CN108092777A - The monitoring and managing method and device of digital certificate - Google Patents
The monitoring and managing method and device of digital certificate Download PDFInfo
- Publication number
- CN108092777A CN108092777A CN201711430415.2A CN201711430415A CN108092777A CN 108092777 A CN108092777 A CN 108092777A CN 201711430415 A CN201711430415 A CN 201711430415A CN 108092777 A CN108092777 A CN 108092777A
- Authority
- CN
- China
- Prior art keywords
- certificate
- certificates identified
- digital certificate
- issuer
- analysis result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the monitoring and managing methods and device of a kind of digital certificate.Wherein, this method includes:The certificate access comprising certificates identified is sent to certificate server to ask, the certificate access result for returning to certificate server parses, and obtains analysis result;Whether the field value of each field included in analysis analysis result, the digital certificate according to corresponding to analysis result judges certificates identified meet default regulatory rule;If so, sending certificate supervision request to certificate server, supervise request according to certificate for certificate server performs default policing operation to the digital certificate corresponding to certificates identified.It can be seen that using scheme provided by the invention, can active access certificate server, and the certificate for meeting default regulatory rule is supervised by way of parsing and analyzing and access result, to prevent from influencing the use of user due to certificate goes wrong.
Description
Technical field
The present invention relates to field of computer technology, and in particular to the monitoring and managing method and device of a kind of digital certificate.
Background technology
Digital certificate is the string number of mark communication each side identity information in internet communication, provides one kind in network
The mode of upper verification communication entity identity.It is by authoritative institution, also known as certificate granting (Certificate Authority,
Abbreviation CA) center distribution, people can identify the identity of other side on the net with it.At present, occur much based on number
The service that certificate provides, reliability of service can be promoted by digital certificate.In the prior art, user needs to take to certificate
Business device sends certificate access request, so that the digital certificate stored on certificate of utility server enjoys corresponding service.
But inventor has found in the implementation of the present invention, at least there are following for aforesaid way of the prior art
Defect:When the certificate stored on certificate server because expiration of licence or certification authorities it is abnormal when reasons due to can not normally make
Used time, it will impacted to the normal use of user.At present, digital certificate can be effectively still supervised without a kind of mechanism,
To prevent from not making troubles to user during normal use because certificate.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least partly
State the monitoring and managing method and device of the digital certificate of problem.
According to an aspect of the invention, there is provided a kind of monitoring and managing method of digital certificate, including:
The certificate access comprising certificates identified is sent to certificate server to ask, the certificate access for returning to certificate server
As a result parsed, obtain analysis result;
The field value of each field included in analysis analysis result, according to corresponding to analysis result judges certificates identified
Whether digital certificate meets default regulatory rule;
If so, certificate supervision request is sent to certificate server, so that certificate server supervises request verification according to certificate
Book label knows corresponding digital certificate and performs default policing operation.
According to another aspect of the present invention, a kind of maintenance device of digital certificate is provided, including:
Parsing module is asked suitable for sending the certificate access comprising certificates identified to certificate server, to certificate server
The certificate access result of return is parsed, and obtains analysis result;
Judgment module suitable for the field value of each field included in analysis analysis result, judges institute according to analysis result
State whether the digital certificate corresponding to certificates identified meets default regulatory rule;
Administration module, suitable for when the judging result of judgment module is to be, certificate supervision request is sent to certificate server,
Request is supervised according to certificate for certificate server, default policing operation is performed to the digital certificate corresponding to certificates identified.
According to another aspect of the invention, a kind of electronic equipment is provided, including:Processor, memory, communication interface and
Communication bus, processor, memory and communication interface complete mutual communication by communication bus;
For memory for storing an at least executable instruction, executable instruction makes the prison of the above-mentioned digital certificate of processor execution
The corresponding operation of pipe method.
In accordance with a further aspect of the present invention, a kind of computer storage media is provided, at least one is stored in storage medium
Executable instruction, executable instruction make processor perform the corresponding operation of monitoring and managing method such as above-mentioned digital certificate.
The monitoring and managing method and device of disclosed digital certificate according to the present invention, can simulant-client to certificate server send out
The certificate access comprising certificates identified is sent to ask, the certificate access result returned to certificate server parses, and is parsed
As a result;The field value of each field included in analysis analysis result, the number according to corresponding to analysis result judges certificates identified
Whether word certificate meets default regulatory rule;If so, certificate supervision request is sent to certificate server, for certificate server root
Request is supervised according to certificate, and default policing operation is performed to the digital certificate corresponding to certificates identified.It can be seen which energy
Enough active access certificate servers, and by way of parsing and analyzing and access result to meet the certificate of default regulatory rule into
Row supervision, to prevent from influencing the use of user due to certificate goes wrong.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific embodiment for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this field
Technical staff will be apparent understanding.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow diagram of the monitoring and managing method of the digital certificate of one embodiment of the invention;
Fig. 2 shows the flow diagram of the monitoring and managing method of the digital certificate of another embodiment of the present invention;
Fig. 3 shows a kind of structure drawing of device of the maintenance device of digital certificate of one embodiment of the invention;
Fig. 4 shows the structure diagram of a kind of electronic equipment according to embodiments of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 shows the flow diagram of the monitoring and managing method of the digital certificate of one embodiment of the invention.As shown in Figure 1,
This method includes:
Step S110:The certificate access comprising certificates identified is sent to certificate server to ask, and certificate server is returned
Certificate access result parsed, obtain analysis result.
In this step, can be sent by the behavior of simulant-client access certificate to certificate server comprising certificate
The certificate access request of mark.Since multiple certificates would generally be stored on certificate server, therefore, it is necessary to by certificates identified come
Distinguish each certificate.Wherein, certificates identified can give birth to for uniquely identifying certificate to be visited according to number, letter, certificate
It is set into many factors such as time, certification authorities, and/or certificate types, as long as a number card can be uniquely identified
Book.
