CN103414563A - Validity time management method of CPK identification, secret key pair and certificate - Google Patents
Validity time management method of CPK identification, secret key pair and certificate Download PDFInfo
- Publication number
- CN103414563A CN103414563A CN2013103361007A CN201310336100A CN103414563A CN 103414563 A CN103414563 A CN 103414563A CN 2013103361007 A CN2013103361007 A CN 2013103361007A CN 201310336100 A CN201310336100 A CN 201310336100A CN 103414563 A CN103414563 A CN 103414563A
- Authority
- CN
- China
- Prior art keywords
- user
- sign
- expiration date
- certificate
- cpk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a validity time management method of a CPK identification, a secret key pair and a certificate. The method includes the step of publishing a user private key certificate according to an original user identification and validity time parameters, the step of verifying time efficiency of a user extended identification and the step of updating validity time of the user private key certificate. The method for managing the validity time of the CPK identification, the secret key pair and the certificate is provided.
Description
Technical field
The present invention relates to the network security certification technical field, be specifically related to CPK sign, the key management method to the valid expiration date with certificate.
Background technology
In traditional PKI authentication system, mainly use X.509 diploma system.X.509 in certificate, do not contain private key for user, the client public key in certificate is corresponding with private key for user.But the valid expiration date of user ID and certificate and public and private key between there is no inevitable associated, so CA side must safeguard one disclose, complete online certificate repository and retrieval service, to meet the verification process of PKI system.And the method for subscriber checking validity period of certificate limit can only be that the signature of the CA in certificate is verified, therefore also need first to obtain the root certificate of CA, and rely on the fail safe of root certificate fully.Along with the appearance of CPK technology, make user ID and public and private key between set up unique corresponding relation, thereby no longer need to safeguard huge online certificate repository and retrieval service, for the PKI system, be a much progress.But in the middle of practical application, for security consideration or application, need in a lot of situations, leak private key risk size regardless of the user, CA needs key authorization is limited in limited time range, and valid expiration date is managed.To this, current CPK technology does not provide the method for the valid expiration date that reaches the CPK certificate being managed for CPK sign, CPK key.
Summary of the invention
Goal of the invention: for the problem and shortage that above-mentioned prior art exists, the purpose of this invention is to provide a kind of CPK sign, the key management method to the valid expiration date with certificate.In the present invention, all types of signs are the CPK sign, and all public, private key are the CPK key, and all certificates are the CPK certificate.
Technical scheme: for achieving the above object, the first technical scheme that the present invention adopts is a kind of CPK sign, the key management method to the valid expiration date with certificate, comprise step, the step that inspection user is expanded the available time identified and the step of upgrading the valid expiration date of private key for user certificate according to the original sign of user and valid expiration date parameter issue private key for user certificate, wherein:
According to the step of the original sign of user and valid expiration date parameter issue private key for user certificate, comprise:
Step (1): the input original sign of user and valid expiration date parameter, carry out validity checking, when the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out;
Step (2): according to valid expiration date parameter generate the valid expiration date field, and should valid expiration date field as necessary part, generate the user and expand sign;
Step (3): the user who generates is expanded to sign and carry out CPK public private key pair generation computing, show that corresponding user expands PKI and the user expands private key, and the CPK public private key pair generated is done to the coupling verification, if re-executing the public and private key of CPK, coupling verification failure generates computing and coupling checking procedure;
Step (4): the user is expanded to sign and corresponding user and expand private key and write the text of private key for user certificate as necessary part;
Step (5): the text of private key for user certificate is done to CPK CA signature, generate complete private key for user certificate;
Step (6): the private key for user certificate is returned to the user;
The step of the available time of inspection user expansion sign comprises:
Step is 1.: the user that input has term of validity field expands sign, carries out format checking, when format checking by the time carry out next step, otherwise report an error and stop carrying out;
Step is 2.: from the user, expand sign and decomposite the valid expiration date field, and convert time valid expiration date to;
Step is 3.: obtain the current time;
Step is 4.: the available time inspection: if the current time was in time valid expiration date, carry out next step, otherwise report an error and stop carrying out;
Step is 5.: according to the user, expand sign and CPK PKI generating algorithm and calculate this user and expand and identify corresponding user and expand PKI;
Step is 6.: according to the user who calculates, expand PKI and complete the encryption and decryption computing in verification process.
The second technical scheme that the present invention adopts is a kind of CPK sign, the key management method to the valid expiration date with certificate, comprise the step of available time of step according to the original sign of user and valid expiration date parameter issue user identification certificate and user's original private keys, inspection user identity certificate and the step of upgrading the valid expiration date of user identification certificate, wherein:
According to the original sign of user and valid expiration date parameter distribution indicator certificate and the step of user's original private keys comprise:
Step (A): the input original sign of user and valid expiration date parameter, carry out validity checking, when the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out;
Step (B): the original sign of user is carried out to the CPK public private key pair and generate computing, draw the original PKI of corresponding user and user's original private keys, and the CPK public private key pair generated is done to the coupling verification, if re-executing the CPK public private key pair, coupling verification failure generates computing and coupling checking procedure;
Step (C): according to valid expiration date parameter generation valid expiration date field;
Step (D): using the original sign of user and valid expiration date field as necessary component, write the user identification certificate text;
Step (E): the user identification certificate text is done to CPK CA signature, generate complete user identification certificate;
Step (F): user identification certificate and user's original private keys corresponding to the original sign of user are provided to the user;
The step of the available time of inspection user identity certificate comprises:
Step (a): the user identification certificate that input has term of validity field, carry out format checking, when format checking by the time carry out next step, otherwise report an error and stop carrying out;
Step (b): from decompositing term of validity field identity certificate, and convert time valid expiration date to;
Step (c): obtain the current time;
Step (d): the available time inspection, the current time was in time valid expiration date, carried out next step, otherwise reported an error and stop carrying out;
Step (e): the CA in user identification certificate signature is carried out to the CPK sign test, if the CPK sign test is passed through by description time validity check, the CPK sign test is not forged by this user identification certificate system of explanation, now reports an error and stops carrying out.
Beneficial effect: the present invention has utilized the characteristics of CPK technology, on original technical foundation, has provided the solution of the valid expiration date with certificate being managed for CPK sign, key.Thereby realized that CPK sign, CPK key are to definition, registration, issue, continuity, the replacement of the valid expiration date with the CPK certificate, and in the CPK verification process to CPK sign, CPK key to and time of CPK certificate effectively check.By specially designed certificate format, with respect to traditional X.509 certificate, can greatly reduce the certificate size, improve authentication speed and efficiency.
In the middle of the certificate of PKI system, between key and validity period of certificate limit, do not have inevitable associatedly, can only to the signature of certificate, judge and guarantee whether before the deadline key according to the term of validity field in certificate and CA.
