CN107733881A - Digital authenticating system based on data exchange - Google Patents
Digital authenticating system based on data exchange Download PDFInfo
- Publication number
- CN107733881A CN107733881A CN201710923071.2A CN201710923071A CN107733881A CN 107733881 A CN107733881 A CN 107733881A CN 201710923071 A CN201710923071 A CN 201710923071A CN 107733881 A CN107733881 A CN 107733881A
- Authority
- CN
- China
- Prior art keywords
- equipment
- servers
- server
- data exchange
- service area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Abstract
The application is related to a kind of digital authenticating system based on data exchange, including place of safety equipment, service area equipment, and the network access device of connection place of safety equipment and service area equipment;Network access device includes the second switch of the first interchanger for connecting each place of safety equipment and each service area equipment of connection;Fire wall is provided between first interchanger and second switch;Place of safety equipment includes CA equipment and KM equipment;CA equipment and KM equipment are in communication with each other connection, and are respectively connecting to the first interchanger;Service area equipment includes RA equipment, and LDAP equipment, OCSP equipment and the credential media equipment being connected with RA equipment communications;RA equipment, LDAP equipment, OCSP equipment and credential media equipment are respectively connecting to second switch;Wherein, CA equipment realizes the digital certificate authentication for including SM2 algorithms;KM equipment realizes the key management for including SM2 algorithms.The digital authenticating system based on data exchange can improve the security of system.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of digital authenticating system based on data exchange.
Background technology
As digital authenticating system of the development of information technology based on data exchange is particularly important, such as PKI/CA numerals
Verification System system.PKI (Public Key Infrastructure) refers to PKIX, CA (Certificate
Authority authentication center) is referred to.PKI technically solves a variety of obstacles of Network Communicate Security, and CA is from operation, pipe
Multiple angles such as reason, specification, law, personnel solve the problems, such as network trust.Thus, people are referred to as " PKI/CA ".
Traditional PKI/CA digital certificate systems are mainly made up of end user, authentication center and registration body, and tradition
PKI/CA digit integers carry out digital certificate authentication using the public key algorithm based on international standard RSA, and its security needs
Further improve.Therefore, the security of traditional digital authenticating system based on data exchange needs further to be improved.
The content of the invention
Based on this, it is necessary to for the safety issue of the digital authenticating system based on data exchange, propose that one kind can carry
The digital authenticating system based on data exchange of high security.
A kind of digital authenticating system based on data exchange, including place of safety equipment, service area equipment, and described in connection
The network access device of place of safety equipment and the service area equipment;
The network access device includes the first interchanger for connecting each place of safety equipment and each service of connection
The second switch of area's equipment;Fire wall is provided between first interchanger and the second switch;
The place of safety equipment includes CA equipment and KM equipment;The CA equipment and the KM equipment are in communication with each other connection,
And it is respectively connecting to first interchanger;
The service area equipment includes RA equipment, and LDAP equipment, the OCSP equipment being connected with the RA equipment communications
And credential media equipment;The RA equipment, the LDAP equipment, the OCSP equipment and the credential media equipment connect respectively
To the second switch;
Wherein, the CA equipment realizes the digital certificate authentication for including SM2 algorithms;The KM equipment, which is realized, includes SM2 calculations
The key management of method.
In a wherein embodiment, the CA equipment includes CA servers and the CA being connected with the CA server communications is whole
End;And/or the KM equipment includes KM servers and the KM terminals being connected with the KM server communications;And/or the RA
Equipment includes RA servers and the RA terminals being connected with the RA server communications.
In a wherein embodiment, the CA equipment also includes the CA encryption equipments being connected with the CA servers;And/or
The KM equipment also includes the KM encryption equipments being connected with the KM servers;And/or the RA equipment also includes taking with the RA
The RA encryption equipments of business device connection.
In a wherein embodiment, the CA equipment also includes ldap server, and the ldap server takes with the CA
Business device communication connection.
In a wherein embodiment, the CA equipment also includes the CA database services being connected with the CA server communications
Device;And/or the KM equipment also KM database servers including being connected with the KM servers;And/or the RA equipment
Also include the RA database servers being connected with the RA servers.