Certificate server returns to corresponding certificate access as a result, by default solution according to the certificate access request received
Analysis rule parses certificate access result, to obtain analysis result.Wherein, resolution rules can be according to certificate access result
Specific form and/or the protocol specification that follows are set, and the present invention does not limit specific implementation.
Step S120:The field value of each field included in analysis analysis result, judges certificate mark according to analysis result
Know whether corresponding digital certificate meets default regulatory rule.
Wherein, the field quantity and field name of each field included in analysis result are by the tool of certificate access result
What physique formula and/or the protocol specification followed determined, it can determine and corresponding number by the field value for analyzing each field
The relevant certificate information of currently used state of certificate, and then judge whether the digital certificate meets default prison according to certificate information
Pipe rule.
Wherein, the certificate information of the corresponding digital certificate determined according to analysis result includes at least one in herein below
:The term of validity of certificate, certificate state value (including it is good, cancelled, unknown etc.), issuer's information of certificate etc..
Correspondingly, default regulatory rule can also include it is a variety of, for example, for according to the term of validity of certificate judge duration of certificate whether
Full rule, for judging the whether abnormal rule of the use state of certificate according to the state value of certificate, for according to certificate
Issuer's information judges issuer with the presence or absence of abnormal rule etc..The present invention is to presetting the specific intension of regulatory rule not
It limits, as long as the purpose supervised to certificate can be realized.
Step S130:If so, certificate supervision request is sent to certificate server, so that certificate server is supervised according to certificate
It asks to perform default policing operation to the digital certificate corresponding to certificates identified.
Specifically, if judging, the digital certificate corresponding to certificates identified meets default regulatory rule, to cert services
Device sends certificate supervision request.Wherein, the phases such as corresponding certificates identified and supervision type are included at least in certificate supervision request
Close information.Under normal conditions, certificate supervision request includes the supervision supervised request and revoke type request of switching type etc..
Wherein, the supervision request of switching type is right suitable for the redundant digital certificate corresponding to certificates identified is determined as certificates identified institute
Primary digital certificate after the switching answered.That is, the corresponding redundant digital card of every part of applying digital certificate is directed in advance
Currently used digital certificate is referred to as primary digital certificate by book, and the corresponding digital certificate for backup is referred to as spare number
Word certificate.When determining currently used primary digital certificate there are abnormal conditions according to validity period of certificate or state value, such as it is
Will be expired or be not in good state, then redundant digital certificate is switched to by the supervision request of switching type by new primary number automatically
Word certificate, so as to safeguard the reliability of certificate.The supervision request for revoking type is suitable for the corresponding number of certificate revocation mark
Certificate.For example, when the issuer for determining digital certificate has abnormal, in order to ensure the interests of user, fraud is prevented
Generation, then need to revoke corresponding digital certificate.
The monitoring and managing method of disclosed digital certificate according to the present invention, can simulant-client to certificate server transmission include
The certificate access request of certificates identified, the certificate access result returned to certificate server parse, and obtain analysis result;Point
The field value of each field included in analysis analysis result, the digital certificate according to corresponding to analysis result judges certificates identified are
It is no to meet default regulatory rule;If so, certificate supervision request is sent to certificate server, so that certificate server is supervised according to certificate
Pipe request performs default policing operation to the digital certificate corresponding to certificates identified.It can be seen which can be visited actively
It asks certificate server, and the certificate for meeting default regulatory rule is supervised by way of parsing and analyzing and access result,
To prevent from influencing the use of user due to certificate goes wrong.
Fig. 2 shows the flow diagram of the monitoring and managing method of the digital certificate of another embodiment of the present invention.Such as Fig. 2 institutes
Show, this method includes:
Step S200:Pre- first to file simultaneously preserves and the corresponding redundant digital certificate of each certificates identified.
On certificate server, it is stored with and the corresponding digital certificate of each certificates identified.In conventional manner, for
Each certificates identified only stores a digital certificate, once exception occurs in the digital certificate, then can cause user can not positive frequentation
The phenomenon that asking.To solve the above problems, in this application, in advance for each certificates identified application portion as spare
Redundant digital certificate, correspondingly, original digital certificate corresponding to by corresponding certificates identified are referred to as primary digital certificate.By
This as it can be seen that in this application, two parts of digital certificates are stored with for each certificates identified, wherein, the number that will be being currently used
Word certificate is referred to as primary digital certificate, and by being currently not used by and the digital certificate in normal condition is referred to as redundant digital card
Thus book promotes the reliability of certificate.
It, therefore, can be according to when carrying out certificate back-up further, since the certificate quantity stored on certificate server is more
A variety of strategies carry out.For example, it can be backed up in batches, by whole certificates on certificate server according to remaining effective day
The factors such as number, certificate type, certificate frequency of use, and/or certificate significance level are divided into multiple groupings, and for each grouping
The corresponding backup period is set.
Furthermore it is also possible to assessing each certificate in advance there is abnormal probability, such as according to the corresponding issuing machine of the certificate
The reliability of structure belongs to unnatural proportions of other certificates of same type etc. with the certificate because usually determining the abnormal general of certificate
Rate, and then the higher certificate of abnormal probability is backed up according to the exception preference for probability, and then may be used for the very low certificate of abnormal probability
Not to back up, so as to which by way of flexibly setting backup policy, realization can promote certificate reliability and reduce service
The effect of device load.
Wherein, when there is abnormal probability progress certificate back-up according to each certificate, training nerve net can also be passed through
Network model predicts that abnormal probability occurs in each certificate, so as to determining that abnormal probability occurs in certificate according to prediction result.
In addition, being more than the certificate of setting value for probability, the acceptable pre- multiple redundant digital certificates of first to file are reliable further to be promoted
Property.
