticity certificate, verifying validity of certificate using network computing units, and modifying validity state of certificate |
| CN102024102A (en) * | 2010-06-07 | 2011-04-20 | 无敌科技(西安)有限公司 | Offline DRM certificate management and control method in embedded equipment |
| CN103490881A (en) * | 2013-09-06 | 2014-01-01 | 广东数字证书认证中心有限公司 | Authentication service system, user authentication method, and authentication information processing method and system |
| CN103560889A (en) * | 2013-11-05 | 2014-02-05 | 江苏先安科技有限公司 | Precision identity authentication method between X509 digital certificate and certificate application |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462696A (en) * | 2018-02-05 | 2018-08-28 | 上海千加信息科技有限公司 | A kind of block chain intelligent identity identification system of decentralization |
| CN109117628A (en) * | 2018-08-20 | 2019-01-01 | 郑州云海信息技术有限公司 | A kind of white list control method and system |
| CN111510302A (en) * | 2020-04-14 | 2020-08-07 | 北京信安世纪科技股份有限公司 | Method and system for improving certificate verification efficiency in secure communication protocol |
| CN111510302B (en) * | 2020-04-14 | 2023-11-14 | 北京信安世纪科技股份有限公司 | Method and system for improving certificate verification efficiency in secure communication protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106411503B (en) | The bookkeeping methods and system, ballot and accounting nodes of block chain ballot accounting mode | |
| CN109257340B (en) | Website tamper-proof system and method based on block chain | |
| CN106534175B (en) | Open platform authorization identifying system and method based on OAuth agreement | |
| EP3236630B1 (en) | Apparatus authentication method and device | |
| US10574648B2 (en) | Methods and systems for user authentication | |
| CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
| CN110276588B (en) | Electronic signature authentication method and device and computer readable storage medium | |
| GB2579502A (en) | Blockchain authentication via hard/soft token verification | |
| CN105160252B (en) | A kind of detection method and device of SQL injection attacks | |
| US10277402B2 (en) | Digitally signing a document | |
| CN106936577A (en) | A kind of method for certificate request, terminal and system | |
| TW200517971A (en) | Methods and apparatus for providing application credentials | |
| CN110677376A (en) | Authentication method, related device and system and computer readable storage medium | |
| CN106911477A (en) | The accelerated method of its result is cached for digital certificate authentication equipment at a slow speed | |
| CN109417471B (en) | Password generation device and password verification device | |
| CN107209658A (en) | User is verified based on the digital fingerprint signal as derived from out of band data | |
| CN106713276A (en) | Data acquisition method and system based on authorization and authentication | |
| CN106357694A (en) | Method and device for processing access request | |
| CN102833276A (en) | Webpage login system based on token | |
| CN108632241A (en) | A kind of multi-application system unified login method and apparatus | |
| CN107465693A (en) | Request message treating method and apparatus | |
| CN107979599A (en) | Data Encrypting Transmission System | |
| CN106850235A (en) | A kind of identity identifying method | |
| CN107682321B (en) | A kind of method and device of SDN controller cluster single-sign-on | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Applicant after: Geer software Limited by Share Ltd Address before: 200070 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Zhabei District, Shanghai Applicant before: Geer Software Co., Ltd., Shanghai |
|
| CB02 | Change of applicant information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170630 |
|
| RJ01 | Rejection of invention patent application after publication |