CN111614466A - System and method for secure issuance and management of certificates - Google Patents

System and method for secure issuance and management of certificates Download PDF

Info

Publication number
CN111614466A
CN111614466A CN202010240982.7A CN202010240982A CN111614466A CN 111614466 A CN111614466 A CN 111614466A CN 202010240982 A CN202010240982 A CN 202010240982A CN 111614466 A CN111614466 A CN 111614466A
Authority
CN
China
Prior art keywords
certificate
unit
issuing
checking
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010240982.7A
Other languages
Chinese (zh)
Other versions
CN111614466B (en
Inventor
赖育承
吕佳谚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shangcheng Technology Co ltd
Original Assignee
Shangcheng Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shangcheng Technology Co ltd filed Critical Shangcheng Technology Co ltd
Priority to CN202010240982.7A priority Critical patent/CN111614466B/en
Publication of CN111614466A publication Critical patent/CN111614466A/en
Application granted granted Critical
Publication of CN111614466B publication Critical patent/CN111614466B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A system and method for issuing and managing certificate safely, the subsystem of issuing certificate is constructed in the controlled management place, the external part can not access the internal data unless authorized, and the unit of applying for certificate needs to confirm the identity, which increases the safety of applying and issuing certificate. In addition, the certificate issuing subsystem is a device with computing capability, the running speed is high, and the certificate issuing efficiency can be increased. Because the unit applying for the certificate does not need to build a system for signing and issuing the certificate by itself, the certificate can be applied and obtained only by connecting with the certificate signing and issuing subsystem of the invention, and the operation cost of enterprises can be saved.

Description

System and method for secure issuance and management of certificates
Technical Field
The invention belongs to the technical field of certificate application and issuance, and particularly relates to a certificate safety issuing and management system and method.
Background
The existing certificate issuing system is stored in a flash disk (flash disk), and after the flash disk is connected to a device at a manufacturing end, the certificate issuing system in the flash disk issues a certificate. However, the certificate issuing method is stored in the flash disk, and can be carried freely, and there is no facility for protecting internal files, so that there is a great risk that the certificate issuing method is stolen by a third party. In addition, since the certificate issuing system is stored in the flash disk, the execution speed is low. Moreover, the existing certificate issuing system needs to be built by the entity with the certificate requirement, which increases the required cost.
Disclosure of Invention
The invention aims to provide a system and a method for safely issuing and managing a certificate, which can solve the problems of safety, execution speed and construction cost in the prior art.
The technical scheme of the invention is as follows:
a kind of certificate safety issues and the management system, including a certificate demand end, use the asymmetric algorithm to produce a pair of public key and private key, the private key can't be accessed from the outside, need to pass authorizing to access in advance;
a credential attachment subsystem, comprising: a voucher additional unit connected to the voucher request end for adding a voucher to the voucher request end;
a certificate checking unit connected to the certificate attaching unit and having a certificate checking unit identification information;
the first checking unit is connected with the certificate checking unit, has safe computing capability and can be accessed only by being authorized in advance;
and a credential issuance subsystem comprising:
the registration approval unit is connected with the certificate checking unit and is provided with identification information of the registration approval unit;
the certificate issuing unit is connected with the registration approval unit and is provided with certificate issuing unit identification information;
the second checking unit is connected with the registration approval unit and the certificate issuing unit, has safe computing capability and can be accessed only after being authorized in advance;
the certificate additional unit is trusted by the certificate checking unit, the certificate checking unit is trusted by the registration and approval unit, and the registration and approval unit is trusted by the certificate issuing unit.
Furthermore, the first checking unit generates a public and private key pair of the certificate checking unit, applies a certificate checking unit certificate to a common upper-layer certificate issuing unit according to the public and private key pair, and binds the identification information of the certificate checking unit by the certificate checking unit certificate.