Step S210:Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask.
Wherein, prefixed time interval is Fixed Time Interval, alternatively, prefixed time interval is according to the card sent with the last time
The corresponding analysis result dynamic of book access request adjusts.
For example, when prefixed time interval is Fixed Time Interval, can be taken according to fixed cycle or frequency to certificate
Business device sends the certificate access comprising certificates identified and asks.The Fixed Time Interval can be set according to the probability of certificate exception
Fixed, the Fixed Time Interval corresponding to the bigger certificate of abnormal probability is smaller, the fixation corresponding to the smaller certificate of abnormal probability
Time interval is bigger.
For another example, when prefixed time interval asks corresponding analysis result dynamic according to the certificate access sent with the last time
During adjustment, can the time interval dynamically be adjusted according to the residue effectively number of days of certificate.For example, it is assumed that sent according to the last time
Certificate access asks corresponding analysis result to determine the effective number of days of the residue of certificate more than 1 month, i.e.,:Generate analysis result
The number of days of time gap validity period of certificate expiration date is more than 1 month, then can set the prefixed time interval slightly longer;
Assuming that the certificate access sent according to the last time asks corresponding analysis result to determine the residue effectively number of days of certificate less than 1
Month, i.e.,:The number of days of the time gap validity period of certificate expiration date of analysis result is generated less than 1 month, then when this can be preset
Between be arranged at intervals more slightly shorter, so as to close supervision, prevent expired.
Wherein, certificate access request can according to OCSP (Online Certificate Status Protocol, online
Certificate status protocol) protocol generation.During specific generation, the access behavior that can simulate actual customer end determines certificate access request
Specific form and generating mode.
Step S220:The certificate access result returned to the certificate server received parses, and obtains analysis result.
Specifically, certificate access result is parsed by default resolution rules, to obtain analysis result.Wherein,
Resolution rules can be set according to the specific form of certificate access result and/or the protocol specification followed, and the present invention is to specific real
Existing mode does not limit.For example, it can be parsed according to the specification of OCSP protocol.
Step S230:The field value of each field included in analysis analysis result, judges certificate mark according to analysis result
Know whether corresponding digital certificate meets default regulatory rule.
Wherein, the field quantity and field name of each field included in analysis result are by the tool of certificate access result
What physique formula and/or the protocol specification followed determined, it can determine and corresponding number by the field value for analyzing each field
The relevant certificate information of currently used state of certificate, and then judge whether the digital certificate meets default prison according to certificate information
Pipe rule.Wherein, the certificate information of the corresponding digital certificate determined according to analysis result includes at least one in herein below
:The term of validity of certificate, certificate state value (including it is good, cancelled, unknown etc.), issuer's information of certificate etc..
Correspondingly, default regulatory rule can also include it is a variety of, for example, for according to the term of validity of certificate judge duration of certificate whether
Full rule, for judging the whether abnormal rule of the use state of certificate according to the state value of certificate, for according to certificate
Issuer's information judges issuer with the presence or absence of abnormal rule etc..The present invention is to presetting the specific intension of regulatory rule not
It limits, as long as the purpose supervised to certificate can be realized.
Two kinds of possible realization methods of this step are given below:
In the first possible implementation, the state class field included in analysis result is obtained, according to state class word
The field value of section determines whether the state of the primary digital certificate corresponding to certificates identified meets default certificate switching condition;If
It is, it is determined that the digital certificate corresponding to certificates identified meets the switching sub-rule included in default regulatory rule.Which master
It is used for when digital certificate occurs abnormal in itself, original digital certificate is replaced using redundant digital certificate, to promote certificate
Reliability.Wherein, state class field includes:For the field for representing validity period of certificate, and/or for representing that certificate uses shape
The field of state.
For example, by analysis, extract to represent the state class field of validity period of certificate, and it is true according to the value of the field
Whether the residue effectively number of days for determining certificate is more than predetermined threshold value.In the present embodiment, in order to prevent due to validity period of certificate expires
To the inconvenience that user causes not using, the then triggering following when effectively number of days is less than predetermined threshold value to the residue for judging certificate
Switch the operation of certificate.Wherein, predetermined threshold value can flexibly be set by those skilled in the art, for example, can be switched according to certificate
The many factors such as the time delay of operation, the quality of network state, the load factor of server determine.For another example, by analysis, use is extracted
In the state class field of expression certificate use state, and determine whether the current state of certificate is good according to the value of the field, if
It is no, then the operation of the switching certificate of triggering following.For another example, can also analyze the field value of each field and/or field length is
It is no to meet preset field specification, if not, then it is assumed that certificate is there may be problem, and then the operation of the switching certificate of triggering following.
In second of possible realization method, the issuer's class field included in analysis result is obtained, according to distribution
The field value of mechanism class field determines the issuer of the digital certificate corresponding to certificates identified with the presence or absence of abnormal;If so,
Determine the digital certificate corresponding to certificates identified meet included in default regulatory rule revoke sub-rule.Which is mainly used for
In the corresponding issuer of digital certificate when something goes wrong, certificate is revoked, user benefit to be prevented to be damaged.
When it is implemented, can be judged by least one of following two ways digital certificate issuer whether
There are exceptions:A kind of mode is:According to the numerical value and/or length of the field value of issuer's class field, the card is determined
Book label knows the issuer of corresponding digital certificate with the presence or absence of abnormal;Another way is:According to default issuer
White list and/or issuer's blacklist determine that the issuer of the digital certificate corresponding to certificates identified whether there is exception.