While adopting the first scheme of the present invention to provide the private key for user certificate, with the user of valid expiration date, expand sign and expand the private key direct correlation with the user.As time goes on, the user expand the corresponding user of sign expand private key can be weathering, no longer need the failure state of extra mark and notice sign and key.And in the CPK verification process, judge whether within valid expiration date transmitting and understand the valid expiration date field of user in can identifying according to expansion after expanding sign, needn't carry out the X.509 process of certificate of resolving.Thereby saved system resource, be conducive to improve authentication speed and efficiency, be applicable to the intensive application of authentication algorithm.
When adopting first scheme of the present invention to provide user identification certificate, the CPK key is pair associated with the valid expiration date of certificate, does not more need more new key pair during new authentication, only needs CPK CA again to sign and get final product, so can reduce the management difficulty of CA.And first scheme technically can be compatible mutually with existing PKI system, is conducive to upgrading and the smooth excessiveness of original system.
The accompanying drawing explanation
Fig. 1 is the flow chart according to the original sign of user and valid expiration date parameter generation and issue private key for user certificate;
Fig. 2 be inspection user expansion sign in the CPK verification process available time flow chart;
Fig. 3 is the flow chart that upgrades the valid expiration date of private key for user certificate;
Fig. 4 is the flow chart according to the original sign of user and valid expiration date parameter generation and issue user identification certificate and user's original private keys;
Fig. 5 is the flow chart of the available time of inspection user identity certificate in the CPK verification process;
Fig. 6 is the flow chart that upgrades the valid expiration date of user identification certificate.
Embodiment
Below in conjunction with the drawings and specific embodiments, further illustrate the present invention, should understand these embodiment only is not used in and limits the scope of the invention be used to the present invention is described, after having read the present invention, those skilled in the art all fall within the application's claims limited range to the modification of the various equivalent form of values of the present invention.
Valid expiration date management of the present invention includes but not limited to following content: the administration behaviours such as valid expiration date calcellation, inefficacy denial of service are checked, exceeded to the formal definition of valid expiration date, registration, issue, continuity, renewal, available time;
In the present invention, CPK sign, CPK key are comprised the valid expiration date management process with the CPK certificate:
(1) set unified time and valid expiration date with reference to (Unique Timing and Expiration Reference, UTER), such as but not limited to: Greenwich Mean Time.The UTER that represents UTER type and parameter identifies an optional part as valid expiration date, participates in calculating and the verification of valid expiration date.When not using UTER when sign, think institute free and valid expiration date by acquiescence based on same reference.
(2) valid expiration date formal definition.Can there be various definitions mode and form the valid expiration date of CPK sign.
A kind of method is the field of additional indication valid expiration date on the basis of the original sign of user (uniqueness that can the representative of consumer main body, but do not comprise the CPK sign of effective deadline information), has the user of valid expiration date and expands sign thereby generate.The user expands the constraint that valid expiration date field in sign is not subjected to field format, field location order.Another kind method is that the original sign of user and the field of indicating valid expiration date are written to user identification certificate as necessary component.And the corresponding user's original private keys of the original sign of user will with user identification certificate as two independently entity issued to the user.Term of validity field in user identification certificate is not subjected to the constraint of field format, field location order.
In the valid expiration date formal definition, valid expiration date the formal definition of field various ways can be arranged, include but not limited to:
A.UTER|yyyy-mm-dd hh:mm:ss (initial) | yyyy-mm-dd hh:mm:ss (termination)
As: GMT+00|2012-01-0100:00:00|2012-12-3123:59:59 means that the term of validity is the whole year 2012 Greenwich Mean Time.Perhaps
B.UTER|hh:mm:ss, yyyymmdd (initial) | hh:mm:ss (duration)
As: GMT+08|00:00:00,20120101|24:00:00 mean that the term of validity is whole day on January 1 2012 Beijing time.Perhaps
C.yyyymmdd (initial) | yyyymmdd (termination)
As: 20120101|00000000 means that the term of validity is that field recipient local zone time rose effectively permanent on January 1st, 2012.
(3) CPK private key and certificate issue.CPK RA (Registration Authority, the digital certificate registration center) according to the original sign of tool user and time parameter generation user, expand sign, according to CPK key schedule and user, expand sign again and generate corresponding user and expand private key, expand sign and the user expands private key generation private key for user certificate and private key certificate is presented to the user based on the user; Perhaps, CPK RA generates the valid expiration date field according to time parameter, according to CPK key schedule and the original sign of user, generate user's original private keys, based on the original sign of user and valid expiration date field generation user identification certificate, user identification certificate and user's original private keys together are presented to the user.
(4) check of the available time in the CPK verification process.The valid expiration date field of expanding in sign according to the user checks that the user expands the available time of sign, and the corresponding CPK public key verifications check result of User expansion sign; Perhaps, according to the valid expiration date field in user identification certificate, check the available time of the original sign of user, and by the signature of the CA in user identification certificate, do sign test and verify check result.
(5) for malicious act and the correlation attack of forging valid expiration date, provide necessary safe solution, as:
A. for the user who forges valid expiration date, expand sign, according to the CPK algorithm, gained CPK PKI is not the true PKI of forging target (true identity), thus the sign test failure; Perhaps, when the user identification certificate of valid expiration date of including forgery is done to the CA sign test, because the certificate of forging is not that CA signs and issues, can't obtain correct CA signature, so cause sign test unsuccessfully;
B. for adopting Denial of Service attack (DoS) and the forged identity forging sign or forge valid expiration date to attack, the user can adopt the corresponding method of attacking of general strick precaution, include but not limited to: increase the sequential factor, increase random factor, thereby access is screened and blocked.
