CN101763478A - Enhanced audit method for operation of digital certificate - Google Patents
Enhanced audit method for operation of digital certificate Download PDFInfo
- Publication number
- CN101763478A CN101763478A CN200910247855A CN200910247855A CN101763478A CN 101763478 A CN101763478 A CN 101763478A CN 200910247855 A CN200910247855 A CN 200910247855A CN 200910247855 A CN200910247855 A CN 200910247855A CN 101763478 A CN101763478 A CN 101763478A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- information
- read
- write equipment
- carrier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention aims to disclose an enhanced audit method for the operation of a digital certificate, which comprises the following steps of: performing mutual linkage among a carrier containing the digital certificate, read-write equipment, an application system and an auditing system; when the carrier containing the digital certificate is used on the read-write equipment, recording information such as time operation and the like and transmitting the information to the auditing system, and simultaneously, writing the relevant information into the carrier containing the digital certificate by the read-write equipment; when the carrier containing the digital certificate accesses the application system, recording the relevant operational information and sending the information to the auditing system by the application system; and recording every used process information in the operational process of the digital certificate, so that comprehensive audit information which is related to a real identity is acquired to achieve the aim of audit, and the aim of realizing the enhanced audit method is realized.
Description
Technical field
The present invention relates to a kind of auditing method of field of computer information security, particularly a kind of enhanced audit method for operation of digital certificate that is applicable to E-Government, the protection of ecommerce identity information.
Background technology
Digital certificate is a kind of authoritative electronic document, it provide a kind of on Internet the mode of identity verification.Usually, digital certificate adopts public key system, promptly utilizes a pair of key that matches each other to encrypt, decipher.Each user oneself sets one and only is my all private cipher keys (private key) specific, is decrypted and signs with it; Set a public keys (PKI) and open simultaneously, shared, be used for encrypting and certifying signature by one group of user by me.When sending a classified document, transmit leg uses take over party's PKI that data are encrypted, the take over party then uses the private key deciphering of oneself, and information just can arrive the destination safe and punctually like this, and the means by digital certificate guarantee that ciphering process is an irreversible process.Public key technique has solved the problem of management of key distribution, and the user can disclose its public-key cryptography, and keeps its private cipher key.
Present problem is, can't confirm related digital certificate and true personnel's consistance, though, when the issue digital certificate, can examine the real identity of applicant, and to use digital certificate to need the PIN code that the digital certificate possessor is provided with, but digital certificate adds the security that PIN code has just been strengthened the digital certificate use, and the identity validation problem in the digital certificate use still can't be provided, and still has the stolen together situation of digital certificate and PIN code.Similar problem generally solves by other equipment or means in Fiel's meeting, and for example, under the situation that bank card and password are all lost, camera information when withdrawing the money and written handwriting can provide remittee's real information as the audit trail evidence.In internet virtual society, need more audit information to come the auxiliary figure certificate equally as the evidence chain, the use operation process recording of data certificate is got off.
In order to address the above problem, need a kind of enhanced audit method for operation of digital certificate especially, manipulating in the process of digital certificate, write down the procedural information of each use, include but not limited to: environmental information (standard time, IP address, operating system login name etc.), computer software information (operating system, browser information etc.), computer hardware information (MAC Address, hard disk sequence number etc.), identity information (fingerprint, vocal print etc.), thereby note the every evidence in the digital certificate use, for the operation of digital certificate audit provides foundation.
Summary of the invention
The object of the present invention is to provide a kind of enhanced audit method for operation of digital certificate, can write down the relevant information relevant (as environment for use with user's true identity, time etc.), guarantee to stay true user's information, thereby make digital certificate information and real people associate, reach the purpose that prevents that smart card from falsely using.
Technical matters solved by the invention can realize by the following technical solutions:
A kind of enhanced audit method for operation of digital certificate is characterized in that it comprises the steps:
(1) during the digital certificate in reading the carrier that contains digital certificate, reads information service time of digital certificate by read-write equipment;
(2) be index record other environmental information, software information, hardware information and identity information with the temporal information that reads and constitute a complete service recorder and store in the read-write equipment;
(3) read-write equipment writes the relevant information of self in the carrier;
(4) when read-write equipment is idle, the service recorder that is stored in the read-write equipment is uploaded in the corresponding auditing system;
(5) when containing the carrier visits application system of digital certificate, application system writes down the visit information of the carrier that contains digital certificate and visit information is sent in the corresponding auditing system.