Wherein, for issuer's white list for storing known credible issuer, issuer's blacklist is known non-for storing
Credible issuer.Furthermore it is also possible to issuer's gray list is set, to store unknown issuer.When it is implemented, distribution
Mechanism white list and/or issuer's blacklist can both be generated previously according to great amount of samples, can also be in the present invention
Dynamic generation according to testing result in the implementation procedure of each step.For example, when the field value according to issuer's class field is true
When the issuer for determining the digital certificate corresponding to certificates identified has abnormal, determine whether corresponding to issuer's class field
Issuer whether belong to issuer's blacklist;If it is not, the issuer corresponding to issuer's class field is added to
In issuer's blacklist, to realize the Dynamic expansion of blacklist.
Step S240:If so, certificate supervision request is sent to certificate server, so that certificate server is supervised according to certificate
It asks to perform default policing operation to the digital certificate corresponding to certificates identified.
Specifically, if judging, the digital certificate corresponding to certificates identified meets default regulatory rule, to cert services
Device sends certificate supervision request.Wherein, the phases such as corresponding certificates identified and supervision type are included at least in certificate supervision request
Close information.Under normal conditions, certificate supervision request includes the supervision supervised request and revoke type request of switching type etc..
Wherein, the supervision request of switching type is right suitable for the redundant digital certificate corresponding to certificates identified is determined as certificates identified institute
Primary digital certificate after the switching answered.That is, the corresponding redundant digital card of every part of applying digital certificate is directed in advance
Currently used digital certificate is referred to as primary digital certificate by book, and the corresponding digital certificate for backup is referred to as spare number
Word certificate.When determining currently used primary digital certificate there are abnormal conditions according to validity period of certificate or state value, such as it is
Will be expired or be not in good state, then redundant digital certificate is switched to by the supervision request of switching type by new primary number automatically
Word certificate, so as to safeguard the reliability of certificate.The supervision request for revoking type is suitable for the corresponding number of certificate revocation mark
Certificate.For example, when the issuer for determining digital certificate has abnormal, in order to ensure the interests of user, fraud is prevented
Generation, then need to revoke corresponding digital certificate.
Two kinds of possible realization methods of this step are given below:
In the first realization method, determine that the state of digital certificate meets default certificate switching condition, correspondingly, to
Certificate server sends the certificate supervision request of switching type, so that the certificate supervision that certificate server receives switching type please
Primary digital certificate after the switching that the redundant digital certificate corresponding to certificates identified is determined as corresponding to certificates identified after asking.
By this way, redundant digital certificate can be enabled in advance before primary digital certificate goes wrong, so as to avoid to user
Cause unnecessary influence.
In second of realization method, determine that the digital certificate corresponding to certificates identified meets in default regulatory rule and include
Revoke sub-rule, then to certificate server transmission revoke type certificate supervise request, hung so that certificate server receives
Certificate revocation identifies corresponding digital certificate after selling the certificate supervision request of type.By this way, it can revoke and ask
The digital certificate of issuer's distribution of topic, sustains a loss to avoid user.
In addition, those skilled in the art can also carry out various changes and deformation to above-described embodiment.It can will be above-mentioned
Each step merges into less step or is split as more steps, and the present invention does not limit this.
In summary, by way of in the present invention, certificate can be backed up in advance, and, it is also possible to simulation visitor
Family end regular visit digital certificate, and the result returned to certificate server is analyzed, to determine that certificate whether may be used in advance
It can go wrong, and then take corresponding measure in advance.Which improves the reliability of digital certificate.
Fig. 3 shows a kind of structure drawing of device of the maintenance device of digital certificate of one embodiment of the invention, including:
Parsing module 31 is asked suitable for sending the certificate access comprising certificates identified to certificate server, to the certificate
The certificate access result that server returns is parsed, and obtains analysis result;
Judgment module 32, suitable for analyzing the field value of each field included in the analysis result, according to analysis result
Judge whether the digital certificate corresponding to the certificates identified meets default regulatory rule;
Administration module 33, suitable for when the judging result of judgment module is to be, certificate prison is sent to the certificate server
Pipe is asked, so that the certificate server holds the digital certificate corresponding to the certificates identified according to certificate supervision request
The default policing operation of row.
Optionally, the parsing module is particularly adapted to:
Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask;
Wherein, the prefixed time interval be Fixed Time Interval, alternatively, the prefixed time interval according to the last time
The certificate access of transmission asks corresponding analysis result dynamic to adjust.
Optionally, the judgment module is particularly adapted to:
The state class field included in the analysis result is obtained, according to determining the field value of the state class field
Whether the state of the primary digital certificate corresponding to certificates identified meets default certificate switching condition;If so, it determines described
Digital certificate corresponding to certificates identified meets the switching sub-rule included in the default regulatory rule;
Then the administration module is particularly adapted to:The certificate that switching type is sent to the certificate server supervises request, with
For the certificate server receive the switching type certificate supervision request after by the certificates identified corresponding to it is spare
Digital certificate is determined as the primary digital certificate after the switching corresponding to the certificates identified.
Optionally, the state class field includes:For the field for representing validity period of certificate, and/or for representing certificate
The field of use state.
Optionally, described device further comprises:
Backup module suitable for pre- first to file and preserves the redundant digital certificate corresponding to the certificates identified.
Optionally, the judgment module is particularly adapted to:
The issuer's class field included in the analysis result is obtained, according to the field value of issuer's class field
Determine the issuer of the digital certificate corresponding to the certificates identified with the presence or absence of abnormal;If so, determine the certificate mark
Know corresponding digital certificate meet included in the default regulatory rule revoke sub-rule;
Then the administration module is particularly adapted to:The certificate that type is revoked to certificate server transmission supervises request, with
The number revoked after the certificate supervision for revoking type is asked corresponding to the certificates identified is received for the certificate server
Word certificate.
Optionally, the judgment module is particularly adapted to:
According to the numerical value and/or length of the field value of issuer's class field, determine corresponding to the certificates identified
Digital certificate issuer with the presence or absence of abnormal;And/or
According to default issuer's white list and/or issuer's blacklist, determine corresponding to the certificates identified
The issuer of digital certificate is with the presence or absence of abnormal.
