CN104836671B - The inspection method and check device of the addition of digital certificate - Google Patents

The inspection method and check device of the addition of digital certificate Download PDF

Info

Publication number
CN104836671B
CN104836671B CN201510250479.9A CN201510250479A CN104836671B CN 104836671 B CN104836671 B CN 104836671B CN 201510250479 A CN201510250479 A CN 201510250479A CN 104836671 B CN104836671 B CN 104836671B
Authority
CN
China
Prior art keywords
digital certificate
addition
predetermined condition
operating system
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510250479.9A
Other languages
Chinese (zh)
Other versions
CN104836671A (en
Inventor
易鸿斌
杨猛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Anyi Hengtong Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anyi Hengtong Beijing Technology Co Ltd filed Critical Anyi Hengtong Beijing Technology Co Ltd
Priority to CN201510250479.9A priority Critical patent/CN104836671B/en
Publication of CN104836671A publication Critical patent/CN104836671A/en
Priority to PCT/CN2015/090708 priority patent/WO2016184000A1/en
Application granted granted Critical
Publication of CN104836671B publication Critical patent/CN104836671B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

This application discloses the inspection methods and check device of the addition of digital certificate.One specific embodiment of method includes:Obtain the addition request of digital certificate;It is asked based on addition, it is determined whether meet predetermined condition, wherein predetermined condition includes:The title for adding the initiation object of request is for the title of key, the object of digital certificate management in operating system;The process for creating the initiation object of addition request is to be used to manage the system service process of key, digital certificate in operating system;The digital certificate service normal operation of system service process trustship;The interface identifier for being used to add digital certificate in addition request is that the interface identifier of digital certificate management is used in operating system;Meet corresponding function code in operating system in addition request for adding the function code of digital certificate;Situation is met based on predetermined condition, determines whether the addition of digital certificate is legal.The embodiment realizes the effective inspection for the legitimacy that the addition to digital certificate operates.