In one embodiment of the invention, described read-write equipment is that read-write equipment is card reader, data connecting line, display device, read write line etc.
In one embodiment of the invention, the described carrier that contains digital certificate is smart card, usbkey etc.
In one embodiment of the invention, described auditing system is audit supervisory system, judicial tracing system etc.
In one embodiment of the invention, described service time, information can if do not network, be local time information for information lock in time of networking, perhaps was the internal clocking information of described read-write equipment.
In one embodiment of the invention, described read-write equipment uploads in the corresponding auditing system by the service recorder that the mode that is redirected and proxy access combines will be stored on the described read-write equipment.
In one embodiment of the invention, after the service recorder of storing in the described read-write equipment is filled with, will from the beginning store covering.
In one embodiment of the invention, the data message transmission that between described read-write equipment, the carrier that contains digital certificate and application system, circulates.
In one embodiment of the invention, when losing the carrier that contains digital certificate or information, the user is stolen when getting visit, can be by the audit information in the described auditing system, related with user's true identity, thus find the disabled user or find user's illegal operation.
Enhanced audit method for operation of digital certificate of the present invention is by linking mutually between the carrier, read-write equipment, application system and the auditing system that contain digital certificate; When the carrier that contains digital certificate used on read-write equipment, information such as operation writing time was also given auditing system with information transmission, and the equipment that reads while write also can be write relevant information in the carrier that contains digital certificate; The carrier that contains digital certificate is in the time of the access application system, and application system also can write down relevant operation information, and information is sent to auditing system; Manipulating in the process of digital certificate, write down the procedural information of each use, thereby obtain an audit information comprehensive and that be associated with true identity, to reach the purpose of audit, realize purpose of the present invention.
Characteristics of the present invention can be consulted the detailed description of the graphic and following better embodiment of this case and be obtained to be well understood to.
Description of drawings
Fig. 1 is the schematic flow sheet of enhanced audit method for operation of digital certificate of the present invention.
Embodiment
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
Embodiment
Enhanced audit method for operation of digital certificate of the present invention, it comprises the steps:
(1) during the digital certificate in reading the carrier that contains digital certificate, reads information service time of digital certificate by read-write equipment;
(2) be index record other environmental information, software information, hardware information and identity information with the temporal information that reads and constitute a complete service recorder and store in the read-write equipment;
(3) read-write equipment writes the relevant information of self in the carrier;
(4) when read-write equipment is idle, the service recorder that is stored in the read-write equipment is uploaded in the corresponding auditing system;
(5) when containing the carrier visits application system of digital certificate, application system writes down the visit information of the carrier that contains digital certificate and visit information is sent in the corresponding auditing system.
In the present invention, described read-write equipment is card reader, data connecting line, display device, read write line etc.
In the present invention, the described carrier that contains digital certificate is smart card, usbkey etc.
In the present invention, described auditing system is audit supervisory system, judicial tracing system etc.
In the present invention, described service time, information can if do not network, be local time information for information lock in time of networking, perhaps was the internal clocking information of described read-write equipment.
In the present invention, described read-write equipment uploads in the corresponding auditing system by the service recorder that the mode that is redirected and proxy access combines will be stored on the described read-write equipment; Use redirecting technique that connection is redirected to described read-write equipment earlier; re-using proxy mode conducts interviews; all are all handled through the network traffics of security gateway; pass to protected application system then; make the user can the free access gateway a plurality of application systems of protection, guaranteed the safety of visit.
In the present invention, after the service recorder of storing in the described read-write equipment is filled with, will from the beginning store covering.
In the present invention, the data message transmission that between described read-write equipment, the carrier that contains digital certificate and application system, circulates.
In the present invention,, the user is stolen when getting visit when losing the carrier that contains digital certificate or information, can be by the audit information in the described auditing system, and related with user's true identity, thus find the disabled user or find user's illegal operation.