Optionally, the number card corresponding to determine the certificates identified according to the field value of issuer's class field
When the issuer of book has abnormal, judgment module is further adapted for:
Judge whether the issuer corresponding to issuer's class field belongs to issuer's blacklist;
If it is not, the issuer corresponding to issuer's class field is added in issuer's blacklist.
The concrete structure and operation principle of above-mentioned modules can refer to the description of corresponding steps in embodiment of the method, herein
It repeats no more.
The embodiment of the present application provides a kind of nonvolatile computer storage media, and the computer storage media is stored with
An at least executable instruction, the computer executable instructions can perform the supervision of the digital certificate in above-mentioned any means embodiment
Method.
Fig. 4 shows the structure diagram of a kind of electronic equipment according to embodiments of the present invention, the specific embodiment of the invention
The specific implementation of electronic equipment is not limited.
As shown in figure 4, the electronic equipment can include:Processor (processor) 402, communication interface
(Communications Interface) 404, memory (memory) 406 and communication bus 408.
Wherein:
Processor 402, communication interface 404 and memory 406 complete mutual communication by communication bus 408.
Communication interface 404, for communicating with the network element of miscellaneous equipment such as client or other servers etc..
Processor 402, for performing program 410, in the monitoring and managing method embodiment that can specifically perform above-mentioned digital certificate
Correlation step.
Specifically, program 410 can include program code, which includes computer-managed instruction.
Processor 402 may be central processor CPU or specific integrated circuit ASIC (Application
Specific Integrated Circuit) or be arranged to implement the embodiment of the present invention one or more integrate electricity
Road.The one or more processors that electronic equipment includes can be same type of processor, such as one or more CPU;Also may be used
To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 406, for storing program 410.Memory 406 may include high-speed RAM memory, it is also possible to further include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 410 specifically can be used for so that processor 402 performs following operation:
The certificate access comprising certificates identified is sent to certificate server to ask, the certificate for returning to the certificate server
It accesses result to be parsed, obtains analysis result;
The field value of each field included in the analysis result is analyzed, the certificates identified is judged according to analysis result
Whether corresponding digital certificate meets default regulatory rule;
If so, certificate supervision request is sent to the certificate server, so that the certificate server is according to the certificate
Supervision request performs default policing operation to the digital certificate corresponding to the certificates identified.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask;
Wherein, the prefixed time interval be Fixed Time Interval, alternatively, the prefixed time interval according to the last time
The certificate access of transmission asks corresponding analysis result dynamic to adjust.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
The state class field included in the analysis result is obtained, according to determining the field value of the state class field
Whether the state of the primary digital certificate corresponding to certificates identified meets default certificate switching condition;If so, it determines described
Digital certificate corresponding to certificates identified meets the switching sub-rule included in the default regulatory rule;
The certificate that switching type is sent to the certificate server supervises request, so that the certificate server receives institute
The redundant digital certificate corresponding to the certificates identified is determined as the certificate mark after stating the certificate supervision request of switching type
Know the primary digital certificate after corresponding switching.
Wherein, the state class field includes:For the field for representing validity period of certificate, and/or for representing that certificate makes
With the field of state.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
Pre- first to file simultaneously preserves the redundant digital certificate corresponding to the certificates identified.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
The issuer's class field included in the analysis result is obtained, according to the field value of issuer's class field
Determine the issuer of the digital certificate corresponding to the certificates identified with the presence or absence of abnormal;If so, determine the certificate mark
Know corresponding digital certificate meet included in the default regulatory rule revoke sub-rule;
The certificate for revoking type to feed to the certificate server transmission supervises request, so that the certificate server receives
The digital certificate corresponding to the certificates identified is revoked after to the certificate supervision request for revoking type.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
According to the numerical value and/or length of the field value of issuer's class field, determine corresponding to the certificates identified
Digital certificate issuer with the presence or absence of abnormal;And/or
According to default issuer's white list and/or issuer's blacklist, determine corresponding to the certificates identified
The issuer of digital certificate is with the presence or absence of abnormal.
In a kind of optional mode, program 410 can specifically be further used for so that processor 402 performs following behaviour
Make:
Judge whether the issuer corresponding to issuer's class field belongs to issuer's blacklist;
If it is not, the issuer corresponding to issuer's class field is added in issuer's blacklist.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification provided in this place, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
Shield the present invention claims the more features of feature than being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it may be employed any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Profit requirement, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization or to be run on one or more processor
Software module realize or realized with combination thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) are realized in the maintenance device of digital certificate according to embodiments of the present invention
The some or all functions of some or all components.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).Such reality
The program of the existing present invention can may be stored on the computer-readable medium or can have the form of one or more signal.
Such signal can be downloaded from internet website to be obtained either providing or in the form of any other on carrier signal
It provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The invention also discloses:A1. a kind of monitoring and managing method of digital certificate, including:
The certificate access comprising certificates identified is sent to certificate server to ask, the certificate for returning to the certificate server
It accesses result to be parsed, obtains analysis result;
The field value of each field included in the analysis result is analyzed, the certificates identified is judged according to analysis result
Whether corresponding digital certificate meets default regulatory rule;
If so, certificate supervision request is sent to the certificate server, so that the certificate server is according to the certificate
Supervision request performs default policing operation to the digital certificate corresponding to the certificates identified.
A2. the method according to A1, wherein, it is described to be asked to certificate access of the certificate server transmission comprising certificates identified
The step of asking specifically includes:
Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask;
Wherein, the prefixed time interval be Fixed Time Interval, alternatively, the prefixed time interval according to the last time
The certificate access of transmission asks corresponding analysis result dynamic to adjust.