In a wherein embodiment, the CA equipment also includes the CA data backups being connected with the CA database servers
Device;And/or the KM equipment also KM data backup devices including being connected with the KM database servers;And/or institute
State the RA data backup devices that RA equipment also includes being connected with the RA database servers.
In a wherein embodiment, the service area equipment also includes the unified login clothes being connected with the RA equipment communications
Business device;The unified login server is additionally coupled to the second switch.
In a wherein embodiment, the service area equipment also includes service application service device, the service application service
Device is connected with the unified login server communication.
In a wherein embodiment, the credential media equipment safeguards server, credential media management including credential media
Server and certificate Self-Service device.
In a wherein embodiment, the place of safety equipment, the service area equipment and and the network access device it is equal
It is arranged in private network.
Based on this, the digital authenticating system based on data exchange can be realized, simultaneously because place of safety equipment and service area
Equipment is provided separately by network access device, and the network access device includes connecting the first of each place of safety equipment
The second switch of interchanger and each service area equipment of connection, sets between first interchanger and the second switch
It is equipped with fire wall;Simultaneously because CA equipment realizes the digital certificate authentication for including SM2 algorithms, the KM equipment, which is realized, includes SM2
The key management of algorithm, and SM2 is a kind of domestic key algorithm, therefore the digital authenticating system based on data exchange can be improved
Security..
Brief description of the drawings
Fig. 1 is the structural representation of the digital authenticating system based on data exchange in an embodiment;
Fig. 2 is the structural representation of the digital authenticating system based on data exchange in another embodiment;
Fig. 3 be a specific embodiment in the digital authenticating system based on data exchange deployment diagram.
Embodiment
In order that the object, technical solution and advantage of the application are more clearly understood, it is right below in conjunction with drawings and Examples
The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, and
It is not used in restriction the application.
As shown in figure 1, in one embodiment, there is provided a kind of digital authenticating system based on data exchange, including peace
Whole district's equipment 100, service area equipment 200, and connect the network of the place of safety equipment 100 and the service area equipment 200
Connect equipment 300.Place of safety equipment 100 is the equipment being arranged in place of safety, and service area equipment 200 is to be arranged in service area
Equipment, place of safety and service area are set by network connection keeps apart.
The network access device 300 includes the first interchanger 310 for connecting each place of safety equipment 100 and connection is each
The second switch 320 of the service area equipment 200;Set between first interchanger 310 and the second switch 320
There is fire wall.In this way, by the first interchanger 310 and second switch 320 by place of safety equipment 100 and service area equipment 200
Keep apart, improve security.
The place of safety equipment 100 includes CA equipment 110 and KM equipment 130;The CA equipment 110 and the KM equipment
130 are in communication with each other connection, and are respectively connecting to first interchanger 310.The CA equipment 110, which is realized, includes SM2 algorithms (one
Kind domestic cryptographic algorithm) digital certificate authentication.The KM equipment 130, which is realized, includes the key management based on SM2 algorithms.Its
In, KM is Key Management abbreviation, represents key management.
The service area equipment 200 includes RA equipment 210, and the LDAP equipment with the RA equipment 210 communication connection
230th, OCSP equipment 250 and credential media equipment 270;The RA equipment 210, the LDAP equipment 230, the OCSP equipment
250 and the credential media equipment 270 be respectively connecting to the second switch 320.So as to which service area equipment 200 can pass through
The interchanger 310 of second switch 320 and first communicates to connect with place of safety equipment 100.RA equipment 210 realizes that certificate registration is examined
Batch.LDAP equipment 230 realizes ldap protocol, is Lightweight Directory Access Protocol abbreviation, is one
The relatively simple agreement of kind, it is used to updating and searching for the catalogue based on TCP/IP operations, so that LDAP equipment 230 exists
Certificate issue, inquiry, download service are may be used as in PKI/CA Verification Systems.OCSP equipment 250 realizes OCSP (Online
Certificate Status Protocol, online certificate status vlan query protocol VLAN) so that OCSP equipment 250 is used to realize
Online certificate status query function, to meet the requirement of certificate real-time verification.Credential media equipment 270 is realized to credential media
Management, maintenance and Self-Service;Credential media can be U-shield.
Data exchange is based in this way, being realized by place of safety equipment 100, service area equipment 200 and network access device 300
Digital authenticating system.Because place of safety equipment 100 is provided separately with service area equipment 200 by network access device 300, and
The network access device 300 includes the first interchanger 310 for connecting each place of safety equipment 100 and each service of connection
The second switch 320 of area's equipment 200, fire prevention is provided between first interchanger 310 and the second switch 320
Wall;Simultaneously because CA equipment realizes the digital certificate authentication for including SM2 algorithms, the KM equipment, which is realized, includes the close of SM2 algorithms
Key management, and SM2 is a kind of domestic key algorithm, therefore the safety of the digital authenticating system based on data exchange can be improved
Property.
In a wherein specific embodiment, it is cost-effective, LDAP equipment 230, OCSP equipment 250 can be arranged on
On one server apparatus, such as LDAP-OSCP servers (see Fig. 2).
Referring to Fig. 2, in a wherein embodiment, the CA equipment 110 includes CA servers 111 and serviced with the CA
The CA terminals 113 that device 111 communicates to connect;And/or the KM equipment 130 include KM servers 131 and with the KM servers
The KM terminals 133 of 131 communication connections;And/or the RA equipment 210 include RA servers 211 and with the RA servers 211
The RA terminals 213 of communication connection.
CA systems are configured with CA servers 111.CA terminals 113 communicate to connect with the CA servers 111, so as to
Application request, and feedback result are sent to CA servers 111.In a wherein specific embodiment, CA systems use double certificate
(encrypted certificate and signing certificate) and double center (Certificate Authority and KMC) structures;Flexible technology hand is provided
Section realizes self-defined certificate template and certificate extensions;There is provided and receive what batch application, batch making certificate and batch were issued licence
Function;CA supports cross-certification;Possess certificate request, Certification Audit, certificates constructing, certificate issuance, certificate issue, certificate removes
The basic certificate management work(such as pin, certificate hang-up, certificate update, certificate calcellation, log management, security audit, system security management
Can, while a variety of visualization statistical report forms are provided, list statistical report form type and quantity;Online and offline two kinds of certificate pipes are provided
Reason mode;Realize that CRL (certificate revocation list) is downloaded and more new demand servicing, there is provided certificate revocation list renewal frequency can be voluntarily set
With the administration interface of the term of validity, distributed point technology is supported in the issue of certificate revocation list;Periodically filing and self-defined filing are provided
Two kinds of certificate archiving methods;With the management function to multiple RA Certification Audits mechanisms;Log management function is provided, specifically included
System operation daily record, system administration daily record, account's daily record, certificate daily record and certificate revocation list daily record.For Event origin and
Producer should also provide detailed record;Audit operations and other business will realize strict decentralized management in CA systems, industry of auditing
The keeper and other service management persons of business are served as by different personnel respectively, and the generation process of two keepers is separate;
CRL issue can support two kinds of issue forms of WEB, LDAP.Certificate is to carry out the related hair of tissue with certificate DN (certificate domain name)
Cloth node, CRL issues are to use the form of distributed point to save the response time of inquiry.
KM systems are configured with KM servers 131.KM terminals 133 communicate to connect with the KM servers 131, so as to
Application request, and feedback result are sent to KM servers 131.In a wherein specific embodiment, KM systems support RSA simultaneously
A kind of (public key algorithm) and two kinds of user key management functions of SM2;The generation of user key, distribution, backup, more are provided
Newly, the function such as recovery, filing, inquiry, destruction;Key escrow service is provided, to the encryption key of user to being backed up and being managed
Reason, and the recovery function of user key is provided;It is strict to having into the relevant operating personnel in key management and associative operation
Authentication and mechanism of authorization control;The run case record of each functional module, server status record, the important plan of system
Slightly, cipher key operation record, operating personnel's information have corresponding Audit Mechanism;Support to provide service, Ke Yitong to multiple CA systems
Cross the management for implementing flexible empowerment management realization to each CA systems to each CA system services;The convenient administration of justice is supported to take
Card, certificate and private key can be written to by way of CSP or PKCS#11 in USB-KEY (U-shield) during evidence obtaining;Support pre- production
Raw cipher key function, it can be produced by setting strategy timing, can also support to produce manually.
RA systems are configured with RA servers 211.RA terminals 213 communicate to connect with the RA servers 211, so as to
Application request, and feedback result are sent to RA servers 213.In a wherein specific embodiment, RA systems possess multistage power
Limit management function;The examination & verification of certificate is supported, supports automatic, manual both of which;Support batch application, batch accreditation;Card is provided
The functions such as book application, calcellation, renewal, inquiry and download;Support RA system journals inquiry, analysis, audit;Certificate issued number is provided
The function such as amount and situation statistics;Statistical management can be distinguished to multiple RA systems of access;Support is independently disposed and is embedded into application
Two kinds of deployment way in system.
It should be noted that CA terminals 113 and/or KM terminals 133 and/or RA terminals 213 may be configured as same station terminal
Equipment.In this way, CA services, KM services and RA services can be applied in a station terminal equipment, it is only necessary to set in corresponding terminal
The standby upper corresponding client application of configuration.
Please continue to refer to Fig. 3, in order to further improve security performance, the CA equipment 110 also includes servicing with the CA
The CA encryption equipments 115 that device 111 connects;And/or the KM that the KM equipment 130 also includes being connected with the KM servers 131 is encrypted
Machine 135;And/or the RA equipment 210 also RA encryption equipments 215 including being connected with the RA servers 211.CA encryption equipments 115
For carrying out encryption and decryption processing to the communication data of CA servers 111.KM encryption equipments 135 are used for the communication to KM servers 131
Data carry out encryption and decryption processing.RA encryption equipments 215 are used to carry out encryption and decryption processing to the communication data of RA servers 211.Wherein,
The data that communication data interacts for needs with miscellaneous equipment.
In a wherein embodiment, the CA equipment 110 also includes ldap server 117, the ldap server 117 with
The CA servers 111 communicate to connect.Ldap server 117 realizes ldap protocol, so as to provide LDAP clothes for CA servers 111
Business.Further, in this embodiment, LDAP equipment 230 can realize that LDAP is assisted by calling ldap server 117
View.
In a wherein embodiment, the CA equipment 110 also includes the CA data with the CA servers 111 communication connection
Storehouse server 119;And/or the KM equipment 130 also KM database servers including being connected with the KM servers 131
139;And/or the RA equipment 210 also RA database servers 219 including being connected with the RA servers 211.Wherein, CA
Database server 119 is that CA servers 111 provide database service.KM database servers 139 are that KM servers 131 provide
Database service.RA database servers 219 are that RA servers 211 provide database service.
In order to further improve security, the CA equipment 110 also includes what is be connected with the CA database servers 119
CA data backup devices 118;And/or the KM equipment 130 also KM numbers including being connected with the KM database servers 139
According to back-up device 138;And/or the RA data that the RA equipment 210 also includes being connected with the RA database servers 219 are standby
Part device 218.CA data backup devices 118 and/or KM data backup devices 138 and/or RA data backup devices 218 can be
Magnetic tape station.In a wherein specific embodiment, cost-effective while in order to improve security, the CA equipment 110 is also wrapped
Include the CA data backup devices 118 being connected with the CA database servers 119;The RA equipment 210 also includes and the RA
The RA data backup devices 218 that database server 219 connects.Now, the KM equipment 130 does not include and the KM data
The KM data backup devices 138 that storehouse server 139 connects.
Fig. 2 is please referred to, in a wherein specific embodiment, KM servers 131 and the device of KM database services 139 can be with
It is arranged on same server apparatus;CA servers 111, CA database servers 119 and ldap server 117 can be set
In on same server apparatus;RA servers 211 and RA database servers 219 can be arranged at same server apparatus
On.
In order to improve the convenience of system, the service area equipment 200 also includes and the RA equipment 210 communication connection
Unified login server 216;The unified login server 216 is additionally coupled to the second switch 320.So so that system
One login service device 216 and RA equipment 110 and KM equipment 130 communicate to connect, so as to when needing to carry out multiple certification, pass through system
One login service device 216 and the communication connection of RA equipment 210, RA equipment 110 and KM equipment 130, carry out multiple certification, and with
Family aspect need to only carry out once certification, improve the convenience of system.
In order to further improve the convenience of system, the service area equipment 200 also includes service application service device 214,
The service application service device 214 communicates to connect with the unified login server 216.In this way, for a user can be only
By once logging in, and each service application service device 214 is accessed, repeatedly log in and verify without carrying out, improve system
Convenience.
In a wherein embodiment, the credential media equipment 270 safeguards that server 271, certificate are situated between including credential media
Matter management server 273 and certificate Self-Service device 275.
Credential media safeguards that server 271 realizes the maintenance to credential media.The realization pair of credential media management server 273
The management of credential media.Certificate Self-Service device 275 realizes the Self-Service to credential media.
In a wherein specific embodiment, credential media safeguards that the concrete function that server 271 is realized includes:There is provided automatic
Whether normal detect the running environment of client certificate medium, then provide the function of prompting if you have questions;Company is provided for client
Server download component is connect, the function of being repaired to credential media running environment;It is automatic that linked server is provided for client
More newer driver function;And the binding to credential media and E-seal is managed.Credential media management server 273
The concrete function of realization includes:Credential media stock management, e.g., USB-KEY need registration storage to be had after being purchased
Effect management, realize USB-KEY stock managements, inventory statistics storehouse amount etc.;Credential media condition managing, such as support to enter USB-KEY
Row condition managing, state include issued, do not issued, having lost, having reclaimed, other etc. five state grades, keeper can be according to number
The state of word certificate carries out manual modification, can check each USB-KEY state;Issuing digital certificate and credential media
Binding, the sequence number for having provided and not provided USB-KEY is counted, and unification is put in storage to digital certificate store medium management
In system;Credential media loses and break treat with, right among the system such as when user's leaving office or key damage, loss
USB-KEY is identified;Credential media is counted, and such as situations such as USB-KEY storages, USB-KEY distribution, USB-KEY damages is entered
Capable year, season, designated period of time are counted, and support the display forms such as master data, block diagram, cake chart;USB-KEY
Stock's early warning, such as to being alarmed during the specified early warning value of the surplus of USB-KEY stocks deficiency.The tool of certificate Self-Service device 275
Body function includes:Integrate the self-service renewal of the original certificate of client and remote de-locking function.
In a wherein embodiment, the digital authenticating system operation based on data exchange is in private network, i.e., place of safety is set
Standby 100, service area equipment 200 and network access device 300 be may be contained within private network, namely place of safety and service area are respectively provided with
In in private network, so as to further improve security.The private network is that some department needs to build for particular job of our unit
Vertical network, this network do not provide service to the people beyond our unit.For example, the system such as army, railway, electric power has and is
The private network of system.
Each technical characteristic of above example can be combined arbitrarily, to make description succinct, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, lance is not present in the combination of these technical characteristics
Shield, all it is considered to be the scope of this specification record.
Embodiment described above only expresses the several embodiments of the application, and its description is more specific and detailed, but simultaneously
Therefore the limitation to the application the scope of the claims can not be interpreted as.It should be pointed out that for one of ordinary skill in the art
For, on the premise of the application design is not departed from, various modifications and improvements can be made, these belong to the guarantor of the application
Protect scope.Therefore, the protection domain of the application patent should be determined by the appended claims.
Claims (10)
1. a kind of digital authenticating system based on data exchange, including place of safety equipment, service area equipment, and the connection peace
The network access device of whole district's equipment and the service area equipment;
The network access device includes the first interchanger for connecting each place of safety equipment and each service area of connection is set
Standby second switch;Fire wall is provided between first interchanger and the second switch;
The place of safety equipment includes CA equipment and KM equipment;The CA equipment and the KM equipment are in communication with each other connection, and divide
First interchanger is not connected to;
The service area equipment includes RA equipment, and LDAP equipment, OCSP equipment and the card being connected with the RA equipment communications
Book medium apparatus;The RA equipment, the LDAP equipment, the OCSP equipment and the credential media equipment are respectively connecting to institute
State second switch;
Wherein, the CA equipment realizes the digital certificate authentication for including SM2 algorithms;The KM equipment, which is realized, includes SM2 algorithms
Key management.
2. the digital authenticating system according to claim 1 based on data exchange, it is characterised in that the CA equipment includes
CA servers and the CA terminals being connected with the CA server communications;And/or the KM equipment include KM servers and with it is described
The KM terminals of KM server communications connection;And/or the RA equipment includes RA servers and is connected with the RA server communications
RA terminals.
3. the digital authenticating system according to claim 2 based on data exchange, it is characterised in that the CA equipment is also wrapped
Include the CA encryption equipments being connected with the CA servers;And/or the KM that the KM equipment also includes being connected with the KM servers adds
Close machine;And/or the RA equipment also RA encryption equipments including being connected with the RA servers.
4. the digital authenticating system according to claim 2 based on data exchange, it is characterised in that the CA equipment is also wrapped
Ldap server is included, the ldap server is connected with the CA server communications.
5. the digital authenticating system according to claim 2 based on data exchange, it is characterised in that the CA equipment is also wrapped
Include the CA database servers being connected with the CA server communications;And/or the KM equipment also includes and the KM servers
The KM database servers of connection;And/or the RA equipment also RA database services including being connected with the RA servers
Device.
6. the digital authenticating system according to claim 5 based on data exchange, it is characterised in that the CA equipment is also wrapped
Include the CA data backup devices being connected with the CA database servers;And/or the KM equipment also includes and the KM data
The KM data backup devices of storehouse server connection;And/or the RA equipment also includes what is be connected with the RA database servers
RA data backup devices.
7. the digital authenticating system according to claim 1 based on data exchange, it is characterised in that the service area equipment
Also include the unified login server being connected with the RA equipment communications;The unified login server is additionally coupled to described second
Interchanger.
8. the digital authenticating system according to claim 7 based on data exchange, it is characterised in that the service area equipment
Also include service application service device, the service application service device is connected with the unified login server communication.
9. the digital authenticating system according to claim 1 based on data exchange, it is characterised in that the credential media is set
It is standby to safeguard server, credential media management server and certificate Self-Service device including credential media.
10. the digital authenticating system based on data exchange according to claim 1-9 any one, it is characterised in that institute
State place of safety equipment, the service area equipment and and the network access device may be contained within private network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710923071.2A CN107733881A (en) | 2017-09-30 | 2017-09-30 | Digital authenticating system based on data exchange |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710923071.2A CN107733881A (en) | 2017-09-30 | 2017-09-30 | Digital authenticating system based on data exchange |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107733881A true CN107733881A (en) | 2018-02-23 |
Family
ID=61209691
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710923071.2A Pending CN107733881A (en) | 2017-09-30 | 2017-09-30 | Digital authenticating system based on data exchange |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107733881A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110287252A (en) * | 2019-06-27 | 2019-09-27 | 南方电网科学研究院有限责任公司 | A kind of data safety guard system |
CN112685717A (en) * | 2020-12-29 | 2021-04-20 | 山东钢铁集团日照有限公司 | Metering electronic certificate verification management system based on block chain |
CN117061251A (en) * | 2023-10-12 | 2023-11-14 | 兴原认证中心有限公司 | PKI certificate suspension revocation method and system for authentication platform |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
CN103036682A (en) * | 2012-12-19 | 2013-04-10 | 国网信息通信有限公司 | Digital certificate system supporting SM2 algorithm |
CN104052597A (en) * | 2013-03-11 | 2014-09-17 | 江苏国盾科技实业有限责任公司 | Certificate issuing system based on SM2 algorithm |
US9055056B2 (en) * | 2013-08-14 | 2015-06-09 | Red Hat, Inc. | Managing digital content entitlements |
CN105450639A (en) * | 2015-11-11 | 2016-03-30 | 国家电网公司 | Digital certificate authentication platform for power grid system |
US20160337131A1 (en) * | 2015-05-15 | 2016-11-17 | Verizon Patent And Licensing Inc. | Biometric pki authentication |
-
2017
- 2017-09-30 CN CN201710923071.2A patent/CN107733881A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
CN103036682A (en) * | 2012-12-19 | 2013-04-10 | 国网信息通信有限公司 | Digital certificate system supporting SM2 algorithm |
CN104052597A (en) * | 2013-03-11 | 2014-09-17 | 江苏国盾科技实业有限责任公司 | Certificate issuing system based on SM2 algorithm |
US9055056B2 (en) * | 2013-08-14 | 2015-06-09 | Red Hat, Inc. | Managing digital content entitlements |
US20160337131A1 (en) * | 2015-05-15 | 2016-11-17 | Verizon Patent And Licensing Inc. | Biometric pki authentication |
CN105450639A (en) * | 2015-11-11 | 2016-03-30 | 国家电网公司 | Digital certificate authentication platform for power grid system |
Non-Patent Citations (2)
Title |
---|
姚一兆: "数字证书认证系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑(月刊 )》 * |
曾一: "《大学计算机基础》", 30 September 2015, 北京:中国铁道出版社 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110287252A (en) * | 2019-06-27 | 2019-09-27 | 南方电网科学研究院有限责任公司 | A kind of data safety guard system |
CN112685717A (en) * | 2020-12-29 | 2021-04-20 | 山东钢铁集团日照有限公司 | Metering electronic certificate verification management system based on block chain |
CN117061251A (en) * | 2023-10-12 | 2023-11-14 | 兴原认证中心有限公司 | PKI certificate suspension revocation method and system for authentication platform |
CN117061251B (en) * | 2023-10-12 | 2024-01-30 | 兴原认证中心有限公司 | PKI certificate suspension revocation method and system for authentication platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109377198B (en) | Signing system based on multi-party consensus of alliance chain | |
CN112311530B (en) | Block chain-based alliance trust distributed identity certificate management authentication method | |
JP2022504420A (en) | Digital certificate issuance methods, digital certificate issuance centers, storage media and computer programs | |
US7770212B2 (en) | System and method for privilege delegation and control | |
CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
Won et al. | Decentralized public key infrastructure for internet-of-things | |
CN103490881B (en) | Authentication service system, user authentication method, and authentication information processing method and system | |
CN107273760A (en) | One kind is based on many CA application authentication methods of block chain | |
EP1994712A1 (en) | Access control protocol for embedded devices | |
CN110138560A (en) | A kind of dual-proxy cross-domain authentication method based on id password and alliance's chain | |
CN112199726A (en) | Block chain-based alliance trust distributed identity authentication method and system | |
CN102420690A (en) | Fusion and authentication method and system of identity and authority in industrial control system | |
CN111049835B (en) | Unified identity management system of distributed public certificate service network | |
CN111262692A (en) | Key distribution system and method based on block chain | |
CN107534645A (en) | Main frame authentication storage | |
US20070186097A1 (en) | Sending of public keys by mobile terminals | |
CN107733881A (en) | Digital authenticating system based on data exchange | |
CN114866346B (en) | Password service platform based on decentralization | |
CN101345723B (en) | Management authentication method and system of client gateway | |
WO2023009230A1 (en) | Security device and methods for end-to-end verifiable elections | |
CN116388986B (en) | Certificate authentication system and method based on post quantum signature | |
CN113656839A (en) | Electronic academic certificate management system based on alliance chain | |
CN207251668U (en) | Digital authenticating system based on data exchange | |
Naedele | An access control protocol for embedded devices | |
JP2001111538A (en) | Communication system, method therefor, communication equipment and ic card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180223 |