Below be card reader with the read-write equipment, the carrier that contains digital certificate is that the smart card that contains digital certificate is that example illustrates enhanced audit method for operation of digital certificate of the present invention.
As shown in Figure 1, wherein, comprise the smart card 10, card reader 20, application system 30 and the auditing system 40 that contain digital certificate; Smart card 10 sends audit information to auditing system 40, mutual write operation information between the digital certificate of card reader 20 and smart card 10, card reader 20 sends audit information to auditing system 40, application system 30 sends audit information to auditing system 40, and smart card 10 and card reader 20, the process of exchanges data between card reader 20 and the application system 30.
In order to realize enhanced audit method for operation of digital certificate of the present invention, need in the card reader 20 that reads digital certificate, keep the secure memory space of a special use, and have proprietary space to have proprietary audit information in the smart card 10.The method implementation procedure is as follows:
1, information service time of card reader 20 recording smart cards 10, service time, information can be the time synchronization information of networking, if do not network, the record local zone time, but make marks in addition, perhaps write down the internal clocking information of card reader 20;
2, with service time information be index, card reader 20 record other environmental information, software information, hardware information and identity information constitute a complete service recorder, store in the card reader 20 that reads digital certificate;
3, simultaneously, with the relevant information such as the card reader ID of card reader 20,10 charge times of smart card etc. write back smart card 10, and like this, smart card 10 is just known the service time of last time and the place of use when using next time;
4, when card reader 20 is used to the free time, regularly with these with record that true identity information is associated on through auditing system 40, so that follow-up audit trail;
5, after the service recorder storer in the card reader 20 that reads digital certificate is filled with, from the beginning cover;
6, user capture application system 30, application system 30 can recording smart cards 10 visit information, as time, operation, accessed resources etc., and these information records are sent to auditing system 40;
7, data message flows between smart card 10, card reader 20, application system 30.
Smart card 10 is in card reader 20 operations, write down audit information mutually, smart card 10 uses on card reader 20, card reader 20 is at first with the model of smart card 10, the digital certificate user, relevant information records such as time are to local, and simultaneously the information that is associated of record and user real identification as (fingerprint etc.).Simultaneously card reader 20 writes back smart card 10 with the ID of this machine and 10 charge times of smart card, so just knows that when and where smart card 10 uses on Na Yitai card reader 20, is convenient to later audit trail.
The relevant audit information of digital certificate in the application system 30, when the user passes through card reader 20 access application, application system 30 can recording smart cards 10 the information of visit, as information such as time, operation, accessed resources, and these information records are sent to auditing system 40.
Smart card 10 in use, need audit to the use of the digital certificate in the smart card 10, smart card 10 normally uses on card reader 20, in this process, the use information of card reader 20 recording users and the real information that is associated with the user, and relevant information is sent to corresponding auditing system 40 by suitable way, simultaneously smart card 10 in access application system 30 as Net silver etc., application system 30 has also write down the relevant information of user capture, and these information also are transferred to corresponding auditing system 40.By the information of these records, whether the use of the digital certificate in the smart card 10 of can well judging and audit is normal etc., reaches strong audit and tracking to the user.
More than show and described ultimate principle of the present invention and principal character and advantage of the present invention.The technician of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the instructions just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications; these changes and improvements all fall in the claimed scope of the invention, and the claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (9)
1. an enhanced audit method for operation of digital certificate is characterized in that it comprises the steps:
(1) during the digital certificate in reading the carrier that contains digital certificate, reads information service time of digital certificate by read-write equipment;
(2) be index record other environmental information, software information, hardware information and identity information with the temporal information that reads and constitute a complete service recorder and store in the read-write equipment;
(3) read-write equipment writes the relevant information of self in the carrier;
(4) when read-write equipment is idle, the service recorder that is stored in the read-write equipment is uploaded in the corresponding auditing system;
(5) when containing the carrier visits application system of digital certificate, application system writes down the visit information of the carrier that contains digital certificate and visit information is sent in the corresponding auditing system.
2. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, described read-write equipment is card reader, data connecting line, display device, read write line.
3. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, the described carrier that contains digital certificate is smart card, usbkey.
4. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, described auditing system is audit supervisory system, judicial tracing system.
5. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, described service time, information can if do not network, be local time information for information lock in time of networking, perhaps was the internal clocking information of described read-write equipment.
6. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, described read-write equipment uploads in the corresponding auditing system by the service recorder that the mode that is redirected and proxy access combines will be stored on the described read-write equipment.
7. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, after the service recorder of storing in the described read-write equipment is filled with, will from the beginning store covering.
8. enhanced audit method for operation of digital certificate as claimed in claim 1 is characterized in that, the data message transmission that circulates between described read-write equipment, the carrier that contains digital certificate and application system.
9. enhanced audit method for operation of digital certificate as claimed in claim 1, it is characterized in that, when losing the carrier that contains digital certificate or information, the user is stolen when getting visit, can be by the audit information in the described auditing system, related with user's true identity, thus find the disabled user or find user's illegal operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910247855A CN101763478A (en) | 2009-12-31 | 2009-12-31 | Enhanced audit method for operation of digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910247855A CN101763478A (en) | 2009-12-31 | 2009-12-31 | Enhanced audit method for operation of digital certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101763478A true CN101763478A (en) | 2010-06-30 |
Family
ID=42494639
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910247855A Pending CN101763478A (en) | 2009-12-31 | 2009-12-31 | Enhanced audit method for operation of digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101763478A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394038A (en) * | 2014-12-08 | 2015-03-04 | 公安部第三研究所 | System and method for automatic detection and pre-alarming of network-off bypass |
| CN105791308A (en) * | 2016-04-11 | 2016-07-20 | 北京网康科技有限公司 | Active identification domain user registration event information method, device and system |
-
2009
- 2009-12-31 CN CN200910247855A patent/CN101763478A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394038A (en) * | 2014-12-08 | 2015-03-04 | 公安部第三研究所 | System and method for automatic detection and pre-alarming of network-off bypass |
| CN104394038B (en) * | 2014-12-08 | 2017-03-08 | 公安部第三研究所 | Suspension bypass automatic detection early warning system and method |
| CN105791308A (en) * | 2016-04-11 | 2016-07-20 | 北京网康科技有限公司 | Active identification domain user registration event information method, device and system |
| CN105791308B (en) * | 2016-04-11 | 2019-12-31 | 北京网康科技有限公司 | Method, device and system for actively identifying domain user login event information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102339370B (en) | The security method of electronic document, safety system and verification system | |
| CN101710380B (en) | Electronic document safety protection method | |
| CN102325139B (en) | Electronic document processing method, processing system and verification system | |
| CN107181765A (en) | Network digital identity identifying method based on block chain technology | |
| CN105260640B (en) | A kind of evidence-obtaining system and method based on finger print identifying and GPS | |
| CN109829326A (en) | Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain | |
| CN105656920B (en) | A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery | |
| US20080201576A1 (en) | Information Processing Server And Information Processing Method | |
| CN110417750A (en) | File based on block chain technology is read and method, terminal device and the storage medium of storage | |
| CN100397814C (en) | Uniform identication method and system based on network | |
| CN102546601A (en) | Auxiliary device of cloud computing terminal for accessing virtual machine | |
| CN105338119A (en) | Electronic evidence fixing security system based on cloud storage | |
| CN105338120A (en) | Electronic evidence fixing security method based on cloud storage | |
| CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
| CN111475866A (en) | Block chain electronic evidence preservation method and system | |
| Nemati et al. | Applied Cryptography for Cyber Security and Defense: Information Encryption and Cyphering: Information Encryption and Cyphering | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| CN109067702B (en) | Method for generating and protecting real-name system network identity | |
| US20230259899A1 (en) | Method, participant unit, transaction register and payment system for managing transaction data sets | |
| CN113938281A (en) | Quantum security identity issuing system, issuing method and using method | |
| CN114254269A (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN106254341B (en) | For the data fingerprint extracting method and system of centralized electronic data safety system | |
| Cavoukian et al. | Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy | |
| CN101763478A (en) | Enhanced audit method for operation of digital certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100630 |