A3. the method according to A1 or A2, wherein, the word of each field included in the analysis analysis result
The step of segment value, whether the digital certificate according to corresponding to analysis result judges the certificates identified meets default regulatory rule, has
Body includes:
The state class field included in the analysis result is obtained, according to determining the field value of the state class field
Whether the state of the primary digital certificate corresponding to certificates identified meets default certificate switching condition;If so, it determines described
Digital certificate corresponding to certificates identified meets the switching sub-rule included in the default regulatory rule;
It is then described to send certificate supervision request to the certificate server, so that the certificate server is according to the certificate
The step of supervision request performs default policing operation to the digital certificate corresponding to the certificates identified specifically includes:
The certificate that switching type is sent to the certificate server supervises request, so that the certificate server receives institute
The redundant digital certificate corresponding to the certificates identified is determined as the certificate mark after stating the certificate supervision request of switching type
Know the primary digital certificate after corresponding switching.
A4. the method according to A3, wherein, the state class field includes:For represent the field of validity period of certificate,
And/or the field for representing certificate use state.
A5. the method according to A3 or A4, wherein, the method is further included step:Pre- first to file simultaneously preserves institute
State the redundant digital certificate corresponding to certificates identified.
A6. according to any methods of A1-A5, wherein, each field included in the analysis analysis result
Field value, whether the digital certificate according to corresponding to analysis result judges the certificates identified meet the step of default regulatory rule
Suddenly specifically include:
The issuer's class field included in the analysis result is obtained, according to the field value of issuer's class field
Determine the issuer of the digital certificate corresponding to the certificates identified with the presence or absence of abnormal;If so, determine the certificate mark
Know corresponding digital certificate meet included in the default regulatory rule revoke sub-rule;
It is then described to send certificate supervision request to the certificate server, so that the certificate server is according to the certificate
The step of supervision request performs default policing operation to the digital certificate corresponding to the certificates identified specifically includes:
The certificate that type is revoked to certificate server transmission supervises request, so that the certificate server receives institute
Digital certificate corresponding to the certificates identified is revoked after stating the certificate supervision request for revoking type.
A7. the method according to A6, wherein, the field value according to issuer's class field determines the card
The issuer that book label knows corresponding digital certificate specifically includes with the presence or absence of abnormal step:
According to the numerical value and/or length of the field value of issuer's class field, determine corresponding to the certificates identified
Digital certificate issuer with the presence or absence of abnormal;And/or
According to default issuer's white list and/or issuer's blacklist, determine corresponding to the certificates identified
The issuer of digital certificate is with the presence or absence of abnormal.
A8. the method according to A7, wherein, when determining the certificate according to the field value of issuer's class field
When the issuer of the corresponding digital certificate of mark has abnormal, further comprise step:
Judge whether the issuer corresponding to issuer's class field belongs to issuer's blacklist;
If it is not, the issuer corresponding to issuer's class field is added in issuer's blacklist.
B9. a kind of maintenance device of digital certificate, including:
Parsing module asks suitable for sending the certificate access comprising certificates identified to certificate server, the certificate is taken
The certificate access result that business device returns is parsed, and obtains analysis result;
Judgment module suitable for analyzing the field value of each field included in the analysis result, is sentenced according to analysis result
Whether the digital certificate corresponding to the certificates identified of breaking meets default regulatory rule;
Administration module, suitable for when the judging result of judgment module is to be, certificate supervision is sent to the certificate server
Request supervises request according to the certificate for the certificate server and the digital certificate corresponding to the certificates identified is performed
Default policing operation.
B10. the device according to B9, wherein, the parsing module is particularly adapted to:
Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask;
Wherein, the prefixed time interval be Fixed Time Interval, alternatively, the prefixed time interval according to the last time
The certificate access of transmission asks corresponding analysis result dynamic to adjust.
B11. the device according to B9 or B10, wherein, the judgment module is particularly adapted to:
The state class field included in the analysis result is obtained, according to determining the field value of the state class field
Whether the state of the primary digital certificate corresponding to certificates identified meets default certificate switching condition;If so, it determines described
Digital certificate corresponding to certificates identified meets the switching sub-rule included in the default regulatory rule;
Then the administration module is particularly adapted to:The certificate that switching type is sent to the certificate server supervises request, with
For the certificate server receive the switching type certificate supervision request after by the certificates identified corresponding to it is spare
Digital certificate is determined as the primary digital certificate after the switching corresponding to the certificates identified.
B12. the device according to B11, wherein, the state class field includes:For representing the word of validity period of certificate
Section, and/or the field for representing certificate use state.
B13. the device according to B11 or B12, wherein, described device further comprises:
Backup module suitable for pre- first to file and preserves the redundant digital certificate corresponding to the certificates identified.
B14. according to any devices of B9-B13, wherein, the judgment module is particularly adapted to:
The issuer's class field included in the analysis result is obtained, according to the field value of issuer's class field
Determine the issuer of the digital certificate corresponding to the certificates identified with the presence or absence of abnormal;If so, determine the certificate mark
Know corresponding digital certificate meet included in the default regulatory rule revoke sub-rule;
Then the administration module is particularly adapted to:The certificate that type is revoked to certificate server transmission supervises request, with
The number revoked after the certificate supervision for revoking type is asked corresponding to the certificates identified is received for the certificate server
Word certificate.
B15. the device according to B14, wherein, the judgment module is particularly adapted to:
According to the numerical value and/or length of the field value of issuer's class field, determine corresponding to the certificates identified
Digital certificate issuer with the presence or absence of abnormal;And/or
According to default issuer's white list and/or issuer's blacklist, determine corresponding to the certificates identified
The issuer of digital certificate is with the presence or absence of abnormal.