Furthermore, the first checking unit is connected with the certificate attaching unit, the certificate attaching unit is provided with certificate attaching unit identification information, the first checking unit generates a certificate attaching unit public and private key pair, a certificate attaching unit certificate is applied to a common upper-layer certificate issuing unit according to the certificate attaching unit identification information, the certificate attaching unit is bound with the certificate attaching unit certificate, and the certificate attaching unit is trusted by the certificate checking unit.
Furthermore, the certificate additional unit is connected with a third checking unit, the certificate additional unit is provided with a certificate additional unit identification information, the third checking unit generates a certificate additional unit public and private key, a certificate additional unit certificate is applied to a common upper layer certificate issuing unit according to the certificate additional unit public and private key, the certificate additional unit certificate is bound with the certificate additional unit identification information, and the certificate additional unit is trusted by the certificate checking unit.
Furthermore, the second checking unit is connected with the registration and approval unit, the registration and approval unit has a registration and approval unit identification information, the second checking unit generates a public and private key pair of the registration and approval unit, a registration and approval unit certificate is applied to a common upper-layer certificate issuing unit according to the public and private key pair, the registration and approval unit identification information is bound by the registration and approval unit certificate, and the certificate checking unit is trusted by the registration and approval unit.
Furthermore, the second checking unit is connected with the certificate issuing unit, the certificate issuing unit is provided with certificate issuing unit identification information, the second checking unit generates a certificate issuing unit public and private key pair, a certificate issuing unit certificate is applied to a common upper layer certificate issuing unit according to the certificate issuing unit public and private key pair, the certificate issuing unit certificate is bound with the certificate issuing unit identification information, and the registration and approval unit is trusted by the certificate issuing unit.
Furthermore, the certificate requiring end generates a pair of public key and private key, and generates a certificate signing and issuing request, and the certificate checking unit can safely obtain the certificate signing and issuing request through the certificate additional unit.
Furthermore, the certificate requiring end generates a pair of public key and private key, the certificate checking unit can safely obtain the public key through the certificate attaching unit, and a certificate issuing request of the certificate requiring end is generated according to the public key.
Furthermore, the certificate checking unit can securely transmit the certificate issuing request to the certificate issuing unit through the registration approval unit.
Furthermore, the certificate issuing unit issues a certificate through the second checking unit, the certificate is transmitted to the certificate additional unit through the registration and approval unit and the certificate checking unit, and the certificate additional unit adds the certificate to the certificate requirement end.
A secure certificate issuing and managing method is characterized by comprising
A certificate demand end generates a pair of public key and private key by using an asymmetric algorithm, and generates a certificate signing request according to the public key and the private key;
a certificate attaching unit for securely obtaining the certificate issuing request from the certificate request terminal;
a certificate checking unit obtains the certificate signing and issuing request from the certificate additional unit safely;
the certificate checking unit securely transmits the certificate issuing request to a registration and approval unit;
the registration and approval unit securely transmits the certificate issuing request to a certificate issuing unit;
the certificate issuing unit issues a certificate aiming at the certificate issuing request by using a private key of the certificate issuing unit stored in a second checking unit;
the certificate issuing unit transmits the certificate to the certificate additional unit safely through the registration approval unit and the certificate checking unit;
and the certificate attaching unit adds the certificate to the certificate requiring end.
A secure issuing and management method for certificate includes
A certificate demand end generates a pair of public key and private key;
a certificate attaching unit for securely obtaining the public key from the certificate request terminal;
a certificate checking unit obtains the public key from the certificate additional unit safely;
the certificate checking unit generates a certificate issuing request of the certificate demand end by using the public key;
the certificate checking unit securely transmits the certificate issuing request to a registration and approval unit;
the registration and approval unit securely transmits the certificate issuing request to a certificate issuing unit;
the certificate issuing unit issues a certificate aiming at the certificate issuing request by using a private key of the certificate issuing unit arranged in the second checking unit;
the certificate issuing unit transmits the certificate to the certificate additional unit safely through the registration approval unit and the certificate checking unit;
and the certificate attaching unit adds the certificate to the certificate requiring end.