The first technical scheme that the present invention adopts is the management method of the valid expiration date of a kind of CPK sign, CPK key, CPK certificate, comprises the step of valid expiration date of step, the renewal private key for user certificate of the available time of step according to the original sign of user and valid expiration date parameter issue private key for user certificate, inspection user expansion sign.Wherein:
According to the step of the original sign of user and valid expiration date parameter issue private key for user certificate, comprise:
Step (1): the input the original sign of user and valid expiration date parameter, carry out validity checking, as:
Whether 1)) whether the form of original sign meets publisher's requirement, whether this original sign forever or temporarily has been labeled as the main information comprised in invalid, original sign consistent with the real information of main body;
2)) valid expiration date parameter form whether meet the publisher requires, parameter is expressed time range whether within the mandate time range allowed;
When the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out.(this step is the common-sense step);
Step (2): according to valid expiration date parameter generate the valid expiration date field, and should valid expiration date field as necessary part, generate the user and expand sign.Valid expiration date field can be attached to original sign before, afterwards or embed inner;
Step (3): the user who generates is expanded to sign and carry out CPK public private key pair generation computing, show that corresponding user expands PKI and the user expands private key, and the CPK public private key pair generated is done to the coupling verification.If coupling verification failure re-executes the CPK public private key pair and generates computing and coupling checking procedure (the CPK public private key pair generates and coupling verification computing is the common-sense step);
Step (4): the user is expanded to sign and corresponding user and expand private key and write the text of private key for user certificate as necessary part;
Step (5): private key for user certificate text is done to CPK CA signature, generate complete private key for user certificate,
Using on CPK CA, CA can be used the original sign of CA (to represent the CA uniqueness during signature, but the CPK sign that does not comprise effective deadline information) or use CA expansion sign (according to the original sign of CA and valid expiration date the CPK sign with the valid expiration date field that generates of parameter, the generation method is consistent with the method that the generation user expands sign).While using the original sign signature of CA, the CA original private keys that the private key that signature is used calculates according to the original sign of CA as the CPK key schedule.While using CA expansion sign signature, the CA expansion private key that the private key that signature is used calculates according to CA expansion sign as the CPK key schedule.In this step, preferably use the CA expansion sign of CPK CA and CA expansion private key to sign.The valid expiration date that has comprised CA due to CA expansion sign, according to the CPK characteristic, after use CA expansion sign signature, no longer need to check the available time of traditional C A root certificate, thereby in the process of inspection user identity certificate, remove the dependence to CA root certificate.
Step (6): the private key for user certificate is returned to the user;
The step of the available time of inspection user expansion sign comprises:
Step is 1.: the user that input has term of validity field expands sign, carries out format checking, and the scope of examination includes but not limited to:
1)) whether the coded system of each field is correct
2)) whether each field length is correct;
3)) whether the order of each field is correct;
4)) whether the value of each field is within allowed band;
When format checking by the time carry out next step, otherwise report an error and stop carrying out (concrete grammar of format checking belongs to the general knowledge step);
Step is 2.: from the user, expand sign and decomposite the valid expiration date field, and convert time valid expiration date to;
Step is 3.: obtain the current time;
Step is 4.: the available time inspection, and the current time was in time valid expiration date, carried out next step, otherwise reported an error and stop carrying out;
Step is 5.: according to the user, expand sign and CPK PKI generating algorithm and calculate this user and expand the corresponding user of sign and expand PKI (concrete grammar of generation CPK PKI belongs to the general knowledge step);
Step is 6.: according to the user who calculates, expand PKI and complete the encryption and decryption computing in verification process.If user expansion be designated forge sign (comprise to valid expiration date field forgery or to the forgery of other fields), forge the CPK private key that CPK PKI corresponding to sign is corresponding with legal sign inconsistent, thereby the sign test failure, guaranteed that thus the user expands the legitimacy of sign.In this method, valid expiration date is comprised in the expansion sign, so the legitimacy of valid expiration date is guaranteed by the legitimacy that the user expands sign.
The step of upgrading the valid expiration date of private key for user certificate comprises:
Step 1: after receiving the valid expiration date update request, the check active user expands the available time of sign.According to the available time result, select processing method, while not surpassing valid expiration date, select continuity, while surpassing valid expiration date, select to reset;
Step 2: check continuity or replacement condition, if satisfied continuity or replacement condition are carried out next step, otherwise report an error and stop carrying out.The continuity condition is for example: the current time in validity period of certificate limit end 1 month, the user has and obtains the next round authority of valid expiration date, etc.The replacement condition is for example: the current identity of user is legal, the user is allowed to regain certificate, etc.;
Step 3: revise the user and expand the valid expiration date field in sign, generates new user and expand and identify and corresponding user expands private key, form new private key for user certificate text;
Step 4: new private key for user certificate text is done to CPK CA signature, generate new private key for user certificate;
Step 5: new private key for user certificate is returned to the user;
The renewal of this programme lower valid expiration date must change the user and expand private key.
The second technical scheme that the present invention adopts is the management method of the valid expiration date of a kind of CPK sign, CPK key, CPK certificate, comprise the available time of step according to the original sign of user and valid expiration date parameter issue user identification certificate and user's original private keys, inspection user identity certificate step, upgrade the step of the valid expiration date of user identification certificate, wherein:
According to the original sign of user and valid expiration date parameter distribution indicator certificate and the step of user's original private keys comprise:
Step (A): the input the original sign of user and valid expiration date parameter, carry out validity checking, inspection method is the same.When the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out;
Step (B): the original sign of user is carried out to the CPK public private key pair and generate computing, draw the original PKI of corresponding user and user's original private keys, and the CPK public private key pair generated is done to the coupling verification.If coupling verification failure re-executes the CPK public private key pair and generates computing and coupling checking procedure (the public and private key of CPK generates and coupling verification computing is the common-sense step);
Step (C): according to valid expiration date parameter generation valid expiration date field;
Step (D): using the original sign of user and valid expiration date field as necessary component, write the user identification certificate text;
Step (E): the user identification certificate text is done to CPK CA signature, generate complete user identification certificate;
In this step, preferably use the CA expansion sign of CPK CA and CA expansion private key to sign, also can use the original sign of traditional CA and corresponding CA original private keys signature.The valid expiration date that has comprised CA due to CA expansion sign, according to the CPK characteristic, after use CA expansion sign signature, no longer need to check the available time of traditional C A root certificate, thereby in the process of inspection user identity certificate, remove the dependence to CA root certificate.
Step (F): user identification certificate and user's original private keys corresponding to the original sign of user are provided to the user.
Wherein, step (B) with (C) there is no precedence relationship.
The step of the available time of inspection user identity certificate comprises:
Step (a): the user identification certificate that input has term of validity field, carry out format checking, test mode is the same.When format checking by the time carry out next step, otherwise report an error and stop carrying out;
Step (b): from decompositing term of validity field identity certificate, and convert time valid expiration date to;
Step (c): obtain the current time;
Step (d): the available time inspection, the current time was in time valid expiration date, carried out next step, otherwise reported an error and stop carrying out;
Step (e): the CA in user identification certificate signature is carried out to the CPK sign test, if the CPK sign test is passed through by description time validity check, the CPK sign test is not forged by this user identification certificate system of explanation, now reports an error and stops carrying out.In the method, the legitimacy of valid expiration date is by the legitimacy assurance of user identification certificate, and the legitimacy of user identification certificate is guaranteed by the CA signature.
The step of upgrading the valid expiration date of user identification certificate comprises:
Step I: after receiving the valid expiration date update request, the available time of check active user identity certificate.According to the available time result, select processing method, while not surpassing valid expiration date, select continuity, while surpassing valid expiration date, select to reset;
Step I i: check continuity or replacement condition, if satisfied continuity or replacement condition are carried out next step, otherwise report an error and stop carrying out;
Step I ii: revise the valid expiration date field in user identification certificate, generate new user identification certificate text;
Step I x: new user identification certificate text is done to CPK CA signature, generate new user identification certificate;
Step x: new user identification certificate is returned to the user;
The continuity of this programme lower valid expiration date or reset and can not change user's original private keys.
Below, in conjunction with example, illustrate.
The objective of the invention is to propose a kind of method that the valid expiration date of CPK sign, CPK key, CPK certificate is managed.
The concrete formal definition of the original sign of user is for example:
The original sign format version of CPK | the distribution numbering | the security domain sign | the user agent sign | the user domain sign | publisher (CA) sign | CPK key schedule sign | the Digital Signature Algorithm sign
The concrete formal definition that the user expands sign is for example:
CPK expansion sign format version | the distribution numbering | the security domain sign | the user agent sign | the user domain sign | publisher (CA) sign | the UTER sign | term of validity zero-time | the term of validity intermission | CPK key schedule sign | the Digital Signature Algorithm sign
The security domain sign: CPK CA is for realizing drawing the territory management, adopt different cryptography parameter configuration to carry out key generation and certificate issue, the interior CPK cryptography parameter of using of same security domain is identical, thereby realizes authentication mutually in territory, between same area, does not mutually isolate because the cryptography parameter is different.
User domain sign: in a security domain, indicate different customer groups, as different enterprises.
Generate the different cryptography parameter configuration that CPK key and this certificate sale room are used
User agent and ca parameter be for example:
Identification code: UTF-8 coding
The original sign format version of user: CPKI.1.0
The user expands sign format version: CPKI.1.1
Distribution numbering: the sequence number of 12 hexadecimal representations
Security domain sign: origin
User agent sign: tom@abc.com
User domain sign: admin
Publisher (CA) sign: authority.cpki.org
UTER sign: GMT+08
CPK key schedule sign: CPK.6.0, ECC
Digital Signature Algorithm sign: MD5, ECC
Current time: 16: 30 on the 1st April in 2013
The default certificate term of validity is: 1 year
The original sign of user:
CPKI.1.0|001CC0A2302F|origin|tom@abc.com|admin|authority.cpki.org|CPK.6.0,ECC|MD5,ECC
The original sign of publisher (CA):
CPKI.1.0|00000000000F|origin|authority.cpki.org|au|authority.cpki.org|CPK.6.0,ECC|MD5,ECC
In the original sign of CA, the user agent sign is identical with publisher (CA) sign.
Publisher (CA) expands sign:
CPKI.1.1|000000000010|origin|authority.cpki.org|au|authority.cpki.org|GMT+08|2013-04-01,00:00|2023-03-31,23:59|CPK.6.0,ECC|MD5,ECC
In conjunction with Fig. 1, mainly comprise following core procedure according to the process of the original sign of user and valid expiration date parameter issue private key for user certificate:
Current time is for example: 16: 30 on the 1st April of 2013 Beijing time
Current distribution is for example numbered: 001CC0A23030
Step 1: the original sign of the user of input, time parameter are 16: 30 on the 1st April of 2013 current time, the default certificate term of validity 1 year.The original sign of check results user is legal effectively, and the current time meet while issuing licence condition, carry out next step, otherwise return to error message " access illegal " and stop carrying out
Step 2: generate the user with term of validity field and expand sign:
CPKI.1.1|001CC0A23030|origin|tom@abc.com|admin|authority.cpki.org|GMT+08|2013-04-01,16:30|2014-04-01,16:29|CPK.6.0,ECC|MD5,ECC;
Step 3: the user of generation is expanded to sign and carry out CPK.6.0 public private key pair generation computing, draw corresponding ECC PKI and private key.The public private key pair calculated is done to the verification of ECC encryption and decryption.During the check results coupling, carry out next step, otherwise return to previous step;
Step 4: the value that user's user is expanded to sign writes the HostID.Extend field of certificate text, and the value of corresponding private key writes the Key.Sec.HostID.Extend field of certificate text;
Step 5: publisher's (CA) expansion sign is write to the IssuerID.Extend field of certificate text, the signature time writes the Sig.Date field of certificate text.And with the corresponding CA private key of this publisher (CA) expansion sign, text integral body is done to the digital signature that MD5 adds the ECC mode, the value of signature writes the signature field Sig.IssuserID.Extend of certificate file, forms complete private key for user certificate file " 001CC0A23030.cpks ".File content is as follows:
<HostID.Extend>
CPKI.1.1|001CC0A23030|origin|tom@abc.com|admin|authority.cpki.or?g|GMT+08|2013-04-01,16:30|2014-04-01,16:29|CPK.6.0,ECC|MD5,ECC
</HostID.Extend>
<Key.Sec.HostID.Extend>
MIICXAIBAAKBgQDECwo9O3CAs94HLpGrnR9Ctch4v5+93SGqT09I2togN9FnG3q3GdnvVsCBn8f7SOupqtSj0y9mthCxr656B3NgPUR758d9/UYtk50z9I0TlQ9tpxKQ7ap/UVaqkfpiUSC5wNLTzWzm0uHL5WFzD7EkfgCT2o6OmStLOi9Ct6p63QIDAQAB?AoGAbpoD5tPX/uR7SPX+/SEh99LzDRyfFNDjI2CnTGUcVrznCRK5wv90stDwvrDU?dHKJcimM2fhVb88b0ANbnkEB17cUQ72pl/RM+bIIGmLOAnYlSqcP7CSHJCt9DoSk6yF6cvnes1SaF1deXjdhaDsPgO5DwZ5jVILEnc0F/1zC9oECQQDm3MckugK/v9Z=
</Key.Sec.HostID.Extend>
<IssuerID.Extend>
CPKI.1.1|000000000010|origin|authority.cpki.org|au|authority.cpk?i.org|
GMT+08|2013-04-01,00:00|2023-03-31,23:59|CPK.6.0,ECC|MD5,EC
</IssuerID.Extend>
<Sig.Date>
GMT+08|2013-04-01,16:30
</Sig.Date>
<Sig.IssuserID.Extend>
U7K7SYrY9Q/hOFt5GERW8DfztyMfs5hGTesAMyTc1WBqftimMrFLNj8Vc7Lal/2l2QRf7PCRAkEA2WOvQ9NoSKNPN91veonbbm8GWcgvTc2P+FspcyGj7m9GJQ3hl4dc?HbI0r9rPR2OkIybVbTxLRaaPooSobHfLjQJAVw7mojjrFHg5XWFEw0/GZm5zoJDq?Hc5C5y4LS4LCYhAN2mVDu32N5yEoDMDs3i+7oAtC2soYpkouwr4F4k6toQJBAJaN?BdU4NNGRYAx1a332uSPq+f/1tmTwhtNd9v/H/WrkXzTMPz6cvLvILdrX85MiO4so?mshy6EJNTs4jhyzPbgUCQBiBExSjBBup06Py3Le0ADn8CT27USdrpCMlNZjnzKQ=
</Sig.IssuserID.Extend>
Step 6: private key for user certificate file " 001CC0A23030.cpks " returns to the user.
In conjunction with Fig. 2, the process of the available time of inspection user expansion sign comprises following core procedure:
Current time is for example: 16: 30 on the 2nd April of 2013 Beijing time
Step 1: the user for input expands sign:
CPKI.1.1|001CC0A23030|origin|tom@abc.com|admin|authority.cpki.org|GMT+08|2013-04-01,16:30|2014-04-01,16:29|CPK.6.0,ECC|MD5,ECC
Do format check, by the time carry out next step, otherwise return to error message " format incorrect " and stop to carry out;
Step 2: valid expiration date decomposing module from then on open up in sign and decomposite valid expiration date field GMT+08|2013-04-01 16:30|2014-04-01 16:29, and to convert concrete time valid expiration date to be 16: 29 on the 1st April of 16 o'clock on the 1st 30 minutes to 2014 April of 2013 Beijing time;
It is 16: 30 on the 2nd April of 2013 Beijing time that step 3 is obtained the current time in system;
Step 4: the available time inspection, the current time, in the valid expiration date time value, is therefore carried out next step.If the current time not in the valid expiration date time value time, is returned to error message " validity error " and stops carrying out;
Step 5:CPK PKI computing module is expanded sign according to this user and is calculated the CPK PKI;
Step 6: carry out later encryption and decryption computing according to the CPK PKI calculated.If the valid expiration date that the user expands in sign is modified, the CPK PKI drawn is wrong PKI, and nature can't obtain correct encryption and decryption operation result.
In conjunction with Fig. 3, the process of upgrading the valid expiration date of private key for user certificate mainly comprises following core procedure:
Current time is for example: 16: 30 on the 31st March of 2014 Beijing time
Current distribution is for example numbered: 001CC0A23147
Step 1: receive the valid expiration date update request, user's expansion of requestor is designated:
CPKI.1.1|001CC0A23030|origin|tom@abc.com|admin|authority.cpki.or?g|GMT+08|2013-04-01,16:30|2014-04-01,16:29|CPK.6.0,ECC|MD5,ECC
Current time, in the user expands the valid expiration date of sign, therefore selects the valid expiration date continuity to process;
Step 2: check the continuity condition, legal and current time of the corresponding user identity of user agent sign meets the continuity condition within being in valid expiration date end 2 months, therefore carries out next step.If do not meet the continuity condition, return to error message " renew denied " and stop carrying out;
Step 3: according to the continuity strategy, new valid expiration date is to rise the current application time 1 year, and therefore new valid expiration date field is " GMT+08|2014-03-31,16:30|2015-03-31,16:29 ".Revise original user expand in sign the distribution number field and valid expiration date field, new user expands sign and corresponding user expands HostID.Extend field and the Key.Sec.HostID.Extend field that private key writes respectively new private key for user certificate text;
Step 4: publisher's (CA) expansion sign is write to the IssuerID.Extend field of certificate text, the signature time writes text Sig.Date field.And with the corresponding CA private key of this publisher (CA) expansion sign, text integral body is done to the digital signature that MD5 adds the ECC mode, the value of signature writes the signature field Sig.IssuserID.Extend of certificate file, forms complete new private key for user file " 001CC0A23147.cpks ".File content is as follows:
<HostID.Extend>
CPKI.1.1|001CC0A23147|origin|tom@abc.com|admin|authority.cpki.or?g|GMT+08|2014-03-31,16:30|2015-03-31,16:29|CPK.6.0,ECC|MD5,ECC
</HostID.Extend>
<Key.Sec.HostID.Extend>
C9JAcS4fzX6DEyR74Xo6BFuetR8W1aA05NEzT33ZWEC9UwEA7xDgv1e5F00O2QYU?QtR671tCPFl9Avs6C9AC7NjYL27x5WqpOP8k4HPGIpkXss9W71X2o0ONd6J1Z5g29cIR7qTQVyKTH54N2a0uj8tKAIQdWI5WLBU3gu01U4EY7ebLp2QS0p0P84VoNHYg?C4j2oZGCV6mQ2T4HBMvJe1Fg85kRU91twGNe9CPaSNO68jH1Ya3TPRRYXYTv1521ac2wQgnO7VvWF4H3C6BQg55spsZ9Z6dC42BO3n2DLUgVl7P5X5J9IyiPQSrdG95W?qWm93g2RVXkzJO54AND7QTvW1d7FMeff8E4L8H2W09gt6ZyLXO3MIe0zE3LKhBZ3aPjB2Q7c9Y7KvE8D76O5V1W5hEOCB6UsNnb97DKVHckL0Y99ctaZ5=
</Key.Sec.HostID.Extend>
<IssuerID.Extend>
CPKI.1.1|000000000010|origin|authority.cpki.org|au|authority.cpk?i.org|
GMT+08|2013-04-01,00:00|2023-03-31,23:59|CPK.6.0,ECC|MD5,EC
</IssuerID.Extend>
<Sig.Date>
GMT+08|2014-03-31,16:30
</Sig.Date>
<Sig.IssuserID.Extend>
YYM636m7KfvV1TDXANkCy8jS41yUWIApzYZCt83S77TK05o6eC9lG4OTpD2IvBcX?g9tYKVD9MZ6Jv1e2G6R4IL71oAJI27TYovJrj4D7A67wiUYCg7MGo42LYmDVOG4t?mpO33KIq79MVz68UTw4yy3D3rULZM56BuM1h8Nq5c8KcAXCS76HyUK2P8Qd6HUQu7rU6al4JJWqCJxEDaN3G6JdK887i0N7JW3eQ5UvbJ3H5MEHx4pOJX192QXNh2G2f?J7emBdTV8sH762q26JUhgXvYZOyoCJZTLP8Rlg003qM27W5iQpZXX6x8L91qKWiH?I08kRQ178bePIDlL5CDQ9k68p00V7wIIEfjkDAC60S6T69Ih44X3ZX8fh2YpF5dQEpqWEh4B5JFV78cZoe17FCK4Tl7h6yP5PCZ5GUzKuXnuCH02yTP3C=
</Sig.IssuserID.Extend>;
Step 5: new private key for user certificate file " 001CC0A23147.cpks " returns to the user;
In conjunction with Fig. 4, CPK CA comprises following core procedure according to the process of the original sign of user and valid expiration date parameter issue user identification certificate and user's original private keys:
Current time is for example: 16: 30 on the 1st April of 2013 Beijing time
Current distribution is for example encoded: 001CC0A23031
Step 1: the original sign of the user of input, time parameter are 16: 30 on the 1st April of 2013 current time, the default certificate term of validity 1 year.The original sign of check results user is legal effectively, and the current time meet while issuing licence condition, carry out next step, otherwise return to error message " access illegal " and stop carrying out;
Step 2: the original sign of user is carried out to the CPK.6.0 public private key pair and generate computing, draw corresponding ECC PKI and private key, the public private key pair calculated is done to the verification of ECC encryption and decryption.Check results when coupling be private key data writing in files " 001CC0A2302F.cpkk ", otherwise return to previous step;
Step 3: generate valid expiration date field GMT+08|2013-04-01,16:30|2014-04-01,16:29;
Step 4: the original sign of user is write to the HostID field of user identification certificate, by valid expiration date field write the Validity.Period field of user identification certificate, current distribution numbering is write to the Issue.Number field of user identification certificate;
Step 5: publisher's (CA) expansion sign is write to the IssuerID.Extend field of certificate text, the signature time writes the Sig.Date field.And with the publisher, expand the corresponding CA private key of sign text integral body is done to the digital signature that MD5 adds the ECC mode, the value of signature writes the signature field Sig.IssuserID.Extend of certificate file, forms complete signature file " 001CC0A2302F.cpkp ".File content is as follows:
<HostID>
CPKI.1.0|001CC0A2302F|origin|tom@abc.com|admin|authority.cpki.or?g|CPK.6.0,ECC|MD5,ECC
</HostID>
<Validity.Period>
GMT+08|2013-04-01,16:30|2014-04-01,16:29
</Validity.Period>
<Issue.Number>
001CC0A23031
</Issue.Number>
<IssuerID.Extend>
CPKI.1.1|000000000010|origin|authority.cpki.org|au|authority.cpk?i.org|
GMT+08|2013-04-01,00:00|2023-03-31,23:59|CPK.6.0,ECC|MD5,EC
</IssuerID.Extend>
<Sig.Date>
GMT+08|2013-04-01,16:30
</Sig.Date>
<Sig.IssuserID.Extend>
MIICejCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgjEWMBQGA1UEAxMNYmF5LmYzMzIyLm9yZzELMAkGA1UEBhMCODYxCzAJBgNVBAgTAkpTMQswCQYDVQQHEwJO?SjENMAsGA1UEChMERi5FLjEMMAoGA1UECxMDRGV2MSQwIgYJKoZIhvcNAQkBFhV3aGF0d2hhdEByYXBpZG9lbS5jb20wHhcNMTIxMjI2MTgxOTA2WhcNMTMxMjI2MTgx?OTA2WjCBgjEWMBQGA1UEAxMNYmF5LmYzMzIyLm9yZzELMAkGA1UEBhMCODYxCzAJ?BgNVBAgTAkpTMQswCQYDVQQHEwJOSjENMAsGA1UEChMERi5FLjEMMAoGA1UECxM=
</Sig.IssuserID.Extend>
Step 6: certificate file " 001CC0A2302F.cpkp " and user's original private keys file " 001CC0A2302F.cpkk " are returned to the user.
In conjunction with Fig. 5, the step of the available time of inspection user identity certificate comprises following core procedure:
Current time is for example: 16: 30 on the 2nd April of 2013 Beijing time
Step 1: the user identification certificate " 001CC0A2302F.cpkp " for input is done format checking, by the time carries out next step, otherwise return to error message " format incorrect " and stop execution;
Step 2: valid expiration date, decomposing module was from decompositing valid expiration date field GMT+08|2013-04-01 user identification certificate, 16:30|2014-04-01,16:29, and to convert concrete valid expiration date time value to be 16: 29 on the 1st April of 16 o'clock on the 1st 30 minutes to 2014 April of 2013 Beijing time;
Step 3: obtaining the current time in system is 16: 30 on the 2nd April of 2013 Beijing time;
Step 4: the available time inspection, the current time, in the valid expiration date time value, is therefore carried out next step.If the current time not in the valid expiration date time value time, is returned to error message " validity error " and stops carrying out;
Step 5: from decompositing publisher (CA) expansion sign user identification certificate, generate corresponding CPK CA PKI according to the CPK.6.0 algorithm, and the CA signature is carried out to sign test.Sign test is verified by representing valid expiration date, otherwise returns to error message " signature incorrect " and stop carrying out;
In conjunction with Fig. 6, the valid expiration date process of upgrading user identification certificate mainly comprises following core procedure
Current time is for example: 16: 30 on the 31st March of 2015 Beijing time
Current distribution is for example numbered: 001CC0A23148
Step 1: receive the valid expiration date update request, requestor's user identification certificate is " 001CC0A2302F.cpkp ", and the valid expiration date field in identity certificate is " GMT+08|2013-04-01,16:30|2014-04-01,16:29 ".Current time, not within the valid expiration date of user identification certificate, is therefore selected valid expiration date to reset and processes;
Step 2: check the replacement condition, the corresponding user identity of user agent sign is legal and be not prohibited to upgrade operation, meets the replacement condition, therefore carries out next step.If do not meet the replacement condition, return to error message " reset denied " and stop carrying out;
Step 3: according to the strategy of resetting, new valid expiration date is from the current application time 1 year, therefore generates new valid expiration date field " GMT+08|2015-03-31,16:30|2016-03-31,16:29 ".By new valid expiration date field, revise the Validity.Period field in original user identification certificate text, current distribution numbering is write to the Issue.Number field of user identification certificate;
Step 4: the Sig.Date field of revising in the user identification certificate text is the current signature time.And with the corresponding CA private key of publisher (CA) expansion sign, text integral body is done to the digital signature that MD5 adds the ECC mode, the value of signature writes the signature field Sig.IssuserID.Extend of certificate file, forms complete new user ID file " 001CC0A2302F.cpkp ".File content is as follows:
<HostID>
CPKI.1.0|001CC0A2302F|origin|tom@abc.com|admin|authority.cpki.or?g|CPK.6.0,ECC|MD5,ECC
</HostID>
<Validity.Period>
GMT+08|2015-03-31,16:30|2016-03-31,16:29
</Validity.Period>
<Issue.Number>
001CC0A23148
</Issue.Number>
<IssuerID.Extend>
CPKI.1.1|000000000010|origin|authority.cpki.org|au|authority.cpk?i.org|
GMT+08|2013-04-01,00:00|2023-03-31,23:59|CPK.6.0,ECC|MD5,EC
</IssuerID.Extend>
<Sig.Date>
GMT+08|2015-03-31,16:30
</Sig.Date>
<Sig.IssuserID.Extend>
JAU5LQaa2DgaVmOF21LqIN26shr8L89PERZOe9JspX69VLX2nwfC8BM6T2D5vjqU?YUAYKZ6Q6t16q91H5cGOOU5mWe4Ux0vY1Z5H2fsYOx0oX4A3D4SRBiXLz06TFWXX?M9et63Zp6490euWJ7AMRY1MbG6zdEHN9Q06BJf9c7cYA7YokABNeQ02L8RT4LKpd?iw17PRbRZ82jOq8Xq8oZAG11BpUVq71gTBHF45V1ySRr3VWkt339ANJEb3W0dKyZ4X2it9IEB4QgZ32msM8HYL1IJJ1uWd5aFbW1v8C9TWg7lH2QM4KI0JTim4v3AsVF?X0Wp3O7CQE03thu4IKYnuSgSRiU54TU97R1p44n3g0JWptTDG462SdPVT0U5rD5l?H297PXvjPrCOX1MfsSD6w9WMzR29Fs8DHUsB6IX8dFG013SjB7TwX=
</Sig.IssuserID.Extend>
Step 5: new user identification certificate file " 001CC0A2302F.cpkp " returns to the user.
When the user receives new user identification certificate, check that in new and old certificate, text Issue.Number field can contrast the version height of the two, thereby cover old certificate file with the redaction certificate file.
Claims (10)
1. CPK sign, the key management method to the valid expiration date with certificate, comprise step, the step that inspection user is expanded the available time identified and the step of upgrading the valid expiration date of private key for user certificate according to the original sign of user and valid expiration date parameter issue private key for user certificate, wherein:
According to the step of the original sign of user and valid expiration date parameter issue private key for user certificate, comprise:
Step (1): the input original sign of user and valid expiration date parameter, carry out validity checking, when the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out;
Step (2): according to valid expiration date parameter generate the valid expiration date field, and should valid expiration date field as necessary part, generate the user and expand sign;
Step (3): the user who generates is expanded to sign and carry out CPK public private key pair generation computing, show that corresponding user expands PKI and the user expands private key, and the CPK public private key pair generated is done to the coupling verification, if re-executing the public and private key of CPK, coupling verification failure generates computing and coupling checking procedure;
Step (4): the user is expanded to sign and corresponding user and expand private key and write the text of private key for user certificate as necessary part;
Step (5): the text of private key for user certificate is done to CPK CA signature, generate complete private key for user certificate;
Step (6): the private key for user certificate is returned to the user;
The step of the available time of inspection user expansion sign comprises:
Step is 1.: the user that input has term of validity field expands sign, carries out format checking, when format checking by the time carry out next step, otherwise report an error and stop carrying out;
Step is 2.: from the user, expand sign and decomposite the valid expiration date field, and convert time valid expiration date to;
Step is 3.: obtain the current time;
Step is 4.: the available time inspection: if the current time was in time valid expiration date, carry out next step, otherwise report an error and stop carrying out;
Step is 5.: according to the user, expand sign and CPK PKI generating algorithm and calculate this user and expand and identify corresponding user and expand PKI;
Step is 6.: according to the user who calculates, expand PKI and complete the encryption and decryption computing in verification process.
2. CPK sign, the key management method to the valid expiration date with certificate according to claim 1, it is characterized in that: the step of the valid expiration date of described renewal private key for user certificate comprises:
Step 1: after receiving the valid expiration date update request, the check active user expands the available time of sign, while not surpassing valid expiration date, selects continuity, while surpassing valid expiration date, selects to reset;
Step 2: check continuity or replacement condition, if satisfied continuity or replacement condition are carried out next step, otherwise report an error and stop carrying out;
Step 3: revise the user and expand the valid expiration date field in sign, generates new user and expand and identify and corresponding user expands private key, form new private key for user certificate text;
Step 4: new private key for user certificate text is done to CPK CA signature, generate new private key for user certificate;
Step 5: new private key for user certificate is returned to the user.
3. CPK sign, the key management method to the valid expiration date with certificate according to claim 1, it is characterized in that: the validity checking in described step (1) comprises:
Whether whether the form of original sign meets publisher's requirement, whether this original sign forever or temporarily has been labeled as the main information comprised in invalid, original sign consistent with the real information of main body; And
Valid expiration date, whether the form of parameter met the publisher requires, parameter is expressed time range whether within the mandate time range allowed.
4. CPK sign, the key management method to the valid expiration date with certificate according to claim 1 is characterized in that: in described step (2), described valid expiration date field be attached to original sign before or after or embed the inside of original sign.
5. CPK sign, the key management method to the valid expiration date with certificate according to claim 1, it is characterized in that: in described step (5), use the original sign of CA to do CPK CA signature, the CA original private keys that the private key that signature is used calculates according to the original sign of CA as the CPK key schedule to the certificate text.
6. CPK sign, the key management method to the valid expiration date with certificate according to claim 1, it is characterized in that: in described step (5), use CA expansion sign to do CPK CA signature to the certificate text, the CA expansion private key that the private key that signature is used calculates according to CA expansion sign as the CPK key schedule.
7. CPK sign, the key management method to the valid expiration date with certificate according to claim 1, it is characterized in that: described step 6. in, if user's expansion is designated, forge sign, forge the CPK private key that CPK PKI corresponding to sign is corresponding with legal sign inconsistent, thus the sign test failure.
8. CPK sign, the key management method to the valid expiration date with certificate, comprise the step of available time of step according to the original sign of user and valid expiration date parameter issue user identification certificate and user's original private keys, inspection user identity certificate and the step of upgrading the valid expiration date of user identification certificate, wherein:
According to the original sign of user and valid expiration date parameter distribution indicator certificate and the step of user's original private keys comprise:
Step (A): the input original sign of user and valid expiration date parameter, carry out validity checking, when the original sign of user with when valid expiration date, parameter was legal, carry out next step, otherwise report an error and stop carrying out;
Step (B): the original sign of user is carried out to the CPK public private key pair and generate computing, draw the original PKI of corresponding user and user's original private keys, and the CPK public private key pair generated is done to the coupling verification, if re-executing the CPK public private key pair, coupling verification failure generates computing and coupling checking procedure;
Step (C): according to valid expiration date parameter generation valid expiration date field;
Step (D): using the original sign of user and valid expiration date field as necessary component, write the user identification certificate text;
Step (E): the user identification certificate text is done to CPK CA signature, generate complete user identification certificate;
Step (F): user identification certificate and user's original private keys corresponding to the original sign of user are provided to the user;
The step of the available time of inspection user identity certificate comprises:
Step (a): the user identification certificate that input has term of validity field, carry out format checking, when format checking by the time carry out next step, otherwise report an error and stop carrying out;
Step (b): from decompositing term of validity field identity certificate, and convert time valid expiration date to;
Step (c): obtain the current time;
Step (d): the available time inspection, the current time was in time valid expiration date, carried out next step, otherwise reported an error and stop carrying out;
Step (e): the CA in user identification certificate signature is carried out to the CPK sign test, if the CPK sign test is passed through by description time validity check, the CPK sign test is not forged by this user identification certificate system of explanation, now reports an error and stops carrying out.
9. CPK sign, the key management method to the valid expiration date with certificate according to claim 8, it is characterized in that: the step of the valid expiration date of described renewal user identification certificate comprises:
Step I: after receiving the valid expiration date update request, the available time of check active user identity certificate, select processing method according to the available time result, while not surpassing valid expiration date, selects continuity, while surpassing valid expiration date, selects to reset;
Step I i: check continuity or replacement condition, if satisfied continuity or replacement condition are carried out next step, otherwise report an error and stop carrying out;
Step I ii: revise the valid expiration date field in user identification certificate, generate new user identification certificate text;
Step I x: new user identification certificate text is done to CPK CA signature, generate new user identification certificate;
Step x: new user identification certificate is returned to the user.
10. CPK sign, the key management method to the valid expiration date with certificate according to claim 8, is characterized in that: in described step (E), use the CA expansion sign of CPK CA and CA expansion private key to sign to the user identification certificate text.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103361007A CN103414563A (en) | 2013-08-05 | 2013-08-05 | Validity time management method of CPK identification, secret key pair and certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103361007A CN103414563A (en) | 2013-08-05 | 2013-08-05 | Validity time management method of CPK identification, secret key pair and certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103414563A true CN103414563A (en) | 2013-11-27 |
Family
ID=49607549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103361007A Pending CN103414563A (en) | 2013-08-05 | 2013-08-05 | Validity time management method of CPK identification, secret key pair and certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103414563A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106097515A (en) * | 2016-06-23 | 2016-11-09 | 武汉市国扬科技有限公司 | A kind of smart lock virtual lock core replacing options |
| CN107169320A (en) * | 2017-04-20 | 2017-09-15 | 北京小米移动软件有限公司 | Method of calibration and device |
| CN110011796A (en) * | 2019-04-15 | 2019-07-12 | 深圳壹账通智能科技有限公司 | Certificate update method, apparatus, computer equipment and storage medium |
| CN112699359A (en) * | 2020-11-27 | 2021-04-23 | 航天信息股份有限公司 | Cross-industry national secret certificate verification method and verification system |
| CN116366289A (en) * | 2023-02-24 | 2023-06-30 | 中国测绘科学研究院 | Safety supervision method and device for remote sensing data of unmanned aerial vehicle |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1819513A (en) * | 2006-03-23 | 2006-08-16 | 北京易恒信认证科技有限公司 | CPK ID certificate and generating method thereof |
| CN1835434A (en) * | 2006-04-10 | 2006-09-20 | 北京易恒信认证科技有限公司 | Electronic mail system and method based on CPK safety authentication |
| CN101378315A (en) * | 2007-08-27 | 2009-03-04 | 华为技术有限公司 | Method, system, equipment and server for packet authentication |
| US20110173452A1 (en) * | 2008-05-28 | 2011-07-14 | Nan Xiang-Hao | Method of generating compound type combined public key |
-
2013
- 2013-08-05 CN CN2013103361007A patent/CN103414563A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1819513A (en) * | 2006-03-23 | 2006-08-16 | 北京易恒信认证科技有限公司 | CPK ID certificate and generating method thereof |
| CN1835434A (en) * | 2006-04-10 | 2006-09-20 | 北京易恒信认证科技有限公司 | Electronic mail system and method based on CPK safety authentication |
| CN101378315A (en) * | 2007-08-27 | 2009-03-04 | 华为技术有限公司 | Method, system, equipment and server for packet authentication |
| US20110173452A1 (en) * | 2008-05-28 | 2011-07-14 | Nan Xiang-Hao | Method of generating compound type combined public key |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106097515A (en) * | 2016-06-23 | 2016-11-09 | 武汉市国扬科技有限公司 | A kind of smart lock virtual lock core replacing options |
| CN107169320A (en) * | 2017-04-20 | 2017-09-15 | 北京小米移动软件有限公司 | Method of calibration and device |
| CN110011796A (en) * | 2019-04-15 | 2019-07-12 | 深圳壹账通智能科技有限公司 | Certificate update method, apparatus, computer equipment and storage medium |
| CN110011796B (en) * | 2019-04-15 | 2023-03-10 | 深圳壹账通智能科技有限公司 | Certificate updating method and device, computer equipment and storage medium |
| CN112699359A (en) * | 2020-11-27 | 2021-04-23 | 航天信息股份有限公司 | Cross-industry national secret certificate verification method and verification system |
| CN116366289A (en) * | 2023-02-24 | 2023-06-30 | 中国测绘科学研究院 | Safety supervision method and device for remote sensing data of unmanned aerial vehicle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107506661B (en) | Method for generating house historical record based on block chain | |
| US10826888B2 (en) | Method for providing certificate service based on smart contract and server using the same | |
| CN103080958B (en) | The method producing/issue distributing certificates in the system at distribution electronic document | |
| CN106031086B (en) | Method and system for generating device certificate and the validity for examining device certificate | |
| US8683605B1 (en) | Long-term validation of a digital signature status indicator | |
| CN102479297B (en) | Copyright protection method based on public key system and digital watermarking | |
| JP2017079369A (en) | Vehicle system and authentication method | |
| CN103414563A (en) | Validity time management method of CPK identification, secret key pair and certificate | |
| CN111600844A (en) | Identity distribution and authentication method based on zero-knowledge proof | |
| US20220092592A1 (en) | Methods and Devices for Registering and Authenticating Miner Identity in a Blockchain Network | |
| JP2022531742A (en) | Methods and equipment for recording work history and proving reputation in blockchain networks | |
| CN102724042B (en) | Third-party platform electronic contracting system based on electronic signature technology | |
| CN103560889A (en) | Precision identity authentication method between X509 digital certificate and certificate application | |
| CN105554018A (en) | Network real name verification method | |
| Stengele et al. | Access control for binary integrity protection using ethereum | |
| Boontaetae et al. | RDI: Real digital identity based on decentralized PKI | |
| CN117056899A (en) | Electronic certificate generation method and device | |
| Saramago et al. | A tree-based construction for verifiable diplomas with issuer transparency | |
| CN115225346A (en) | Data deposit system for credit investigation big data field | |
| CN110535663B (en) | Method and system for realizing trusted timestamp service based on block chain | |
| CN103384982B (en) | Information processor and message handling program | |
| CN109509095A (en) | A kind of video active identification method of combination block chain | |
| CN117896065B (en) | Remote collaborative anti-leakage office system based on cloud server and kernel technology | |
| CN112749964B (en) | Information monitoring method, system, equipment and storage medium | |
| JP5159752B2 (en) | Communication data verification device and computer program therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20170412 |
|
| AD01 | Patent right deemed abandoned |