B16. the device according to B15, wherein, when determining the card according to the field value of issuer's class field
When the issuer that book label knows corresponding digital certificate has abnormal, judgment module is further adapted for:
Judge whether the issuer corresponding to issuer's class field belongs to issuer's blacklist;
If it is not, the issuer corresponding to issuer's class field is added in issuer's blacklist.
C17. a kind of electronic equipment, including:Processor, memory, communication interface and communication bus, the processor, institute
It states memory and the communication interface and mutual communication is completed by the communication bus;
For the memory for storing an at least executable instruction, the executable instruction makes the processor perform such as
The corresponding operation of monitoring and managing method of digital certificate any one of A1-A8.
D18. a kind of computer storage media is stored with an at least executable instruction in the storage medium, described to hold
Row instruction makes the corresponding operation of monitoring and managing method of digital certificate of the processor execution as any one of A1-A8.
Claims (10)
1. a kind of monitoring and managing method of digital certificate, including:
The certificate access comprising certificates identified is sent to certificate server to ask, the certificate access for returning to the certificate server
As a result parsed, obtain analysis result;
The field value of each field included in the analysis result is analyzed, judges that the certificates identified institute is right according to analysis result
Whether the digital certificate answered meets default regulatory rule;
If so, certificate supervision request is sent to the certificate server, so that the certificate server is supervised according to the certificate
It asks to perform default policing operation to the digital certificate corresponding to the certificates identified.
2. according to the method described in claim 1, wherein, the certificate access that certificates identified is included to certificate server transmission
The step of request, specifically includes:
Every prefixed time interval, send the certificate access comprising certificates identified to certificate server and ask;
Wherein, the prefixed time interval is Fixed Time Interval, alternatively, the prefixed time interval is sent according to the last time
Certificate access corresponding analysis result dynamic is asked to adjust.
3. method according to claim 1 or 2, wherein, each field included in the analysis analysis result
The step of field value, whether the digital certificate according to corresponding to analysis result judges the certificates identified meets default regulatory rule
It specifically includes:
The state class field included in the analysis result is obtained, the certificate is determined according to the field value of the state class field
Whether the state of the corresponding primary digital certificate of mark meets default certificate switching condition;If so, determine the certificate
The corresponding digital certificate of mark meets the switching sub-rule included in the default regulatory rule;
It is then described to send certificate supervision request to the certificate server, so that the certificate server is supervised according to the certificate
It asks to specifically include the step of performing default policing operation to the digital certificate corresponding to the certificates identified:
The certificate that switching type is sent to the certificate server supervises request, so that the certificate server receives described cut
It changes after the certificate supervision request of type and the redundant digital certificate corresponding to the certificates identified is determined as the certificates identified institute
Primary digital certificate after corresponding switching.
4. according to the method described in claim 3, wherein, the state class field includes:For representing the word of validity period of certificate
Section, and/or the field for representing certificate use state.
5. the method according to claim 3 or 4, wherein, the method is further included step:Pre- first to file simultaneously preserves institute
State the redundant digital certificate corresponding to certificates identified.
6. according to any methods of claim 1-5, wherein, each field included in the analysis analysis result
Field value, whether the digital certificate according to corresponding to analysis result judges the certificates identified meet the step of default regulatory rule
Suddenly specifically include:
The issuer's class field included in the analysis result is obtained, is determined according to the field value of issuer's class field
The issuer of digital certificate corresponding to the certificates identified is with the presence or absence of abnormal;If so, determine the certificates identified institute
Corresponding digital certificate meet included in the default regulatory rule revoke sub-rule;
It is then described to send certificate supervision request to the certificate server, so that the certificate server is supervised according to the certificate
It asks to specifically include the step of performing default policing operation to the digital certificate corresponding to the certificates identified:
The certificate that type is revoked to certificate server transmission supervises request, so that the certificate server receives described hang
The digital certificate corresponding to the certificates identified is revoked after the certificate supervision request of pin type.
7. according to the method described in claim 6, wherein, described in the field value according to issuer's class field determines
The issuer of digital certificate corresponding to certificates identified specifically includes with the presence or absence of abnormal step:
According to the numerical value and/or length of the field value of issuer's class field, the number corresponding to the certificates identified is determined
The issuer of word certificate is with the presence or absence of abnormal;And/or
According to default issuer's white list and/or issuer's blacklist, the number corresponding to the certificates identified is determined
The issuer of certificate is with the presence or absence of abnormal.
8. a kind of maintenance device of digital certificate, including:
Parsing module is asked suitable for sending the certificate access comprising certificates identified to certificate server, to the certificate server
The certificate access result of return is parsed, and obtains analysis result;
Judgment module suitable for analyzing the field value of each field included in the analysis result, judges institute according to analysis result
State whether the digital certificate corresponding to certificates identified meets default regulatory rule;
Administration module, suitable for when the judging result of judgment module is to be, certificate supervision request is sent to the certificate server,
Request is supervised for the certificate server according to the certificate to preset the digital certificate execution corresponding to the certificates identified
Policing operation.
9. a kind of electronic equipment, including:Processor, memory, communication interface and communication bus, the processor, the storage
Device and the communication interface complete mutual communication by the communication bus;
For the memory for storing an at least executable instruction, the executable instruction makes the processor perform right such as will
Ask the corresponding operation of monitoring and managing method of the digital certificate any one of 1-7.