The invention adopting the technical scheme can bring the following beneficial effects:
a system and method for issuing and managing certificate safely, the subsystem of issuing certificate is constructed in the controlled management place, the external part can not access the internal data unless authorized, and the unit of applying for certificate needs to confirm the identity, which increases the safety of applying and issuing certificate. In addition, the certificate issuing subsystem is a device with computing capability, the running speed is high, and the certificate issuing efficiency can be increased. Because the unit applying for the certificate does not need to build a system for signing and issuing the certificate by itself, the certificate can be applied and obtained only by connecting with the certificate signing and issuing subsystem of the invention, and the operation cost of enterprises can be saved.
Drawings
FIG. 1 is a block diagram of one embodiment of a secure credential issuance and management system according to the present invention;
FIG. 2 is a block diagram of another embodiment of a secure credential issuance and management system in accordance with the present invention;
FIG. 3 is a diagram illustrating a secure credential issuance and management method according to an embodiment of the present invention;
FIG. 4 is a flow diagram of a secure credential issuance and management method of FIG. 3;
FIG. 5 is a diagram illustrating a secure credential issuance and management method according to another embodiment of the present invention;
FIG. 6 is a flowchart of the secure credential issuance and management method of FIG. 5.
In the figure, 10-a certificate demand end, 20-a certificate addition subsystem, 21-a certificate addition unit, 22-a certificate checking unit, 23-a first checking unit, 24-a third checking unit, 30-a certificate issuing subsystem, 31-a registration and approval unit, 32-a certificate issuing unit, 33-a second checking unit, S101-S112-steps and S201-S213-steps.
Detailed Description
Please refer to fig. 1, which illustrates an embodiment of a secure credential issuance and management system according to the present invention. The system 100 for securely issuing and managing certificates of the present invention comprises a certificate request terminal 10, a certificate addition subsystem 20 and a certificate issuing subsystem 30.
The certificate requirement terminal 10 uses an asymmetric algorithm to generate a pair of public key and private key, and the private key cannot be accessed from the outside and can be accessed only after being authorized in advance. In the embodiment, the private key is stored in a unit with security protection of the credential demander 10, and cannot be read by the outside. The certificate request terminal 10 generates a certificate issue request (CSR) using the public key.
The certificate adding subsystem 20 comprises a certificate adding unit 21, a certificate checking unit 22 and a first checking unit 23; the voucher adding unit 21 is connected to the voucher request terminal 10, and is used for adding a voucher to the voucher request terminal 10. The certificate checking unit 22 is connected to the certificate attaching unit 21 and has a certificate checking unit identification information; the first checking unit 23 is connected to the credential checking unit 22, and has a secure computing capability, and can be accessed only by being authorized in advance. The first checking unit 23 generates a set of public key and private key corresponding to the certificate appending unit 21 and the certificate checking unit 22, respectively. The private keys of the certificate appending unit 21 and the certificate checking unit 22 are stored in the first checking unit 23, and the private keys cannot be accessed from the outside. The public keys of the certificate adding unit 21 and the certificate checking unit 22 are respectively transmitted to the certificate issuing unit of the upper layer to issue the certificate adding unit certificate and the certificate checking unit certificate. The certificate addition unit 21 has certificate addition unit identification information to which the certificate of the certificate addition unit is bound. Similarly, the credential checking unit 22 has credential checking unit identification information to which the credential checking unit credential is bound. The certificate adding unit 21 can identify the identity of the certificate adding unit by binding the certificate adding unit identification information of the certificate adding unit certificate and calculating with the private key stored in the first checking unit 23 when transmitting data. Similarly, the certificate checking unit 22 can identify the identity of the bound certificate checking unit certificate by the certificate checking unit identification information and the private key stored in the first checking unit 23 when transmitting data. Therefore, on the information transmission path, each unit needs to confirm the identity and then transmits, and the transmission safety can be ensured. Moreover, the private key for identifying the identity cannot be accessed from the outside of the first checking unit 23, which further increases the security and accuracy of identity identification.