Description

The inspection method and check device of the addition of digital certificate
Technical field
This application involves field of computer technology, and in particular to computer security technique field more particularly to digital certificate Addition inspection method and check device.
Background technology
Digital certificate be it is a kind of through certificate authority digital signature comprising public-key cryptography owner information and openly The file of key, simplest digital certificate include the digital signature of a public-key cryptography, title and certificate authority.
The use of digital certificate helps to improve security during the process of operation or the application of computer.For example, peace Full software is when intercepting the key or sensitive operation for operating system, it will usually to initiating main body and the source of this operation It is checked, then decides whether to allow or refuse this operation.And when checking aforementioned body and source, it is used An important method be exactly digital certificate, for example, check initiate this operation process digital certificate whether in system Certificate Trust List in.However, this inspection method can usually face the problem of following aspect:Rogue program or application can be with It first discharges and adds digital certificate to Certificate Trust List, then rerun and carry the rogue program of this digital certificate to bypass The inspection of security software.
The content of the invention
In view of drawbacks described above of the prior art or deficiency, it is desired to be able to which a kind of addition of better digital certificate is provided Inspection scheme.To achieve these goals, this application provides the inspection methods of addition and inspection dress of improved digital certificate It puts.
In a first aspect, this application provides a kind of inspection method of the addition of digital certificate, the described method includes:Obtain number The addition request of word certificate;Based on it is described addition request, it is determined whether meet predetermined condition, wherein the predetermined condition include with It is at least one of lower:The title of the initiation object of the addition request is for key, pair of digital certificate management in operating system The title of elephant;The process for creating the initiation object of the addition request is to be used to manage key, digital certificate in operating system System service process;The digital certificate service normal operation of the system service process trustship;It is used to add in the addition request The interface identifier for adding digital certificate is that the interface identifier of digital certificate management is used in operating system;In the addition request Function code for adding digital certificate meets corresponding function code in operating system;Feelings are met based on the predetermined condition Condition determines whether the addition of the digital certificate is legal.
In some embodiments, the situation that meets based on the predetermined condition determines that the addition of the digital certificate is It is no it is legal including:When any one of described predetermined condition is unsatisfactory for, determine that the addition of the digital certificate is illegal.
In some embodiments, the method further includes:Addition in response to determining the digital certificate is illegal, performs To the prevention operation of the addition of digital certificate and/or warning operation.
In some embodiments, the situation that meets based on the predetermined condition determines that the addition of the digital certificate is It is no it is legal including:When whole items in the predetermined condition all meet, determine that the addition of the digital certificate is legal.
In some embodiments, the method further includes:Addition in response to determining the digital certificate is legal, performs number The addition operation of word certificate.
In some embodiments, the addition request for obtaining digital certificate includes:Number is obtained by hook operation The addition request of certificate.
Second aspect, this application provides a kind of check device of the addition of digital certificate, the check device includes:It obtains Unit is taken, is configured to obtain the addition request of digital certificate;Condition determining unit is configured to ask based on the addition, Determine whether to meet predetermined condition, wherein the predetermined condition is including at least one of following:The initiation object of the addition request Title be in operating system for key, digital certificate management object title;Create the initiation pair of the addition request The process of elephant is to be used to manage the system service process of key, digital certificate in operating system;The system service process trustship Digital certificate service normal operation;The interface identifier for being used to add digital certificate in the addition request is in operating system For the interface identifier of digital certificate management;Meet operation in the addition request for adding the function code of digital certificate Corresponding function code in system;Legitimacy determination unit is configured to meet situation based on the predetermined condition, determines described Whether the addition of digital certificate is legal.
In some embodiments, the legitimacy determination unit is further configured to:Appointing in the predetermined condition One when being unsatisfactory for, it is determined that the addition of the digital certificate is illegal.
In some embodiments, the check device further includes:Processing unit is configured to true in response to the legitimacy Order member determines that the addition of the digital certificate is illegal, performs the prevention operation of addition and/or warning behaviour to digital certificate Make.
In some embodiments, the legitimacy determination unit is further configured to:It is complete in the predetermined condition When portion's item all meets, determine that the addition of the digital certificate is legal.