10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium
Make the corresponding operation of monitoring and managing method of digital certificate of the processor execution as any one of claim 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711430415.2A CN108092777B (en) | 2017-12-26 | 2017-12-26 | Method and device for supervising digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711430415.2A CN108092777B (en) | 2017-12-26 | 2017-12-26 | Method and device for supervising digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108092777A true CN108092777A (en) | 2018-05-29 |
| CN108092777B CN108092777B (en) | 2021-08-24 |
Family
ID=62179291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711430415.2A Active CN108092777B (en) | 2017-12-26 | 2017-12-26 | Method and device for supervising digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108092777B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109978544A (en) * | 2019-04-03 | 2019-07-05 | 国网山东省电力公司 | The control of enterprise's key and intelligent analysis method and system based on big data technology |
| CN110417597A (en) * | 2019-07-29 | 2019-11-05 | 中国工商银行股份有限公司 | For monitoring method and device, electronic equipment and the readable storage medium storing program for executing of certificate |
| CN110858804A (en) * | 2018-08-25 | 2020-03-03 | 华为技术有限公司 | Method for determining certificate status |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040030888A1 (en) * | 2002-08-08 | 2004-02-12 | Roh Jong Hyuk | Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure |
| CN101645900A (en) * | 2009-08-31 | 2010-02-10 | 国家信息中心 | Cross-domain rights management system and method |
| CN102904731A (en) * | 2012-09-11 | 2013-01-30 | 中国电力科学研究院 | Mobile device credible access method based on digital certificate |
| CN103297232A (en) * | 2012-02-28 | 2013-09-11 | 株式会社理光 | Network system, certificate management method, and certificate management program |
| CN106656455A (en) * | 2015-07-13 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Website access method and device |
| CN106789089A (en) * | 2017-02-23 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method and system for managing certificate |
| CN106921499A (en) * | 2016-11-01 | 2017-07-04 | 阿里巴巴集团控股有限公司 | Utilization state machine carrys out the method and device of managing digital certificate |
| CN107026738A (en) * | 2016-02-01 | 2017-08-08 | 阿里巴巴集团控股有限公司 | Digital certificate updating method, digital signature verification method and digital authentication device |
-
2017
- 2017-12-26 CN CN201711430415.2A patent/CN108092777B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040030888A1 (en) * | 2002-08-08 | 2004-02-12 | Roh Jong Hyuk | Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure |
| CN101645900A (en) * | 2009-08-31 | 2010-02-10 | 国家信息中心 | Cross-domain rights management system and method |
| CN103297232A (en) * | 2012-02-28 | 2013-09-11 | 株式会社理光 | Network system, certificate management method, and certificate management program |
| CN102904731A (en) * | 2012-09-11 | 2013-01-30 | 中国电力科学研究院 | Mobile device credible access method based on digital certificate |
| CN106656455A (en) * | 2015-07-13 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Website access method and device |
| CN107026738A (en) * | 2016-02-01 | 2017-08-08 | 阿里巴巴集团控股有限公司 | Digital certificate updating method, digital signature verification method and digital authentication device |
| CN106921499A (en) * | 2016-11-01 | 2017-07-04 | 阿里巴巴集团控股有限公司 | Utilization state machine carrys out the method and device of managing digital certificate |
| CN106789089A (en) * | 2017-02-23 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method and system for managing certificate |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110858804A (en) * | 2018-08-25 | 2020-03-03 | 华为技术有限公司 | Method for determining certificate status |
| WO2020042844A1 (en) * | 2018-08-25 | 2020-03-05 | 华为技术有限公司 | Method for determining certificate state |
| CN110858804B (en) * | 2018-08-25 | 2022-04-05 | 华为云计算技术有限公司 | Method for determining certificate status |
| CN109978544A (en) * | 2019-04-03 | 2019-07-05 | 国网山东省电力公司 | The control of enterprise's key and intelligent analysis method and system based on big data technology |
| CN110417597A (en) * | 2019-07-29 | 2019-11-05 | 中国工商银行股份有限公司 | For monitoring method and device, electronic equipment and the readable storage medium storing program for executing of certificate |
| CN110417597B (en) * | 2019-07-29 | 2022-11-01 | 中国工商银行股份有限公司 | Method and device for monitoring certificate, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108092777B (en) | 2021-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109726099B (en) | Application gray level publishing method, device and equipment | |
| CN106850746B (en) | The method and device of smooth service upgrading | |
| CN108829581B (en) | Application program testing method and device, computer equipment and storage medium | |
| US20030115570A1 (en) | Development environment for building software applications that mimics the target environment | |
| CN112073320A (en) | API (application program interface) gray level release method and device based on cloud gateway and computer equipment | |
| CN107257340A (en) | A kind of authentication method, authentication data processing method and equipment based on block chain | |
| CN108683666A (en) | A kind of web page identification method and device | |
| CN109683936A (en) | Gray scale dissemination method and device, storage medium and electronic equipment | |
| CN108092777A (en) | The monitoring and managing method and device of digital certificate | |
| CN110909013B (en) | Service list generation method, device, equipment and computer readable storage medium | |
| CN109166040B (en) | Transaction auditing method, device, equipment and storage medium based on block chain | |
| CN110457223B (en) | Gray test drainage method, device, proxy server and readable storage medium | |
| CN113079164A (en) | Remote control method and device for bastion machine resources, storage medium and terminal equipment | |
| CN109120616A (en) | A kind of identity identifying method, device, agency service end and storage medium | |
| CN110138747A (en) | A kind of method and system for verifying account logging state | |
| CN104102673A (en) | Webpage state monitoring method and device | |
| CN110581841B (en) | Back-end anti-crawler method | |
| CN107689969A (en) | A kind of determination method and device of cache policy | |
| TWI644258B (en) | Firmware management server and firmware upgrading method | |
| CN111597093A (en) | Exception handling method, device and equipment | |
| CN110311978A (en) | Browser information processing method, device, equipment and storage medium | |
| CN114860615A (en) | Rule automatic testing method and device, electronic equipment and storage medium | |
| CN109672563B (en) | Gateway configuration method and device and API gateway | |
| CN106790269A (en) | Restoration methods and device that application program time-out is logged in | |
| CN114065190A (en) | High-availability and high-safety algorithm automatic online test system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |