CN107026738A - Digital certificate updating method, digital signature verification method and digital authentication device - Google Patents

Digital certificate updating method, digital signature verification method and digital authentication device Download PDF

Info

Publication number
CN107026738A
CN107026738A CN201610069609.3A CN201610069609A CN107026738A CN 107026738 A CN107026738 A CN 107026738A CN 201610069609 A CN201610069609 A CN 201610069609A CN 107026738 A CN107026738 A CN 107026738A
Authority
CN
China
Prior art keywords
digital certificate
certificate
digital
verification
effective
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610069609.3A
Other languages
Chinese (zh)
Other versions
CN107026738B (en
Inventor
于岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610069609.3A priority Critical patent/CN107026738B/en
Publication of CN107026738A publication Critical patent/CN107026738A/en
Application granted granted Critical
Publication of CN107026738B publication Critical patent/CN107026738B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This application provides a kind of digital certificate updating method, digital signature verification method and digital authentication device, belong to computer encryption technology field.Method includes:Administrative unit verifies the validity of the first digital certificate of storage with predetermined period;If the first digital certificate fails, administrative unit obtains effective first digital certificate;First updating digital certificate is effective first digital certificate by administrative unit.Digital certificate of the application administrative unit for storage, verified with predetermined period, when digital certificate fails, obtain effective digital certificate, and be effective digital certificate by updating digital certificate, so that digital certificate is once verified every predetermined period, rather than often get digital signature to be verified and once examined, avoid verification unit and often get digital signature to be verified and test the wasting of resources caused, decrease the time that the latest digital certificate that subsequent check unit obtained using the application is digitally signed verification.

Description

Digital certificate updating method, digital signature verification method and digital authentication device
Technical field
The application is related to computer encryption technology field, more particularly to digital certificate updating method, digital signature Method of calibration and digital authentication device.
Background technology
The problems such as being distorted with the network information shows, and network information validity turns into focus.Numeral label Name is opened due to non repudiation, being widely used in network letter, the verification of validity, because digital signature needs It is traded according to corresponding digital certificate, accordingly, it would be desirable to ensure to be used to count by digital certificate updating method The digital certificate of word signature check is latest digital certificate.
At present, digital certificate updating method is:Get after digital signature to be verified, according to digital signature Corresponding digital certificate is determined, the validity of the digital certificate is verified, if the digital certificate fails, from this The transmitting terminal of digital certificate obtains the digital certificate updated, completes the renewal of the digital certificate.
Wherein, authenticator certificate validity process includes:Current date whether the digital certificate the term of validity It is interior;CRL (the Certificate Revocation of CA (Certificate Authority, certificate authority) issues List, CRL) whether include the digital certificate.
Updating digital certificate is what is triggered by getting digital signature to be verified in the above method, i.e., obtain every time Get after digital signature to be verified, be performed both by determining corresponding digital certificate according to digital signature, verification should The step of digital certificate validity.And digital certificate will not update before the deadline, the above method is demonstrate,proved in numeral The validity of check digit certificate can be still repeated in the book term of validity, the wasting of resources is caused.Meanwhile, every time The above method is performed both by, the digital label of latest digital certificate progress that the later use above method is obtained are also increased The time of name verification.
The content of the invention
To solve the above problems, the embodiment of the present application proposes a kind of digital certificate updating method, digital signature Method of calibration and digital authentication device.
In a first aspect, the embodiment of the present application provides a kind of digital certificate updating method, methods described includes:
Administrative unit verifies the validity of the first digital certificate of storage with predetermined period;
If the first digital certificate failure, administrative unit obtains effective first digital certificate;
First updating digital certificate is effective first digital certificate by administrative unit.
Second aspect, the embodiment of the present application provides a kind of digital signature verification method, and methods described includes:
Verification unit obtains digital signature;
Verification unit is in the 4th digital certificate of caching, it is determined whether have corresponding with the digital signature Five digital certificates, the 4th digital certificate is what is obtained in advance from administrative unit, and the administrative unit is with pre- Fixed cycle, verifies the validity of the digital certificate of storage, when digital certificate fails, and obtains effective numeral Certificate, and be effective digital certificate by updating digital certificate;
If there is the 5th digital certificate, verification unit verifies the number in advance according to the 5th digital certificate Word is signed, and obtains the second check results;
Verification unit verifies the digital signature according to second check results.
The third aspect, the embodiment of the present application provides a kind of digital authenticating device, and described device includes:Management Unit and verification unit;
The administrative unit, for predetermined period, verifying the validity of the first digital certificate of storage;When During the first digital certificate failure, effective first digital certificate is obtained;By first digital certificate more It is newly effective first digital certificate;
The verification unit, for obtaining digital signature;In the 4th digital certificate of caching, it is determined whether There is the 5th digital certificate corresponding with the digital signature, the 4th digital certificate is in advance from the management What unit was obtained;When there is five digital certificate, the number is verified according to the 5th digital certificate in advance Word is signed, and obtains the second check results;According to second check results, the digital signature is verified.
Have the beneficial effect that:
Administrative unit is verified for the digital certificate of storage with predetermined period, when digital certificate fails, Effective digital certificate is obtained, and is effective digital certificate by updating digital certificate so that digital certificate is every Once verified every predetermined period, rather than often get digital signature to be verified and once examined, kept away Verification unit is exempted from and often gets digital signature to be verified to test the wasting of resources caused, also reduced The latest digital certificate that subsequent check unit is obtained using the application is digitally signed the time of verification.
Brief description of the drawings
The specific embodiment of the application is described below with reference to accompanying drawings, wherein:
Fig. 1 shows a kind of digital certificate updating method and the digital signature school of the embodiment of the application one offer The implementation environment schematic diagram of proved recipe method;
Fig. 2 shows another digital certificate updating method and numeral label that another embodiment of the application is provided The implementation environment schematic diagram of name method of calibration;
Fig. 3 shows that the flow of the method for another updating digital certificate that another embodiment of the application is provided is shown It is intended to;
Fig. 4 shows the flow signal for another digital signature verification method that another embodiment of the application is provided Figure;
Fig. 5 shows the implementation environment for another digital authenticating management system that another embodiment of the application is provided Schematic diagram;
Fig. 6 shows a kind of flow signal for digital authenticating system operation that another embodiment of the application is provided Figure;
Fig. 7 shows a kind of structural representation for digital authenticating device that another embodiment of the application is provided.
Embodiment
In order that the technical scheme and advantage of the application are more clearly understood, below in conjunction with accompanying drawing to the application's Exemplary embodiment is described in more detail, it is clear that described embodiment is only the one of the application Section Example, rather than all embodiments exhaustion.And in the case where not conflicting, in the application Feature in embodiment and embodiment can be combined with each other.
Although in addition, may describe each using term first, second, third, etc. in embodiments of the present invention Digital certificate, CRL, transmitting terminal, the result, certificate acquisition request and certificate verification request etc. are planted, but These digital certificates, CRL, transmitting terminal, the result, certificate acquisition request and certificate verification request should not It is limited to these terms.These terms are only used for digital certificate, CRL, transmitting terminal, the result, certificate Obtain request and certificate verification request is distinguished from each other out.
It is digital certificate updating method provided in an embodiment of the present invention and digital signature verification side referring to Fig. 1 The implementation environment schematic diagram of method.The implementation environment includes transmitting terminal 101, CA 102 and receiving terminal 103, Receiving terminal 103 includes digital authenticating device 1031 provided in an embodiment of the present invention, and digital authenticating device 1031 Including administrative unit 10311 and verification unit 10312.
Wherein, administrative unit 10311 can using digital certificate updating method provided in an embodiment of the present invention with Predetermined period, verifies the validity of the digital certificate of storage;If digital certificate fails, effective number is obtained Word certificate;It is effective digital certificate by the updating digital certificate of failure;
Verification unit 10312 can apply digital signature verification method provided in an embodiment of the present invention, based on pipe The digital certificate that reason unit 10311 is periodically updated, verifies the digital signature received.
Specifically, verification unit 10312 obtains digital signature;In the digital certificate of caching, it is determined whether There is digital certificate corresponding with digital signature, if there is corresponding digital certificate, according to corresponding digital certificate Pre- check digit signature, obtains the second check results;According to the second check results, check digit signature.
The digital certificate that verification unit 10312 is cached is advance from the acquisition of administrative unit 10311, by managing The digital certificate that unit 10311 is updated with predetermined period.
With reference to above-mentioned implementation environment, a kind of method of updating digital certificate is present embodiments provided.Referring to Fig. 3, The method flow that the present embodiment is provided is specific as follows:
301:Receiving terminal receives the second digital certificate that the second transmitting terminal is sent, and stores the second digital certificate;
, it is necessary to ensure that information exists by digital signature when transmitting terminal 101 carries out information exchange with receiving terminal 103 Safety in interaction, therefore, transmitting terminal 101 are carried out before information exchange with receiving terminal 103, transmitting terminal The digital certificate of oneself can be sent to receiving terminal 103 by 101, so that receiving terminal 103 is according to the digital certificate Verify whether the information that transmitting terminal 101 is sent is safe.
Because the digital certificate of different transmitting terminals 101 is different, therefore, if receiving terminal 103 and multiple transmitting terminals During 101 existence information interactive relation, the digital certificate that multiple transmitting terminals 101 are sent can be received.
Based on described above, the administrative unit 10311 in receiving terminal 101 receive that the second transmitting terminal sends the Two digital certificates, and store the second digital certificate.
With shown in Fig. 2, including:Alipay server 201 (equivalent to the transmitting terminal 101 in Fig. 1), The implement scene of CA 202 and user A client 203 (equivalent to the receiving terminal 103 in Fig. 1) is Example, if user A is paid the bill in client 203 using Alipay for the first time, now, client 203 In do not have the related digital certificate of Alipay server 201, in order to ensure the safety of transaction, Alipay clothes The digital certificate of oneself can be sent to client 203 by business device 201.Client 203 receives Alipay service The digital certificate that device 201 is sent, and store the digital certificate.
After user A is paid the bill using Alipay first, as user A is in the accumulative of Taobao's prestige, Its prestige reaches preset standard, user A want by ant flower paid the bill.Now, client 203 In do not have the related digital certificate of ant flower server, in order to ensure the safety of transaction, ant flower clothes The digital certificate of oneself can be sent to client 203 by business device.Client 203 receives ant flower server The digital certificate of transmission, and store the digital certificate.
In summary, this step is only performed before transmitting terminal 101 and the first time of receiving terminal 103 are interacted, And this step is after performing once, transmitting terminal 101 and other receiving terminal (connecing in addition to receiving terminal 103 Receiving end) it can also perform again when interacting for the first time, the present embodiment specific execution time not to this step, Number of times is performed to be defined.
302:Receiving terminal verifies the validity of the first digital certificate of storage with predetermined period;
Wherein, the first digital certificate is the digital certificate of storage, i.e., second whether received in step 301 Digital certificate, or other digital certificates received in subsequent process, or, the numeral of the renewal of acquisition Certificate, or, the digital certificate obtained by man-machine interface, as long as when performing this step, managing device Storage device in store the digital certificate, as the first digital certificate.
Specifically, when reaching predetermined period, the administrative unit 10311 in receiving terminal 103 obtains storage All first digital certificates, poll reads each first digital certificate, verifies the first digital certificate of reading Validity.
The specific implementation of the validity of the first digital certificate read for verification, can pass through following 3 Individual step is realized.
Step 1:Determine effect phase and the current date of the first digital certificate;
Step 2:Judge the first digital certificate the effect phase and current date between relation;
If the term of validity of the first digital certificate is before current date, it is determined that the first digital certificate fails;
If the term of validity of the first digital certificate is not before current date, step 3 is performed;
Step 3:The validity of the first digital certificate is verified according to the first CRL.
Wherein, the first CRL is in advance from CA acquisition.
If specifically, the first CRL includes the first digital certificate, it is determined that the first digital certificate fails;
If not including the first digital certificate in the first CRL, it is determined that the first digital certificate is effective.
Perform after step 302, if the first digital certificate fails, perform step 303, if the first numeral Certificate effectively, then selects next first digital certificate, verifies its validity, until the first all numerals Certificate has been verified.
Still by taking the example shown in Fig. 2 as an example, client 203 is with predetermined period, the first numeral of verification storage The validity of certificate.If reach current period, client stores 3 digital certificates, is respectively numeral Certificate 1, digital certificate 2 and digital certificate 3, then first read digital certificate 1, determine the effect of digital certificate 1 Phase 2016-2-22 and as day before yesterday 2016-1-27.For digital certificate 1, its term of validity current date it Afterwards, if not including digital certificate 1 in the CRL obtained in advance from CA, it is determined that digital certificate 1 is effective, Continue to read digital certificate 2.If the effect phase 2016-1-27 of digital certificate 2, for digital certificate 2, its The term of validity is identical with current date, now, if including digital certificate 2 from the CA CRL obtained in advance, Then determine that digital certificate 2 fails, and continues executing with subsequent step.After the completion of subsequent step, then read numeral Certificate 3, if the effect phase 2016-1-22 of digital certificate 3, for digital certificate 3, its term of validity is current Before date, it is determined that digital certificate 3 fails, and continues executing with subsequent step.After the completion of subsequent step, Then determine that digital certificates all in client 203 are verified.
303:Receiving terminal obtains effective first digital certificate, is effective the by the first updating digital certificate One digital certificate;
Specifically, the administrative unit 10311 in receiving terminal 103 obtains effective first digital certificate, by One updating digital certificate is effective first digital certificate.
Wherein, the method for obtaining effective first digital certificate, includes but is not limited to:Determine the first numeral card First transmitting terminal of book;Effective first digital certificate is asked to the first transmitting terminal;Or, from man-machine interface Obtain effective first digital certificate that user uploads.
Still by taking Fig. 2 as an example, if client 203 determines that digital certificate 2 fails in step 302, and numeral Certificate 2 is in storage, and be also stored with corresponding attribute information, and digital certificate 2 is described in attribute information Transmitting terminal, then client 203 digital certificate 2 can be determined according to the content of the attribute information of digital certificate 2 Transmitting terminal, ask effective digital certificate 2 to the transmitting terminal.
In addition to aforesaid way, if user A gets effective digital certificate by other modes such as purchases 2, user A can be uploaded the effective digital certificate 2 got by man-machine interface, now, client End obtains effective digital certificate 2 from man-machine interface.
Digital authenticating device 1031 includes administrative unit 10311 and verification unit 10312, verification unit 10312 Need to use the digital certificate check digit signature that administrative unit 10311 is regularly updated, therefore, administrative unit The digital certificate of renewal after step 303 is performed, can be also sent to verification unit 10312 by 10311, So that verification unit 10312 updates digital certificate, signed according to the digital certificate check digit of renewal.
Administrative unit 10311 in receiving terminal 103 periodically performs step 301 to step 303, to protect Demonstrate,prove the digital certificate timing renewal that administrative unit 10311 is stored.
Meanwhile, administrative unit 10311 periodically performs step 301 to step 303, is administrative unit 10311 Itself triggering, do not disturbed by other unit triggers.That is, no matter whether other units trigger administrative unit 10311 update its storage digital certificate, administrative unit 10311 can periodically perform step 301 to Step 303.
Beneficial effect:
Administrative unit is verified for the digital certificate of storage with predetermined period, when digital certificate fails, Effective digital certificate is obtained, and is effective digital certificate by updating digital certificate so that digital certificate is every Once verified every predetermined period, rather than often get digital signature to be verified and once examined, kept away Verification unit is exempted from and often gets digital signature to be verified to test the wasting of resources caused, also reduced The latest digital certificate that subsequent check unit is obtained using the application is digitally signed the time of verification.
When the verification unit 10312 of digital authenticating device 1031 receives the information of digital signature, it can touch The digital certificate authentication numeral label that hair verification unit 10312 is periodically verified according to administrative unit 10311 Name.With reference to above-mentioned implementation environment, the numeral that a kind of utilization embodiment illustrated in fig. 4 updates is present embodiments provided The method that certificate is digitally signed verification.
Referring to Fig. 4, the method flow that the present embodiment is provided is specific as follows:
401:Receiving terminal obtains digital signature, in the 6th digital certificate of caching, it is determined whether have and number Corresponding 7th digital certificate of word signature, if there is the 7th digital certificate, performs step 402 and step 403, If without the 7th digital certificate, performing step 404;
The verification unit 10312 of receiving terminal 103 is obtained after digital signature, in owning that receiving terminal 103 is cached In digital certificate, it is determined whether have digital certificate corresponding with the digital signature.
Wherein, the 6th digital certificate is that verification unit 10312 is obtained from administrative unit 10311 in advance, pipe Unit 10311 is managed with predetermined period, the validity of the digital certificate of storage is verified, when digital certificate fails, Effective digital certificate is obtained, and is effective digital certificate by updating digital certificate.
By taking Fig. 2 as an example, if after user A is paid the bill in client 203 using Alipay for the first time, then Secondary use Alipay is paid the bill, and client 203 obtains the digital signature 1 that Alipay server 201 is sent Afterwards, in all digital certificates of caching (digital certificate 1, digital certificate 2, digital certificate 3), it is determined that Whether have and the corresponding digital certificate of digital signature 1.
402:Receiving terminal is signed according to the pre- check digit of the 7th digital certificate, obtains the second check results;
Specifically, the verification unit 10312 of receiving terminal 103 is signed according to the pre- check digit of the 7th digital certificate, Obtain the second check results.
This step can be verified using existing digital signature verification method, in this present embodiment without tool Body explanation.
Still by taking Fig. 2 as an example, if having and the corresponding number of digital signature 1 in 3 digital certificates of user A cachings Word certificate 1, then sign according to the pre- check digit of digital certificate 1, the second check results obtained, wherein second Check results are effective or invalid.
403:Receiving terminal is according to the second check results, check digit signature.
Specifically, if the second check results are effective, the verification unit 10312 of receiving terminal 103 determines number Word signature is effective;
If the second check results are failure, step 4031 is performed to 4034.
Still by taking Fig. 2 as an example, if being signed according to the pre- check digit of digital certificate 1, obtained check results are to have Effect, then illustrate that digital signature is not tampered with transmitting procedure, digital signature is safe and reliable, can be by this Digital signature carries out continuation payment activity.If being signed according to the pre- check digit of digital certificate 1, obtained verification As a result it is failure.
It should be noted that there is two kinds of situations that the verification unit 10312 of receiving terminal 103 can be made to obtain second Check results are invalid conclusion:
The first situation:Digital signature is tampered during transmitting terminal 101 is transmitted to receiving terminal 103, Digital signature is dangerous;
Second of situation:It is used to verify that the 7th digital certificate of digital signature is wrong in receiving terminal 103, with mistake Digital certificate authentication digital signature, no matter whether digital signature is safe, checking failure by mistake.
Wherein, the reason for the 7th digital certificate is wrong in receiving terminal 103 may be caused, there is the following two kinds:
The first possibility:7th digital certificate of the administrative unit 10311 of receiving terminal 103 storage is wrong, by The digital certificate used in verification unit 10312 is obtained from administrative unit 10311, so school The 7th digital certificate in verification certificate member 10312 is also wrong;
Second of possibility:7th digital certificate of the administrative unit 10311 of receiving terminal 103 storage updates (the 7th digital certificate that i.e. administrative unit 10311 is stored is correct), and verification unit 10312 is single from management The 7th digital certificate of renewal is obtained in member 10311 to be needed to expend certain time, and pre- check digit signature is by chance Occur within the time, therefore the 7th digital certificate in administrative unit 10311 is the 7th numeral not updated Certificate, i.e., the 7th wrong digital certificate.
For receiving terminal 103 verification unit 10312 obtain the second check results for it is invalid in the case of, due to Producing reason is more, in order to avoid being counted due to the 7th wrong digital signature verification by safety of digital certificate Word signature failure is, it is necessary to continue executing with step 4031 to 4034, the reason for determine specific, lifts this reality Apply the verification accuracy that example provides scheme.
4031:The verification unit administrative unit of receiving terminal sends the verification of the second certificate to administrative unit and asked;
Wherein, the second certificate verification request carries the 7th digital certificate, so that the numeral of administrative unit verification the 7th The validity of certificate, and return to the 3rd check results.
4032:The administrative unit of receiving terminal receives First Certificate verification request;
Wherein, First Certificate verification request is sent by verification unit, and carries the 4th digital certificate.
In addition, digital authenticating device 1031 can include multiple verification units 10312, therefore administrative unit The 10311 First Certificate verification requests received, can be that the verification unit 10312 in step 4031 is sent Second certificate verification request, or in digital authenticating device 1031 other verification units send other Certificate verification request.That is, the First Certificate verification request in step 4032 can be with the in step 4031 The verification request of two certificates is identical, can also be different.If First Certificate verification request and step in step 4032 The second certificate verification request in rapid 4031 is identical, then the 4th numeral card that First Certificate verification request is carried Book is the 7th digital certificate of the second certificate verification request carrying in step 4031.If in step 4032 One certificate verification request is differed with the second certificate verification request in step 4031, then First Certificate is verified The 4th digital certificate of carrying is asked for other digital certificates, non-7th digital certificate, therefore, the 4th numeral Certificate can be identical with the 7th digital certificate, can also be different.
4033:The administrative unit of receiving terminal verifies the validity of the 4th digital certificate, obtains the first check results, And return to the first check results to verification unit;
For the specific implementation for the validity for verifying the 4th digital certificate, following 3 steps can be passed through Realize.
Step 1:Determine effect phase and the current date of the 4th digital certificate;
Step 2:Judge the 4th digital certificate the effect phase and current date between relation;
If the term of validity of the 4th digital certificate is before current date, it is determined that the 4th digital certificate fails;
If the term of validity of the 4th digital certificate is not before current date, step 3 is performed;
Step 3:The validity of the 4th digital certificate is verified according to the 2nd CRL.
Wherein, the 2nd CRL is in advance from CA acquisition.
If specifically, the 2nd CRL includes the 4th digital certificate, it is determined that the 4th digital certificate fails;
If not including the 4th digital certificate in the 2nd CRL, it is determined that the 4th digital certificate is effective.
In addition, in order to improve verification efficiency, administrative unit 10311 receives verification unit 10312 in step 4032 Transmission First Certificate verification request after, can be first in all first digital certificates, it is determined whether have with The corresponding digital certificate of the 4th digital certificate carried in First Certificate verification request.
If digital certificate not corresponding with the 4th digital certificate carried in First Certificate verification request, says Bright 4th digital certificate non-management unit 10311 is sent, or, due to other reasonses administrative unit 10311 Deleted again after transmission, it is invalid that can directly determine the first check results, and without carrying out in step 4033 The step of verifying the validity of the 4th digital certificate.
If there is digital certificate corresponding with the 4th digital certificate carried in First Certificate verification request, then determine Whether the 4th digital certificate is identical with corresponding digital certificate, if the 4th digital certificate and corresponding digital certificate Differ, then illustrate that mistake occurs in the 4th digital certificate, can directly determine the first check results to be invalid, And without carrying out in step 4033 verify the 4th digital certificate validity the step of.If the 4th digital certificate It is identical with corresponding digital certificate, then perform the step for the validity that the 4th digital certificate is verified in step 4033 Suddenly, the first check results are obtained.
It should be noted that, although administrative unit 10311 itself is periodically updating the step of digital certificate process In rapid 302, the first CRL can be also obtained from certificate authorization center CA, but because CA is also periodically more New CRL, the second CRL for being to ensure step 4033 is newest CRL, and step 4033 is still advance The 2nd CRL can be obtained from CA, if step 4033 obtains the 2nd CRL time with being obtained in step 302 First CRL time is located in same period, then the 2nd CRL is identical with the first CRL, if step 4033 Time of the time for obtaining the 2nd CRL with obtaining the first CRL in step 302 is located in different cycles, then 2nd CRL and the first CRL is differed.Whether the present embodiment is not identical with the first CRL to the 2nd CRL Make specific limit.
In addition, if the first check results are failure, administrative unit 10311 needs to carry to verification unit 10312 For effective digital certificate, so that verification unit 10312 smoothly check digit can sign, therefore, pipe It is that after failing, can also obtain effectively that reason unit 10311, which is put and the first check results are obtained in step 4033, The 4th digital certificate, effective 4th digital certificate is sent to calibration equipment, so that calibration equipment is according to having The digital certificate authentication digital signature of effect.
Wherein, the method for obtaining effective 4th digital certificate, includes but is not limited to:Administrative unit 10311 Determine the 4th transmitting terminal of the 4th digital certificate;Effective 4th digital certificate is asked to the 4th transmitting terminal;Or Person, administrative unit 10311 obtains effective 4th digital certificate that user uploads from man-machine interface.
In order to which the digital certificate ensured in administrative unit 10311 can upgrade in time, the effective 4th is being obtained After digital certificate, administrative unit 10311 can also be in all first digital certificates, it is determined whether have with effectively Corresponding 5th digital certificate of the 4th digital certificate;If managing device has the 5th digital certificate, by the 5th Updating digital certificate is effective 4th digital certificate;If managing device does not have the 5th digital certificate, store Effective 4th digital certificate.
4034:Verification unit receives the 3rd check results, and according to the 3rd check results, check digit signature;
Wherein, the 3rd check results are sent by administrative unit.
If specifically, the 3rd check results are effective, it is determined that digital signature is effective;
If the 3rd check results are failure, verification unit 10312 receives having for the transmission of administrative unit 10311 7th digital certificate of effect;Verification unit 10312 is signed according to effective 7th digital certificate check digit.
In addition, in order to ensure it is follow-up be digitally signed verification when, directly using effective 7th digital certificate, Verification unit 10312, can also be by the 7th after effective 7th digital certificate that managing device is sent is received Updating digital certificate is effective 7th digital certificate.
404:Receiving terminal obtains the 7th digital certificate, is signed, obtained according to the pre- check digit of the 7th digital certificate To the 4th check results, according to the 4th check results, check digit signature.
This step can be realized in specific perform by following step 4041 to 4045
4041:Receiving terminal verification unit sends the request of the second certificate acquisition to administrative unit;
Wherein, the request of the second certificate acquisition carries the second mark of the 7th digital certificate, so that administrative unit 10311 return to the 7th digital certificate according to the second mark;
4042:Administrative unit receives First Certificate and obtains request;
Wherein, First Certificate obtains request and sent by verification unit 10312, and carries the first mark.
In addition, digital authenticating device 1031 can include multiple verification units 10312, therefore administrative unit 10311 First Certificates received obtain request, can be that the verification unit 10312 in step 4041 is sent Second certificate acquisition ask, or in digital authenticating device 1031 other calibration equipments send other Certificate acquisition is asked, therefore, First Certificate in step 4042 obtain request can with step 4041 The request of second certificate acquisition is identical, can also be different.If First Certificate in step 4042 obtain request with The second certificate acquisition request in step 4041 is identical, then First Certificate obtains the first mark that request is carried Ask the second mark carried identical with the second certificate acquisition.First Certificate in step 4042 obtains request Differed with the second certificate acquisition request in step 4041, then the first mark is differed with the second mark, Therefore, the first mark can be with identical with the second mark, can also difference.
4043:Administrative unit returns to the 3rd digital certificate corresponding with the first mark to verification unit;
Specifically, administrative unit 10311 is in all first digital certificates, it is determined whether have and the first mark Corresponding 3rd digital certificate, if there is the 3rd digital certificate, the 3rd numeral is returned to verification unit 10312 Certificate, if not there is the 3rd digital certificate, obtains the 3rd digital certificate, and return to verification unit 10312 The 3rd digital certificate obtained;
Wherein, the concrete mode of the 3rd digital certificate is obtained, is included but is not limited to:Determined according to the first mark 3rd transmitting terminal of the 3rd digital certificate, and ask the 3rd digital certificate to the 3rd transmitting terminal;Or, management Device obtains the 3rd digital certificate that user uploads from man-machine interface.
In addition, administrative unit 10311 is obtained in step 4043 after the 3rd new digital certificate, it can also store The 3rd digital certificate obtained.
4044:Verification unit receives the 7th digital certificate that administrative unit is returned, according to the 7th of return the numeral The pre- check digit signature of certificate, obtains the 4th check results;
Wherein, after verification unit 10312 receives the 7th digital certificate that administrative unit 10311 is returned, go back The 7th digital certificate can be cached, directly to use the 7th digital certificate in following digital signature check.
4045:Verification unit is according to the 4th check results, check digit signature.
If specifically, the 4th check results are effective, it is determined that digital signature is effective;
If the 4th check results are failure, send the verification of the 3rd certificate to administrative unit and ask, obtain management Unit verifies the 5th check results that request is returned based on the 3rd certificate, according to the 5th check results, check number Word is signed.
Wherein, the 3rd certificate verification request carries the 7th digital certificate returned, so that administrative unit 10311 The validity of the 7th digital certificate returned is verified, and returns to the 5th check results;
Administrative unit 10311 receives the verification request of the 3rd certificate, and returns to the implementation process of the 5th check results It is identical with step 4042 and step 4043, only it is that the digital certificate carried during certificate verification is asked is different.Tool Body embodiment is referring to step 4042 and step 4043, and here is omitted.
In addition, for according to the 5th check results, check digit signature step, with step 4044 and step 4045 is identical, is only that digital certificate is different, for details, reference can be made to step 4044 and step 4045, herein no longer Repeat.
By above-mentioned steps 401 to step 404, administrative unit 10311 is handed over verification unit 10312 Mutually, the digital certificate authentication numeral that verification unit 10312 is periodically verified according to administrative unit 10311 is completed The process of signature.
In the process, the digital certificate directly cached using verification unit 10312 carries out school to digital signature Test, for verifying successful situation, it is no longer necessary to carry out the checking of digital certificate validity, shorten numeral The signature check time.
In addition, in embodiment described in Fig. 3, administrative unit 10311 can be to when updating digital certificate, Verification unit 10312 sends effective digital certificate, therefore, the verification unit 10312 in the present embodiment, While step 401 to step 404 is performed, the 8th numeral of the transmission of administrative unit 10311 can be also received Certificate;Verification unit 10312 is in all 6th digital certificates of caching, it is determined whether demonstrate,proved with the 8th numeral Corresponding 9th digital certificate of book;If verification unit 10312 has the 9th digital certificate, the 9th numeral is demonstrate,proved Book is updated to the 8th digital certificate;If verification unit 10312 does not have the 9th digital certificate, caching the 8th is counted Word certificate, to ensure the digital certificate in the caching of receiving terminal 103 and the digital certificate in administrative unit 10311 It is synchronous.
Discussed above, the digital certificate that the utilization embodiment illustrated in fig. 3 to the application updates is digitally signed The method of verification is illustrated.
Below, with reference to above-mentioned implementation environment, by taking the implement scene shown in Fig. 5 as an example, the present embodiment is provided Method illustrated again.Wherein, the implement scene shown in Fig. 5 includes:Administrative unit 501 and verification Unit 502, administrative unit 501 include certificate veritify subelement 5011, CRL request subelement 5012, Automatic regular polling subelement 5013, certificate upload subelement 5014, certificate request subelement 5015, and verification is single Member 502 includes signature and veritifies subelement 5021 and certificate cache subelement 5022.
Wherein, certificate veritifies the verification that subelement 5011 is responsible for completing certificate validity, specific saddlebag Include the fractionation to certificate and the inspection of validity.
CRL request subelements 5012 are the subelements that a timing comes into force, and main task is that request is newest CRL。
Automatic regular polling subelement 5013 is operated by regular schedule, is responsible for triggering certificate and is veritified subelement 5011 Operation.
Certificate, which uploads subelement 5014, to be provided for the certificate of some special channels, and these channels do not pass through Message transmits new certificate, is transmitted by other media, and it is single then to upload son by certificate by manually What member was uploaded.
Certificate request subelement 5015 undertakes communication work, and effective certificate is asked in the way of agreement.
Signature veritifies subelement 5021, has according to default algorithms of different and signature key element to the signature field of message Effect property is veritified.
Certificate cache subelement 5022, the digital certificate that terminal where for caching is received.
Referring to Fig. 6, the flow of digital authenticating system operation is:
First, it is to specify its term of validity information at the time of certificate is issued, and information is attached on certificate, Whether certificate veritifies subelement 5011 can check the term of validity of each certificate before current date.If it is, Then illustrate the Certificate Revocation, it is necessary to the certificate that please be look for novelty.Otherwise the certificate continues to keep effective.Further, Certificate, which veritifies subelement 5011, can check certificate whether in CRL, if it is, explanation certificate is explicitly Be revoked, it is invalid still to need certificate being set to, and further by certificate upload subelement 5014 or Certificate request subelement 5015 obtains valid certificate.
CRL request subelements 5012 are the subelements that a timing comes into force, and it veritifies subelement by certificate Scheduled in 5011, main task is the newest CRL of request.The CRL got will give certificate and veritify son Unit 5011 is used.
Alternatively, certificate veritifies subelement 5011 after current certificates failure is found, please can also draw lots before idols first Name veritifies subelement 5021 and updates the caching of oneself, stops being continuing with the certificate of failure.Taking renewal Certificate when, by certificate be pushed to signature veritify subelement 5021, make it possible to continue veritify signature.
The above-mentioned action that certificate veritifies subelement 5011 is by the automatic regular polling subelement 5013 shown in Fig. 7 Periodically trigger, the certificate rotation behaviour of a upper frequency can be kept on the premise of service logic is not influenceed Make, when there is new authentication to need to be acquired, whole system can be in most fast Time Perception.
Signature veritifies the core that subelement 5021 is whole digital authenticating system operating, is transmitted when there is message During needing checking to sign, signature can be called to veritify the execution signature of subelement 5021 and veritified.
In application, certificate is veritified and digital signature is veritified to split and, signature is veritified subelement 5021 and existed Perform signature veritify not by when, the operation preferentially done be active reverse request certificate veritify subelement 5011, certificate veritifies subelement 5011 and now there are several possibility, and one is not yet to perceive the certificate to have renewal Version, can repeat the action of above-mentioned certificate update, one is that known credentials have more redaction, simply not yet notify to Application person, now directly can be issued to signature by new authentication and veritify subelement 5021, and notify all signatures Veritify subelement 5021 and update the certificate pair that this certificate is cached at it locally by certificate cache subelement 5022 This.
Beneficial effect:
Verification unit is obtained after digital signature, in the digital certificate of caching, it is determined whether have and digital signature Corresponding digital certificate, if there is corresponding digital certificate, according to the pre- check digit label of corresponding digital certificate Name, obtains the second check results, further according to the second check results, check digit signature so that digital signature Verification is separated with digital certificate verification, in digital signature verification success, no longer carries out digital certificate verification, Shorten the time of digital signature verification.In addition, the digital certificate in caching is in advance from administrative unit acquisition , administrative unit verifies the validity of the digital certificate of storage with predetermined period, when digital certificate fails, Effective digital certificate is obtained, and is effective digital certificate by updating digital certificate, it is ensured that in caching Digital certificate is latest digital certificate, it is to avoid verification unit often gets digital signature to be verified and carried out Examine the wasting of resources caused.
Based on same inventive concept, a kind of digital authenticating device is present embodiments provided, due to digital authenticating dress Put the digital signature shown in a kind of digital certificate updating method and Fig. 4 certainly shown in the principle and Fig. 3 of problem Method of calibration is similar, therefore the implementation of digital authenticating device may refer to method shown in Fig. 3 and Fig. 4 Embodiment, repeats part and repeats no more.
Referring to Fig. 7, the digital authenticating device includes:
Administrative unit 701 and verification unit 702;
Administrative unit 701, for predetermined period, verifying the validity of the first digital certificate of storage;When When first digital certificate fails, effective first digital certificate is obtained;It is effective by the first updating digital certificate The first digital certificate;
Verification unit 702, for obtaining digital signature;In the 4th digital certificate of caching, it is determined whether There is the 5th digital certificate corresponding with digital signature, the 4th digital certificate is to be obtained in advance from administrative unit 701 's;When there is five digital certificates, signed according to the pre- check digit of the 5th digital certificate, obtain the second verification As a result;According to the second check results, check digit signature.
Alternatively, administrative unit 701, the transmitting terminal for determining the first digital certificate, are asked to transmitting terminal Effective first digital certificate;Or, obtain effective first digital certificate that user uploads from man-machine interface.
Alternatively, administrative unit 701, are additionally operable to send effective first digital certificate to verification unit 702, So that verification unit 702 is signed according to effective first digital certificate check digit.
Alternatively, verification unit 702, are additionally operable to when without five digital certificates, send out to administrative unit 701 The second certificate acquisition is sent to ask, the request of the second certificate acquisition carries the second mark of the 5th digital certificate;According to The pre- check digit signature of the 5th digital certificate returned, obtains the 4th check results;According to the 4th check results, Check digit is signed;
Administrative unit 701, is additionally operable to receive the First Certificate acquisition request that verification unit 702 is sent, first Certificate acquisition request carries first and identified;In all first digital certificates, it is determined whether have and the first mark Corresponding second digital certificate;When there is the second digital certificate, return to the second numeral to verification unit 702 and demonstrate,prove Book;When not there is the second digital certificate, the second digital certificate is obtained, and acquisition is returned to verification unit 702 The second digital certificate.
Alternatively, verification unit 702, for when the second check results are effective, determining that digital signature has Effect;When the second check results is failures, send the verification of the second certificate to administrative unit 701 and ask, second Certificate verification request carries the 5th digital certificate;According to the 3rd check results of return, check digit signature;
Administrative unit 701, is additionally operable to receive the First Certificate verification request that verification unit 702 is sent, first Certificate verification request carries the 3rd digital certificate;The validity of the 3rd digital certificate is verified, the first verification is obtained As a result;The first check results are returned to verification unit 702.
Alternatively, verification unit 702, for determining that digital signature is effective;When the 3rd check results are failure When, receive effective 5th digital certificate that administrative unit 701 is sent;According to effective 5th digital certificate Check digit is signed;
Administrative unit 701, is additionally operable to, when the first check results is failures, obtain effective 3rd numeral card Book;Effective 3rd digital certificate is sent to verification unit 702, so that verification unit 702 is according to effective 3rd digital certificate check digit is signed.
Have the beneficial effect that:
Verification unit is obtained after digital signature, in the digital certificate of caching, it is determined whether have and digital signature Corresponding digital certificate, if there is corresponding digital certificate, according to the pre- check digit label of corresponding digital certificate Name, obtains the second check results, further according to the second check results, check digit signature so that digital signature Verification is separated with digital certificate verification, in digital signature verification success, no longer carries out digital certificate verification, Shorten the time of digital signature verification.In addition, the digital certificate in caching is in advance from administrative unit acquisition , administrative unit verifies the validity of the digital certificate of storage with predetermined period, when digital certificate fails, Effective digital certificate is obtained, and is effective digital certificate by updating digital certificate, it is ensured that in caching Digital certificate is latest digital certificate, it is to avoid verification unit often gets digital signature to be verified and carried out Examine the wasting of resources caused.
In above-described embodiment, it can be implemented using existing function component module.For example, processing mould Block can use existing data processing component, at least, the location-server used in existing location technology On just possess and realize the function component;Then it is that any one possesses signal transfer functions as receiving module The component that all possesses of equipment;Meanwhile, A, n parameter that processing module is carried out are calculated, intensity is adjusted etc. What is used is all existing technological means, and those skilled in the art can be achieved by corresponding design and develop.
For convenience of description, each several part of apparatus described above is divided into various modules with function or unit is distinguished Description.Certainly, can be each module or the function of unit in same or multiple softwares when implementing the present invention Or realized in hardware.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot The form of embodiment in terms of conjunction software and hardware.Wherein wrapped one or more moreover, the present invention can be used Containing computer usable program code computer-usable storage medium (include but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) on the form of computer program product implemented.
The present invention is with reference to the production of method according to embodiments of the present invention, equipment (system) and computer program The flow chart and/or block diagram of product is described.It should be understood that can by computer program instructions implementation process figure and / or each flow and/or square frame in block diagram and the flow in flow chart and/or block diagram and/ Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, insertion Formula processor or the processor of other programmable data processing devices are to produce a machine so that pass through and calculate The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device for the function of being specified in individual flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or the processing of other programmable datas to set In the standby computer-readable memory worked in a specific way so that be stored in the computer-readable memory Instruction produce include the manufacture of command device, the command device realization in one flow or multiple of flow chart The function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and perform series of operation steps on computer or other programmable devices to produce computer implemented place Reason, so that the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames. , but those skilled in the art once know basic wound although preferred embodiments of the present invention have been described The property made concept, then can make other change and modification to these embodiments.So, appended claims meaning It is intended to be construed to include preferred embodiment and falls into having altered and changing for the scope of the invention.

Claims (18)

1. a kind of digital certificate updating method, it is characterised in that methods described includes:
Administrative unit verifies the validity of the first digital certificate of storage with predetermined period;
If the first digital certificate failure, administrative unit obtains effective first digital certificate;
First updating digital certificate is effective first digital certificate by administrative unit.
2. according to the method described in claim 1, it is characterised in that the first numeral of the verification storage The validity of certificate, including:
If the term of validity of first digital certificate is before current date, administrative unit determines described first Digital certificate fails;
If the term of validity of first digital certificate is not before current date, administrative unit according to obtaining in advance The CRL taken verifies the validity of first digital certificate.
3. according to the method described in claim 1, it is characterised in that the administrative unit obtains effective First digital certificate, including:
Administrative unit determines the transmitting terminal of first digital certificate, and effective first is asked to the transmitting terminal Digital certificate;Or,
Administrative unit obtains effective first digital certificate that user uploads from man-machine interface.
4. according to the method described in claim 1, it is characterised in that the administrative unit is by described first Updating digital certificate be effective first digital certificate after, in addition to:
Administrative unit sends effective first digital certificate to verification unit, so that the verification unit root Signed according to the effective first digital certificate check digit.
5. the method according to Claims 1-4 any claim, it is characterised in that the side Method also includes:
Administrative unit receives the First Certificate acquisition request that verification unit is sent, and the First Certificate obtains request First is carried to identify;
Administrative unit is in all first digital certificates, it is determined whether have and the described first mark corresponding second Digital certificate;
If there is second digital certificate, administrative unit returns to second numeral to the verification unit and demonstrate,proved Book, so that the verification unit is signed according to the second digital certificate check digit;
If not there is second digital certificate, administrative unit obtains second digital certificate, and to described Verification unit returns to the second digital certificate obtained, so that the verification unit is according to the second of the acquisition the number Word certificate check digit is signed.
6. the method according to Claims 1-4 any claim, it is characterised in that the side Method also includes:
Administrative unit receives the First Certificate verification request that verification unit is sent, the First Certificate verification request Carry the 3rd digital certificate;
Administrative unit verifies the validity of the 3rd digital certificate, obtains the first check results;
Administrative unit returns to first check results to the verification unit so that the verification unit according to The first check results check digit signature.
7. method according to claim 6, it is characterised in that first check results are failure;
It is described obtain the first check results after, in addition to:
Administrative unit obtains effective 3rd digital certificate;
Administrative unit sends effective 3rd digital certificate to the verification unit, so that the verification is single Member is signed according to the effective 3rd digital certificate check digit.
8. a kind of digital signature verification method, it is characterised in that methods described includes:
Verification unit obtains digital signature;
Verification unit is in the 4th digital certificate of caching, it is determined whether have corresponding with the digital signature Five digital certificates, the 4th digital certificate is what is obtained in advance from administrative unit, and the administrative unit is with pre- Fixed cycle, verifies the validity of the digital certificate of storage, when digital certificate fails, and obtains effective numeral Certificate, and be effective digital certificate by updating digital certificate;
If there is the 5th digital certificate, verification unit verifies the number in advance according to the 5th digital certificate Word is signed, and obtains the second check results;
Verification unit verifies the digital signature according to second check results.
9. method according to claim 8, it is characterised in that the verification unit is according to described Two check results, verify the digital signature, including:
If second check results are effective, verification unit determines that the digital signature is effective;
If second check results are failure, verification unit sends the second certificate school to the administrative unit Request is tested, the second certificate verification request carries the 5th digital certificate, so that the administrative unit school The validity of the 5th digital certificate is tested, and returns to the 3rd check results;
Verification unit verifies the digital signature according to the 3rd check results.
10. method according to claim 9, it is characterised in that the verification unit is according to described Three check results, verify the digital signature, including:
If the 3rd check results are effective, verification unit determines that the digital signature is effective;
If the 3rd check results are failure, verification unit receives the effective of the administrative unit transmission 5th digital certificate;The digital signature is verified according to effective 5th digital certificate.
11. method according to claim 8, it is characterised in that described to determine whether and the number Word is signed after corresponding 5th digital certificate, in addition to:
If without the 5th digital certificate, verification unit sends the second certificate acquisition to the administrative unit please Ask, the second certificate acquisition request carries the second mark of the 5th digital certificate, so that the management Unit returns to the 5th digital certificate according to the described second mark;
Verification unit verifies the digital signature in advance according to the 5th digital certificate of the return, obtains the 4th school Test result;
Verification unit verifies the digital signature according to the 4th check results.
12. method according to claim 8, it is characterised in that methods described also includes:
Verification unit receives the 6th digital certificate that administrative unit is sent;
Verification unit is in all 4th digital certificates of caching, it is determined whether with the 6th digital certificate pair The digital certificate answered;
If there is digital certificate corresponding with the 6th digital certificate, verification unit will be with the described 6th numeral The corresponding updating digital certificate of certificate is the 6th digital certificate;
If not there is digital certificate corresponding with the 6th digital certificate, verification unit caching the 6th number Word certificate.
13. a kind of digital authenticating device, it is characterised in that the system includes:Administrative unit and verification are single Member;
The administrative unit, for predetermined period, verifying the validity of the first digital certificate of storage;When During the first digital certificate failure, effective first digital certificate is obtained;By first digital certificate more It is newly effective first digital certificate;
The verification unit, for obtaining digital signature;In the 4th digital certificate of caching, it is determined whether There is the 5th digital certificate corresponding with the digital signature, the 4th digital certificate is in advance from the management What unit was obtained;When there is five digital certificate, the number is verified according to the 5th digital certificate in advance Word is signed, and obtains the second check results;According to second check results, the digital signature is verified.
14. device according to claim 13, it is characterised in that administrative unit, for determining The transmitting terminal of the first digital certificate is stated, effective first digital certificate is asked to the transmitting terminal;Or, from Man-machine interface obtains effective first digital certificate that user uploads.
15. device according to claim 13, it is characterised in that the administrative unit, is additionally operable to Effective first digital certificate is sent to the verification unit, so that the verification unit has according to The first digital certificate check digit signature of effect.
16. device according to claim 13, it is characterised in that the verification unit, is additionally operable to When without five digital certificate, the request of the second certificate acquisition, described second are sent to the administrative unit Certificate acquisition request carries the second mark of the 5th digital certificate;It is pre- according to the 5th digital certificate of return The digital signature is verified, the 4th check results are obtained;According to the 4th check results, the number is verified Word is signed;
The administrative unit, is additionally operable to receive the First Certificate acquisition request that the verification unit is sent, described First Certificate obtains request and carries the first mark;In all first digital certificates, it is determined whether have with it is described Corresponding second digital certificate of first mark;When there is second digital certificate, returned to the verification unit Return second digital certificate;When not there is second digital certificate, second digital certificate is obtained, And the second digital certificate obtained is returned to the verification unit.
17. device according to claim 13, it is characterised in that the verification unit, for working as When second check results are effective, determine that the digital signature is effective;When second check results are During failure, send the verification of the second certificate to the administrative unit and ask, the second certificate verification request is carried 5th digital certificate;According to the 3rd check results of return, the digital signature is verified;
The administrative unit, is additionally operable to receive the First Certificate verification request that the verification unit is sent, described First Certificate verification request carries the 3rd digital certificate;The validity of the 3rd digital certificate is verified, is obtained First check results;First check results are returned to the verification unit.
18. device according to claim 17, it is characterised in that the verification unit, for true The fixed digital signature is effective;When the 3rd check results is failures, receive the administrative unit and send Effective 5th digital certificate;The digital signature is verified according to effective 5th digital certificate;
The administrative unit, is additionally operable to, when first check results is failures, obtain effective 3rd number Word certificate;Effective 3rd digital certificate is sent to the verification unit, so that the verification unit root Signed according to the effective 3rd digital certificate check digit.
CN201610069609.3A 2016-02-01 2016-02-01 Digital certificate updating method, digital signature verification method and digital authentication device Active CN107026738B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610069609.3A CN107026738B (en) 2016-02-01 2016-02-01 Digital certificate updating method, digital signature verification method and digital authentication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610069609.3A CN107026738B (en) 2016-02-01 2016-02-01 Digital certificate updating method, digital signature verification method and digital authentication device

Publications (2)

Publication Number Publication Date
CN107026738A true CN107026738A (en) 2017-08-08
CN107026738B CN107026738B (en) 2020-05-19

Family

ID=59525010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610069609.3A Active CN107026738B (en) 2016-02-01 2016-02-01 Digital certificate updating method, digital signature verification method and digital authentication device

Country Status (1)

Country Link
CN (1) CN107026738B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092777A (en) * 2017-12-26 2018-05-29 北京奇虎科技有限公司 The monitoring and managing method and device of digital certificate
CN110825400A (en) * 2018-08-14 2020-02-21 杭州萤石软件有限公司 Certificate updating method and system for application program client
CN111510302A (en) * 2020-04-14 2020-08-07 北京信安世纪科技股份有限公司 Method and system for improving certificate verification efficiency in secure communication protocol
CN111753278A (en) * 2020-06-17 2020-10-09 北京版信通技术有限公司 Comprehensive management system and method for electronic copyright authentication certificate
WO2021249238A1 (en) * 2020-06-12 2021-12-16 广州汽车集团股份有限公司 Vehicle digital certificate management method and apparatus
CN115250186A (en) * 2021-04-12 2022-10-28 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN117134981A (en) * 2023-09-07 2023-11-28 中南大学湘雅二医院 AI learning-based physical operation surface wound pressure data processing method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1653779A (en) * 2002-03-20 2005-08-10 捷讯研究有限公司 System and method for supporting multiple certificate status providers on a mobile communication device
CN1672380A (en) * 2002-03-20 2005-09-21 捷讯研究有限公司 System and method for checking digital certificate status
CN101136743A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Digital certificate updating method and system
CN101136098A (en) * 2006-08-30 2008-03-05 阿里巴巴公司 Method, device and system for accessing to certificate revocation list
CN101841525A (en) * 2010-03-02 2010-09-22 中国联合网络通信集团有限公司 Secure access method, system and client
US8606875B1 (en) * 2004-06-30 2013-12-10 Oracle America, Inc. Method and system for automatic distribution and installation of a client certificate in a secure manner

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1653779A (en) * 2002-03-20 2005-08-10 捷讯研究有限公司 System and method for supporting multiple certificate status providers on a mobile communication device
CN1672380A (en) * 2002-03-20 2005-09-21 捷讯研究有限公司 System and method for checking digital certificate status
US8606875B1 (en) * 2004-06-30 2013-12-10 Oracle America, Inc. Method and system for automatic distribution and installation of a client certificate in a secure manner
CN101136098A (en) * 2006-08-30 2008-03-05 阿里巴巴公司 Method, device and system for accessing to certificate revocation list
CN101136743A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Digital certificate updating method and system
CN101841525A (en) * 2010-03-02 2010-09-22 中国联合网络通信集团有限公司 Secure access method, system and client

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092777A (en) * 2017-12-26 2018-05-29 北京奇虎科技有限公司 The monitoring and managing method and device of digital certificate
CN108092777B (en) * 2017-12-26 2021-08-24 北京奇虎科技有限公司 Method and device for supervising digital certificate
CN110825400A (en) * 2018-08-14 2020-02-21 杭州萤石软件有限公司 Certificate updating method and system for application program client
CN110825400B (en) * 2018-08-14 2024-04-23 杭州萤石软件有限公司 Certificate updating method and system of application program client
CN111510302A (en) * 2020-04-14 2020-08-07 北京信安世纪科技股份有限公司 Method and system for improving certificate verification efficiency in secure communication protocol
CN111510302B (en) * 2020-04-14 2023-11-14 北京信安世纪科技股份有限公司 Method and system for improving certificate verification efficiency in secure communication protocol
WO2021249238A1 (en) * 2020-06-12 2021-12-16 广州汽车集团股份有限公司 Vehicle digital certificate management method and apparatus
CN111753278A (en) * 2020-06-17 2020-10-09 北京版信通技术有限公司 Comprehensive management system and method for electronic copyright authentication certificate
CN115250186A (en) * 2021-04-12 2022-10-28 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN115250186B (en) * 2021-04-12 2024-04-16 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN117134981A (en) * 2023-09-07 2023-11-28 中南大学湘雅二医院 AI learning-based physical operation surface wound pressure data processing method and system
CN117134981B (en) * 2023-09-07 2024-05-14 中南大学湘雅二医院 AI learning-based physical operation surface wound pressure data processing method and system

Also Published As

Publication number Publication date
CN107026738B (en) 2020-05-19

Similar Documents

Publication Publication Date Title
CN107026738A (en) Digital certificate updating method, digital signature verification method and digital authentication device
CN107257340B (en) A kind of authentication method, authentication data processing method and equipment based on block chain
CN106339222B (en) A kind of service implementing method and device
US10387856B2 (en) Online payment method, system, and apparatus
CN107911337A (en) A kind of apparatus bound method, server and equipment
CN110011978B (en) Method, system, device and computer equipment for modifying block chain network configuration
CN110138562A (en) The certificate issuance method, apparatus and system of smart machine
CN103748526A (en) Method and system for providing device-specific operator data for automation device in automation installation
CN110417502A (en) A kind of block chain nodal clock common recognition method and device
CN112615753B (en) Link abnormity tracking method, first node, second node and link
CN104580104A (en) Method, device and system for identity verification
CN112202747A (en) Target device binding method and device, storage medium and electronic device
CN110263565A (en) Method and apparatus for calling service
CN113505520A (en) Method, device and system for supporting heterogeneous federated learning
CN102984046A (en) Processing method of instant messaging business and corresponding network equipment
CN109861996A (en) Relationship method of proof, device, equipment and storage medium based on block chain
CN107896227A (en) A kind of data calling method, device and device data cloud platform
CN110247917A (en) Method and apparatus for authenticating identity
CN109145649A (en) Method for processing video frequency, certificates constructing method and related device based on law enforcement terminal
CN113536284A (en) Method, device, equipment and storage medium for verifying digital certificate
CN109451483A (en) ESIM data processing method, equipment and readable storage medium storing program for executing
CN112181599B (en) Model training method, device and storage medium
CN104917720A (en) Method and device for resetting password
CN112905437A (en) Method and device for testing case and storage medium
JP2007241720A (en) Ims (ip multimedia subsystem) access right authentication method and terminal unit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.

TR01 Transfer of patent right