In some embodiments, the check device further includes:Processing unit is configured to true in response to the legitimacy Order member determines that the addition of the digital certificate is legal, performs the addition operation of digital certificate.
In some embodiments, the acquiring unit is further configured to:Digital certificate is obtained by hook operation Addition request.
The inspection method and check device of the addition for the digital certificate that the application provides, by the addition for obtaining digital certificate Request is then based on above-mentioned addition request and determines whether a series of predetermined conditions are met, then determines the addition of digital certificate It is whether legal, realize the effective inspection for the legitimacy that the addition to digital certificate operates.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application's is other Feature, objects and advantages will become more apparent upon:
Fig. 1 is can be using the example of the embodiment of the inspection method or check device of the addition of the digital certificate of the application Sexual system framework;
Fig. 2 is the flow chart according to one embodiment of the inspection method of the addition of the digital certificate of the application;
Fig. 3 is the schematic diagram of the Certificate Trust List in the IE browser of Windows operating system;
Fig. 4 is the flow chart according to another embodiment of the inspection method of the addition of the digital certificate of the application;
Fig. 5 is the structure diagram according to one embodiment of the check device of the addition of the digital certificate of the application;
Fig. 6 is adapted for the structural representation for realizing the terminal device of the embodiment of the present application or the computer system of host Figure.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention rather than the restriction to the invention.It also should be noted that in order to Convenient for description, illustrated only in attached drawing and invent relevant part with related.
It should be noted that in the case where there is no conflict, the feature in embodiment and embodiment in the application can phase Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows the exemplary system architecture 100 that can apply the embodiment of the present application.
As shown in Figure 1, system architecture 100 can include terminal device 101,102,103, network 104 and host 105.Net Network 104 between terminal device 101,102,103 and host 105 provide communication link medium.Network 104 can include Various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be interacted with using terminal equipment 101,102,103 by network 104 with host 105, to add to host 105 Add digital certificate.Various telecommunication customer end applications can be installed on terminal device 101,102,103, such as bank's class application, Class of doing shopping application, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 101,102,103 can be various electronic equipments, include but not limited to smart mobile phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image Expert's compression standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic shadow As expert's compression standard audio level 4) player, pocket computer on knee and desktop computer etc..
Host 105 can be common pocket computer on knee or desktop computer or provide various services Server, such as (these applications usually require digital certificate technique to the bank class application on terminal device 101,102,103 Support to ensure safety) etc. the background server supported of offers.Host 105 can store the data received, The processing such as analysis, and handling result is fed back into terminal device.
It should be noted that the inspection method of the addition for the digital certificate that the embodiment of the present application is provided can be set by terminal Standby 101,102,103 perform, and can also be performed by host 105.In the feelings of the inspection for the addition that digital certificate is performed by host 105 Under condition, the addition request of digital certificate can be initiated by terminal device 101,102,103, can also be by being run on host 105 Various applications initiate.Correspondingly, the check device of the addition of digital certificate can be arranged at terminal device 101,102,103 In, it can also be arranged in host 105.
It should be understood that the number of the terminal device, network and server in Fig. 1 is only schematical.According to realization need Will, can have any number of terminal device, network and server.
With continued reference to Fig. 2, it illustrates one embodiment of the inspection method of the addition of the digital certificate according to the application Flow 200.The inspection method of the addition of the digital certificate, comprises the following steps:
Step 201, the addition request of digital certificate is obtained.
In the present embodiment, the electronic equipment of the above-mentioned inspection method operation of the addition of digital certificate thereon can be with logarithm The addition request of word certificate is intercepted, so as to obtain addition request.
In some realization methods of the present embodiment, by taking windows operating systems as an example, the addition of digital certificate is asked Intercept can be by system function involved by the addition to digital certificate (such as NtRequestWaitReplyPort () function) hook (hook) operation is carried out to carry out.It for example, can be with a self-defined intercept process function, then by above system It is redirected to customized intercept process function in the address of function, you can realize the interception of the addition request of digital certificate.
In windows operating systems, hook (hook) is that a kind of of operating system offer calls to replacement system Mechanism is actually to perform flow to function to modify, achievees the purpose that control function, filter operation.That is, hook Subfunction first obtains control.Afterwards, Hook Function can working process (change) message, can not also deal with and after It resumes and passs the message, the transmission of end can also be forced.With above-mentioned system function NtRequestWaitReplyPort () Exemplified by, the execution flow of the system function can be changed to the hook operation of the system function, in the normal execution of the system function Beginning before, it will jump to for customized intercept process function, to carry out the inspection of the addition of digital certificate.
Step 202, asked based on addition, it is determined whether meet predetermined condition.
In the present embodiment, the electronic equipment of the above-mentioned inspection method operation of the addition of digital certificate thereon is based on step The addition request obtained in 201, judges whether predetermined condition is met.Wherein, above-mentioned predetermined condition includes following at least one :The title of the initiation object of above-mentioned addition request is for the title of key, the object of digital certificate management in operating system; The process for creating the initiations object of above-mentioned addition request be used to managing in operating system key, digital certificate system service into Journey;The digital certificate service normal operation of above system service processes trustship;It is used to add digital certificate in above-mentioned addition request Interface identifier be in operating system be used for digital certificate management interface identifier;It is used to add number in above-mentioned addition request The function code of word certificate meets corresponding function code in operating system.
In an operating system, different objects is identified by title.Offer service (such as the related clothes of digital certificate Business) server-side process can create a denominative object first, ask this service client process can pass through finger It names title and is connected to this server-side process, client process can obtain a handle for representing this object (handle), Communication function afterwards is communicated using this handle as one of parameter.The addition of digital certificate as a result, is The title of the no legal initiation object that can be asked based on above-mentioned addition is for key, digital certificate pipe in operating system The title of the object of reason judges.It is also based on creating above-mentioned addition request in addition, whether the addition of digital certificate is legal The process for initiating object is to judge in operating system for managing the system service process of key, digital certificate.
Wherein, handle is a kind of pointer.When an application program will quote other systems (such as file system, database) institute It is necessary to using handle when the memory block or object of management.In memory management, handle is widely used, for example, Windows is grasped Make systematic difference Program Interfaces (Application Programming Interface, API) and just largely use handle Carry out the object in mark system, and establish the communications conduit between operating system and user's space.A for example, window on desktop Body is identified by the handle of a HWND type.
By taking Windows operating system as an example, the digital certificate service of system service process trustship is cryptographic services (Cryptographic Services), the cryptographic services can provide three kinds of management services:Catalog database service, it is determined that The signature of Windows files;Shielded service, it adds and deletes the certificate of trusted root certificates mechanism from this computer; It is serviced with key (Key), it helps to register this computer acquisition certificate.If the cryptographic services are terminated, these management services Normal operation is will be unable to, and if the cryptographic services are disabled, any its service of dependence will be unable to start.
In the present embodiment, can further in analytical procedure 201, system function that hook operation has been carried out to it The data packet of (such as NtRequestWaitReplyPort () function).A ginseng of the data packet as above system function Number, is a kind of data structure, one of member is interface identifier.Whether the addition of digital certificate is legal as a result, can be with The interface identifier for being used to add digital certificate in asking based on above-mentioned addition is that digital certificate pipe is used in operating system The interface identifier of reason judges.In addition, the yet another member of the data packet is for indicative to specifically operating Function code.Whether the addition of digital certificate legal as a result, can be asked based on above-mentioned addition in for adding digital certificate Whether function code, which meets, is used to add the function code of digital certificate to judge in operating system.
Step 203, situation is met based on predetermined condition, determines whether the addition of digital certificate is legal.
In the present embodiment, the electronic equipment of the above-mentioned inspection method operation of the addition of digital certificate thereon can be based on To the judgement for meeting situation of predetermined condition in step 202, determine whether the addition of digital certificate is legal.
In some realization methods of the present embodiment, if judged in step 202, the whole in above-mentioned predetermined condition Item all meets, it is determined that the addition of above-mentioned digital certificate is legal.At this moment, the addition operation of digital certificate, example can be performed Such as, above-mentioned digital certificate is added in the Certificate Trust List of operating system.For each number in the Certificate Trust List For word certificate, software or application think that it is trust.Referring to Fig. 3, Fig. 3 is the IE browser of Windows operating system In Certificate Trust List a schematic diagram.
Addition of the method that above-described embodiment of the application provides by obtaining digital certificate is asked, and is then based on above-mentioned add Whether a series of conditions for adding requirement analysis related with the legitimacy of the addition of digital certificate obtain meeting to determine that the addition is grasped The legitimacy of work realizes effective inspection that the addition to digital certificate operates.
With further reference to Fig. 4, it illustrates the flows of another embodiment of the inspection method of the addition of digital certificate 400.The flow 400 of the inspection method, comprises the following steps:
Step 401, the addition request of digital certificate is obtained.
In the present embodiment, the electronic equipment of the above-mentioned inspection method operation of the addition of digital certificate thereon can be with logarithm The addition request of word certificate is intercepted, so as to obtain addition request.
Step 402, asked based on addition, it is determined whether meet predetermined condition.
In the present embodiment, above-mentioned electronic equipment can judge predetermined condition based on the addition request obtained in step 401 Whether met.Wherein, above-mentioned predetermined condition includes at least one of following:The title of the initiation object of above-mentioned addition request is For the title of key, the object of digital certificate management in operating system;Create the process of the initiation object of above-mentioned addition request It is the system service process for being used to manage key, digital certificate in operating system;The number card of above system service processes trustship Book services normal operation;The interface identifier for being used to add digital certificate in above-mentioned addition request is for number in operating system The interface identifier of certificate management;Meet phase in operating system in above-mentioned addition request for adding the function code of digital certificate Answer function code.
Step 403, when any one of predetermined condition is unsatisfactory for, determine that the addition of digital certificate is illegal.
In the present embodiment, if judged in step 402, any one of above-mentioned predetermined condition is unsatisfactory for, then is existed The addition that above-mentioned digital certificate can be determined in this step is illegal.
In the present embodiment, the flow 400 of inspection method can also include step 404, in the step 404, can hold The prevention of the addition of digital certificate is operated row and/or warning operates.
Herein, above-mentioned warning operation for example can include but is not limited to, and be sent to the administrator or user of operating system Audible alert, text information warning, picture warning etc..By means of such warning, above-mentioned administrator or user can know can Malice digital certificate addition operation existing for energy.
In the present embodiment, the step 401 in above-mentioned realization flow and step 402 respectively with the step in previous embodiment 201 and step 202 it is essentially identical, details are not described herein.
Figure 4, it is seen that the main difference of embodiment corresponding with Fig. 2 is the inspection method in the present embodiment Flow 400 be mainly to have had more the prevention performed when the addition for determining digital certificate is illegal to the addition of digital certificate to grasp Make and/or alert the step 404 of operation.By the step 404 of increase, the scheme of the present embodiment description can be with significantly more efficient right The addition of digital certificate is checked, prevents or prevent the certificate of malice to add.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, this application provides a kind of digital certificates One embodiment of the check device of addition, the device embodiment is corresponding with embodiment of the method shown in Fig. 2, and the device is specific It can be applied in various electronic equipments.
As shown in figure 5, the check device 500 of the addition of digital certificate described in the present embodiment includes:Acquiring unit 501, Condition determining unit 502 and legitimacy determination unit 503.Wherein, acquiring unit 501 is configured to obtain the addition of digital certificate Request.Condition determining unit 502 is configured to the addition request obtained based on acquiring unit 501, it is determined whether meets predetermined item Part, wherein above-mentioned predetermined condition is including at least one of following:The title of the initiation object of above-mentioned addition request is in operating system For the title of key, the object of digital certificate management;The process for creating the initiation object of above-mentioned addition request is operating system In for managing the system service process of key, digital certificate;The digital certificate service of above system service processes trustship is normal Operation;The interface identifier for being used to add digital certificate in above-mentioned addition request is that digital certificate management is used in operating system Interface identifier;Meet corresponding function generation in operating system in above-mentioned addition request for adding the function code of digital certificate Code.And legitimacy determination unit 503 is configured to the situation that meets of the predetermined condition drawn based on condition determining unit 502, really Whether the addition of fixed above-mentioned digital certificate is legal.
In the present embodiment, the acquiring unit 501 of check device 500 can be asked to block to the addition of digital certificate It cuts, so as to obtain addition request.In some realization methods of the present embodiment, by taking windows operating systems as an example, obtain single The addition request of 501 pairs of digital certificates of member intercepts can be by the system function (example involved by the addition to digital certificate Such as NtRequestWaitReplyPort () function) hook (hook) operation is carried out to carry out.
In the present embodiment, the condition determining unit 502 of check device 500 please based on the addition that acquiring unit 501 obtains It asks, determines whether above-mentioned predetermined condition is met, and the situation that meets of predetermined condition is informed legitimacy determination unit 503, Determine whether the addition of digital certificate is legal according to the above-mentioned situation that meets by it.
In some realization methods of the present embodiment, if it is determined that unit 502 judges, the whole in above-mentioned predetermined condition Item all meets, then legitimacy determination unit 503 determines that the addition of above-mentioned digital certificate is legal.And if it is determined that unit 502 Judge, any one of above-mentioned predetermined condition is unsatisfactory for, then legitimacy determination unit 503 can determine above-mentioned digital certificate Addition is illegal.At this moment, check device 500 can further include processing unit 504, be configured in response to above-mentioned Legitimacy determination unit 503 determines that the addition of digital certificate is illegal, perform addition to digital certificate prevention operation and/or Warning operation;Or determine that the addition of digital certificate is legal in response to above-mentioned legitimacy determination unit 503, perform digital certificate Addition operation.
It will be understood by those skilled in the art that above-mentioned check device 500 further includes some other known features, such as handle Device, memory etc., in order to unnecessarily obscure embodiment of the disclosure, these well known structures are not shown in Figure 5.
Below with reference to Fig. 6, it illustrates suitable for being used for realizing the computer of the terminal device of the embodiment of the present application or host The structure diagram of system 600.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in Program in memory (ROM) 602 or be loaded into program in random access storage device (RAM) 606 from storage part 608 and Perform various appropriate actions and processing.In RAM 606, also it is stored with system 600 and operates required various programs and data. CPU 601, ROM 602 and RAM 606 are connected with each other by bus 606.Input/output (I/O) interface 606 is also connected to always Line 606.
I/O interfaces 606 are connected to lower component:Importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and loud speaker etc.;Storage part 608 including hard disk etc.; And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because The network of spy's net performs communication process.Driver 610 is also according to needing to be connected to I/O interfaces 606.Detachable media 611, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on driver 610, as needed in order to read from it Computer program be mounted into as needed storage part 608.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description Software program.For example, embodiment of the disclosure includes a kind of computer program product, it is machine readable including being tangibly embodied in Computer program on medium, the computer program are included for the program code of the method shown in execution flow chart.At this In the embodiment of sample, which can be downloaded and installed from network by communications portion 609 and/or from removable Medium 611 is unloaded to be mounted.
Flow chart and block diagram in attached drawing, it is illustrated that according to the system of the various embodiments of the application, method and computer journey Architectural framework in the cards, function and the operation of sequence product.In this regard, each box in flow chart or block diagram can generation The part of one module of table, program segment or code, a part for the module, program segment or code include one or more The executable instruction of logic function as defined in being used to implement.It should also be noted that some as replace realization in, institute in box The function of mark can also be occurred with being different from the order marked in attached drawing.For example, two boxes succeedingly represented are actual On can perform substantially in parallel, they can also be performed in the opposite order sometimes, this is depending on involved function.Also It is noted that the combination of each box in block diagram and/or flow chart and the box in block diagram and/or flow chart, Ke Yiyong The dedicated hardware based systems of functions or operations as defined in execution is realized or can referred to specialized hardware and computer The combination of order is realized.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard The mode of part is realized.Described unit can also be set in the processor, for example, can be described as:A kind of processor bag Include acquiring unit, condition determining unit and legitimacy determination unit.Wherein, the title of these units not structure under certain conditions The paired restriction of the unit in itself, for example, acquiring unit is also described as " for obtaining the addition request of digital certificate Unit ".
As on the other hand, present invention also provides a kind of computer readable storage medium, the computer-readable storage mediums Matter can be computer readable storage medium included in device described in above-described embodiment;Can also be individualism, not The computer readable storage medium being fitted into terminal.There are one the computer-readable recording medium storages or more than one Program, described program are used for performing the addition for the digital certificate for being described in the application by one or more than one processor Inspection method.
The preferred embodiment and the explanation to institute's application technology principle that above description is only the application.People in the art Member should be appreciated that invention scope involved in the application, however it is not limited to the technology that the particular combination of above-mentioned technical characteristic forms Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature The other technical solutions for being combined and being formed.Such as features described above has similar work(with (but not limited to) disclosed herein The technical solution that the technical characteristic of energy is replaced mutually and formed.

Claims (12)

1. a kind of inspection method of the addition of digital certificate, which is characterized in that the described method includes:
Obtain the addition request of digital certificate;
Based on the addition request, it is determined whether meet predetermined condition, wherein the predetermined condition is including at least one of following:Institute The title for stating the initiation object of addition request is for the title of key, the object of digital certificate management in operating system;It creates The process of the initiation object of the addition request is to be used to manage the system service process of key, digital certificate in operating system; The digital certificate service normal operation of the system service process trustship;It is used to add connecing for digital certificate in the addition request Mouth identifier is the interface identifier that digital certificate management is used in operating system;It is used to add digital card in the addition request The function code of book meets corresponding function code in operating system;
Situation is met based on the predetermined condition, determines whether the addition of the digital certificate is legal.
2. inspection method according to claim 1, which is characterized in that it is described based on the predetermined condition to meet situation true The addition of the fixed digital certificate it is whether legal including:
When any one of described predetermined condition is unsatisfactory for, determine that the addition of the digital certificate is illegal.
3. inspection method according to claim 2, which is characterized in that the method further includes:
Addition in response to determining the digital certificate is illegal, performs the prevention operation and/or police of the addition to digital certificate Accuse operation.
4. inspection method according to claim 1, which is characterized in that it is described based on the predetermined condition to meet situation true The addition of the fixed digital certificate it is whether legal including:
When whole items in the predetermined condition all meet, determine that the addition of the digital certificate is legal.
5. inspection method according to claim 4, which is characterized in that the method further includes:
Addition in response to determining the digital certificate is legal, performs the addition operation of digital certificate.
6. inspection method according to claim 1, which is characterized in that the addition request for obtaining digital certificate includes:
It is asked by hook operation to obtain the addition of digital certificate.
7. a kind of check device of the addition of digital certificate, which is characterized in that the check device includes:
Acquiring unit is configured to obtain the addition request of digital certificate;
Condition determining unit is configured to ask based on the addition, it is determined whether meet predetermined condition, wherein the predetermined item Part includes at least one of following:The title of the initiation object of the addition request is for key, digital certificate in operating system The title of the object of management;The process for creating the initiation object of the addition request is to be used to manage key, number in operating system The system service process of word certificate;The digital certificate service normal operation of the system service process trustship;The addition request In for the interface identifier of adding digital certificate be that the interface identifier of digital certificate management is used in operating system;It is described to add Add in request and meet corresponding function code in operating system for adding the function code of digital certificate;
Legitimacy determination unit is configured to meet situation based on the predetermined condition, determines the addition of the digital certificate It is whether legal.
8. check device according to claim 7, which is characterized in that the legitimacy determination unit further configures use In:
When any one of described predetermined condition is unsatisfactory for, it is determined that the addition of the digital certificate is illegal.
9. check device according to claim 8, which is characterized in that the check device further includes:
Processing unit is configured to determine that the addition of the digital certificate is illegal in response to the legitimacy determination unit, hold The prevention of the addition of digital certificate is operated row and/or warning operates.
10. check device according to claim 7, which is characterized in that the legitimacy determination unit further configures use In:
When whole items in the predetermined condition all meet, determine that the addition of the digital certificate is legal.
11. check device according to claim 10, which is characterized in that the check device further includes:
Processing unit is configured to determine that the addition of the digital certificate is legal in response to the legitimacy determination unit, performs The addition operation of digital certificate.
12. check device according to claim 7, which is characterized in that the acquiring unit is further configured to:
It is asked by hook operation to obtain the addition of digital certificate.
CN201510250479.9A 2015-05-15 2015-05-15 The inspection method and check device of the addition of digital certificate Active CN104836671B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510250479.9A CN104836671B (en) 2015-05-15 2015-05-15 The inspection method and check device of the addition of digital certificate
PCT/CN2015/090708 WO2016184000A1 (en) 2015-05-15 2015-09-25 Method and device for checking addition of digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510250479.9A CN104836671B (en) 2015-05-15 2015-05-15 The inspection method and check device of the addition of digital certificate

Publications (2)

Publication Number Publication Date
CN104836671A CN104836671A (en) 2015-08-12
CN104836671B true CN104836671B (en) 2018-05-22

Family

ID=53814327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510250479.9A Active CN104836671B (en) 2015-05-15 2015-05-15 The inspection method and check device of the addition of digital certificate

Country Status (2)

Country Link
CN (1) CN104836671B (en)
WO (1) WO2016184000A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836671B (en) * 2015-05-15 2018-05-22 安一恒通(北京)科技有限公司 The inspection method and check device of the addition of digital certificate

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136743A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Digital certificate updating method and system
CN101521883A (en) * 2009-03-23 2009-09-02 中兴通讯股份有限公司 Method and system for renewing and using digital certificate
CN101741848A (en) * 2009-12-22 2010-06-16 北京九恒星科技股份有限公司 Method and system for binding digital certificate of system users and digital certificate authentication center
CN102201919A (en) * 2011-06-17 2011-09-28 刘明晶 System and method for realizing real-name information transmission of mobile terminal based on digital certificate
CN103346916A (en) * 2013-07-05 2013-10-09 上海斐讯数据通信技术有限公司 Management method for network equipment digital certificate

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7107248B1 (en) * 2000-09-11 2006-09-12 Nokia Corporation System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure
JP2006246272A (en) * 2005-03-07 2006-09-14 Fuji Xerox Co Ltd Certificate acquisition system
CN101009014A (en) * 2007-01-24 2007-08-01 华中科技大学 Secure anti-counterfeiting method and system thereof
CN101867929B (en) * 2010-05-25 2013-03-13 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
CN101977193B (en) * 2010-10-28 2013-11-13 飞天诚信科技股份有限公司 Method and system for safely downloading certificate
CN102469092B (en) * 2010-11-18 2016-04-06 卓望数码技术(深圳)有限公司 A kind of method and system realizing the safety protecting mechanism of mobile phone application
US8959337B2 (en) * 2012-06-25 2015-02-17 International Business Machines Corporation Digital certificate issuer-correlated digital signature verification
CN104836671B (en) * 2015-05-15 2018-05-22 安一恒通(北京)科技有限公司 The inspection method and check device of the addition of digital certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136743A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Digital certificate updating method and system
CN101521883A (en) * 2009-03-23 2009-09-02 中兴通讯股份有限公司 Method and system for renewing and using digital certificate
CN101741848A (en) * 2009-12-22 2010-06-16 北京九恒星科技股份有限公司 Method and system for binding digital certificate of system users and digital certificate authentication center
CN102201919A (en) * 2011-06-17 2011-09-28 刘明晶 System and method for realizing real-name information transmission of mobile terminal based on digital certificate
CN103346916A (en) * 2013-07-05 2013-10-09 上海斐讯数据通信技术有限公司 Management method for network equipment digital certificate

Also Published As

Publication number Publication date
WO2016184000A1 (en) 2016-11-24
CN104836671A (en) 2015-08-12

Similar Documents

Publication Publication Date Title
AU2015267387B2 (en) Method and apparatus for automating the building of threat models for the public cloud
US11507683B2 (en) Query processing with adaptive risk decisioning
CN107704765A (en) A kind of interface access method, server and computer-readable recording medium
US20150347773A1 (en) Method and system for implementing data security policies using database classification
US9485244B2 (en) Executing an operation over file repositories located in different authentication domains using a representational state transfer (REST)-compliant client
CN105205174B (en) Document handling method and device for distributed system
CN108694238A (en) Business data processing method, device based on block chain and storage medium
US8660833B2 (en) Method, computer program product and apparatus for providing an interactive network simulator
CN107636603A (en) Location-based device availability
CN107948131A (en) User is set to sign in the method, system and equipment of browser
CN105095764B (en) The checking and killing method and device of virus
CN107342966B (en) Authority credentials distribution method and device
CN110188121B (en) Service data monitoring method, device, computer equipment and storage medium
CN109582873A (en) Method and apparatus for pushed information
CN110659206A (en) Simulation architecture establishing method, device, medium and electronic equipment based on microservice
US20160124829A1 (en) Agent dynamic service
CN108093015A (en) Document transmission system
US8990884B2 (en) Quantifying risk based on relationships and applying protections based on business rules
CN108880923A (en) The method and apparatus that policer operation applied to application server is requested
CN104836671B (en) The inspection method and check device of the addition of digital certificate
CN108112268A (en) Management and the relevant load balancer of automatic expanded set
CN107562302A (en) Method and apparatus for operating the file on mobile terminal
CN107301236A (en) Application searches method, mobile terminal, server and computer-readable recording medium
CN111177536A (en) Method and device for transmitting customized information to unregistered user based on device fingerprint and electronic device
CN106575341A (en) Composite document access

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190822

Address after: 100085 Beijing, Haidian District, No. ten on the ground floor, No. 10 Baidu building, layer 2

Patentee after: BEIJING BAIDU NETCOM SCIENCE AND TECHNOLOGY Co.,Ltd.

Address before: 100091 C, block, building No. 4, Zhongguancun Software Park, No. 8, West flourishing West Road, Beijing, China 1-03

Patentee before: Pacify a Heng Tong (Beijing) Science and Technology Ltd.