The certificate issuing subsystem 30 includes a registration approval unit 31, a certificate issuing unit 32, and a second checking unit 33. The registration and approval unit 31 is connected to the certificate checking unit 32 and has a registration and approval unit identification information; the certificate issuing unit 32 is connected to the registration approval unit 31 and has certificate issuing unit identification information; the second checking unit 33 is connected to the registration approval unit 31 and the certificate issuing unit 32, and has a secure computing capability, and can be accessed only after being authorized in advance. The second checking unit 33 generates a set of public key and private key corresponding to the registration approval unit 31 and the certificate issuing unit 32, respectively. The private keys of the registration approval unit 31 and the certificate issuing unit 32 are stored in the second checking unit 33 and cannot be accessed from the outside. The public keys of the registration approval unit 31 and the certificate issuing unit 32 are transmitted to the upper certificate issuing unit to issue the registration approval unit certificate and the certificate issuing unit certificate. The registration approval unit 31 has registration approval unit identification information to which a registration approval unit certificate is bound. The certificate issuing unit 32 has certificate issuing unit identification information to which the certificate issuing unit certificate is bound. The registration and approval unit 31 can identify the identity of the registered and approved unit by binding the identification information of the registered and approved unit and operating with the private key stored in the second checking unit 33 when transmitting the data. Similarly, the certificate issuing unit 32 can identify the identity of the bound certificate issuing unit certificate by the certificate issuing unit identification information and the private key stored in the second checking unit 33 when transmitting data. Therefore, on the information transmission path, each unit needs to confirm the identity and then transmits, and the transmission safety can be ensured. Moreover, the private key for identifying the identity cannot be accessed from the outside of the second checking unit 33, which further increases the security and accuracy of identity identification.
The credential checking unit 22 of the credential addition subsystem 20 is connected to the registration approval unit 31 of the credential issuance subsystem 30, and when the credential checking unit 22 transmits a credential issuance request to the registration approval unit 31, the registration approval unit 31 also needs to check the identity of the credential checking unit 22. In this embodiment, the certificate checking unit 22 transmits the public key thereof to the registration approval unit 31, the registration approval unit 31 generates a random number by using a random program, encrypts the random number by using the public key transmitted by the certificate checking unit 22, and transmits the encrypted random number to the certificate checking unit 22, the certificate checking unit 22 transmits the encrypted random number to the first checking unit 23 for decryption, the certificate checking unit 22 transmits the decrypted random number back to the registration approval unit 31, and the registration approval unit 31 checks whether the decrypted random number matches the originally generated random number, if so, the certificate checking unit 22 passes the identity verification.
By the above process, the credential addition unit 21 is trusted by the credential checking unit 22, the credential checking unit 22 is trusted by the registration approval unit 31, and the registration approval unit 31 is trusted by the credential issuance unit 32. This forms a trust . The certificate checking unit 22 can securely transmit the certificate issuing request to the certificate issuing unit 32 through the registration and approval unit 31, the certificate issuing unit 32 issues a certificate through the second checking unit 33, the certificate is transmitted to the certificate appending unit 21 through the registration and approval unit 31 and the certificate checking unit 22, and the certificate appending unit 21 appends the certificate to the certificate request terminal 10.
Please refer to fig. 3 and 4, which illustrate an embodiment of the certificate secure issuing and managing method according to the present invention. Referring to fig. 1, in step S101, a credential demander 10 generates a pair of public key and private key by using an asymmetric algorithm, and generates a credential issuance request accordingly.
The process then proceeds to step S102, and in step S102, the credential adding unit 21 securely obtains the credential issuance request from the credential demander 10.
Subsequently, the process proceeds to step S103, and in step S103, the credential checking unit 22 securely obtains the credential issuance request from the credential adding unit 21 by the above-described identity authentication method.
Then, the process proceeds to step S104, and in step S104, the credential checking unit 22 securely transmits the credential issuance request to the registration approval unit 31 by means of the above-mentioned identity authentication.
Proceeding to step S105, in step S105, the registration approval unit 31 securely transmits the credential issuance request to the credential issuance unit 32.
Proceeding to step S106, in step S106, the credential issuing unit 32 transmits the credential issuing request to the second checking unit 33.
Then, the process proceeds to step S107, and in step S107, the credential issuing unit 32 issues a credential to the credential issuing request by using a credential issuing unit private key stored in the second checking unit 33.
Proceeding to step S108, in step S108, the certificate is transmitted from the second checking unit 33 to the certificate issuing unit 32.
Proceeding to step S109, in step S109, the certificate issuing unit 32 securely transmits the certificate to the registration approval unit 31 in the above-mentioned identity recognition manner.
Then, the process proceeds to step S110, and in step S110, the registration approval unit 31 securely transmits the certificate to the certificate checking unit 22 in the above-mentioned identity recognition manner.
Proceeding to step S111, in step S111, the credential checking unit 22 securely transmits the credential to the credential appending unit 21.
Proceeding to step S112, in step S112, the voucher adding unit 21 adds the voucher to the voucher client 10.
Please refer to fig. 2, which illustrates another embodiment of the secure credential issuance and management system according to the present invention. The structure of this embodiment is substantially the same as that of the embodiment of fig. 1, and therefore the same elements are given the same reference numerals and their description is omitted. The difference between this embodiment and the embodiment of fig. 1 is that the credential adding subsystem 20 of this embodiment further includes a third checking unit 24. The certificate attaching unit 21 is connected to the third checking unit 24, the certificate attaching unit 21 has a certificate attaching unit identification information, the third checking unit 24 generates a certificate attaching unit public and private key, and accordingly applies a certificate attaching unit certificate to a common upper-layer certificate issuing unit, and binds the certificate attaching unit identification information with the certificate attaching unit certificate, and the certificate attaching unit 21 is trusted by the certificate checking unit 22. The third checking unit 24 can be built using a relatively low-cost device, which can reduce the cost of the overall device building.
Referring to fig. 5 and fig. 6, another embodiment of the secure certificate issuing and managing method of the present invention is shown. Referring to fig. 2, in the embodiment, the credential request terminal 10 generates a pair of public key and private key, but the credential request terminal 10 does not generate the credential issuance request itself, but transmits the public key to the credential checking unit 22, and the credential checking unit 22 generates the credential issuance request.
First, in step S201, the credential demander 10 generates a pair of a public key and a private key.
The process then proceeds to step S202, and in step S202, the credential adding unit 21 securely obtains the public key from the credential demander 10.
Subsequently, the process proceeds to step S203, and in step S203, the certificate checking section 22 securely acquires a public key from the certificate adding section 21.
Proceeding to step S204, in step S204, the credential checking unit 22 generates a credential issuance request of the credential demander 10 by using the public key.
Proceeding to step S205, in step S205, the credential checking unit 22 securely transmits a credential issuance request to the registration approval unit 31.
Proceeding to step S206, in step S206, the registration approval unit 31 securely transmits the credential issuance request to the credential issuance unit 32.
Proceeding to step S207, in step S207, the credential issuance unit 32 transmits the credential issuance request to the second checking unit 33.
Then, the process proceeds to step S208, and in step S2108, the credential issuing unit 32 issues a credential to the credential issuing request by using a credential issuing unit private key stored in the second checking unit 33.
Proceeding to step S209, in step S209, the certificate is transmitted from the second checking unit 33 to the certificate issuing unit 32.
Then, the process proceeds to step S210, and in step S210, the certificate issuing unit 32 securely transmits the certificate to the registration approval unit 31 in the above-mentioned identity identification manner.
Proceeding to step S211, in step S211, the registration approval unit 31 securely transmits the certificate to the certificate checking unit 22 in the above-mentioned identity identification manner.
Proceeding to step S212, in step S212, the credential checking unit 22 securely transmits the credential to the credential appending unit 21.
Proceeding to step S213, in step S213, the voucher adding unit 21 adds the voucher to the voucher client 10.
In the system and the method for safely issuing and managing the certificate, the certificate issuing subsystem is constructed in equipment of a controlled management place, internal data cannot be accessed randomly unless the outside is authorized, and each unit of the application certificate needs to confirm the identity, so that the safety of certificate application and issuing is improved. In addition, the certificate issuing subsystem is a device with computing capability, the running speed is high, and the certificate issuing efficiency can be increased. Because the unit applying for the certificate does not need to build a system for signing and issuing the certificate by itself, the certificate can be applied and obtained only by connecting with the certificate signing and issuing subsystem of the invention, and the operation cost of enterprises can be saved.

Claims (12)

1. A secure certificate issuing and management system is characterized in that: the certificate requiring terminal generates a pair of public key and private key by using an asymmetric algorithm, and the private key cannot be accessed from the outside and can be accessed only by being authorized in advance;
a credential attachment subsystem, comprising: a voucher additional unit connected to the voucher request end for adding a voucher to the voucher request end;
a certificate checking unit connected to the certificate attaching unit and having a certificate checking unit identification information;
the first checking unit is connected with the certificate checking unit, has safe computing capability and can be accessed only by being authorized in advance;
and a credential issuance subsystem comprising:
the registration approval unit is connected with the certificate checking unit and is provided with identification information of the registration approval unit;
the certificate issuing unit is connected with the registration approval unit and is provided with certificate issuing unit identification information;
the second checking unit is connected with the registration approval unit and the certificate issuing unit, has safe computing capability and can be accessed only after being authorized in advance;
the certificate additional unit is trusted by the certificate checking unit, the certificate checking unit is trusted by the registration and approval unit, and the registration and approval unit is trusted by the certificate issuing unit.
2. The secure credential issuance and management system according to claim 1, wherein: the first checking unit generates a public and private key pair of the certificate checking unit, applies a certificate checking unit certificate to a common upper-layer certificate issuing unit according to the public and private key pair, and binds the certificate checking unit identification information with the certificate checking unit certificate.
3. A secure credential issuance and management system according to claim 1 or 2, wherein: the first checking unit is connected with the certificate additional unit, the certificate additional unit is provided with certificate additional unit identification information, the first checking unit generates a certificate additional unit public and private key pair, a certificate additional unit certificate is applied to a common upper-layer certificate issuing unit according to the certificate additional unit identification information, the certificate additional unit certificate is bound with the certificate additional unit identification information, and the certificate additional unit is trusted by the certificate checking unit.
4. A secure credential issuance and management system according to claim 1 or 2, wherein: the third checking unit generates a public and private key of the additional unit of the certificate, applies a certificate of the additional unit of the certificate to a shared upper-layer certificate issuing unit according to the public and private key, and binds the identification information of the additional unit of the certificate with the certificate of the additional unit of the certificate, and the additional unit of the certificate is trusted by the checking unit of the certificate.
5. A secure credential issuance and management system according to claim 1 or 2, wherein: the second checking unit is connected with the registration and approval unit, the registration and approval unit is provided with a registration and approval unit identification information, the second checking unit generates a registration and approval unit public and private key pair, a registration and approval unit certificate is applied to a common upper-layer certificate issuing unit according to the registration and approval unit identification information, the registration and approval unit identification information is bound by the registration and approval unit certificate, and the certificate checking unit is trusted by the registration and approval unit.
6. The secure credential issuance and management system according to claim 5, wherein: the second checking unit is connected with the certificate issuing unit, the certificate issuing unit is provided with certificate issuing unit identification information, the second checking unit generates a certificate issuing unit public and private key pair, a certificate issuing unit certificate is applied to a common upper layer certificate issuing unit according to the certificate issuing unit public and private key pair, the certificate issuing unit certificate is bound with the certificate issuing unit identification information, and the registration and approval unit is trusted by the certificate issuing unit.
7. The secure credential issuance and management system according to claim 1, wherein: the certificate requiring end generates a pair of public key and private key, and generates a certificate signing and issuing request, the certificate checking unit can safely obtain the certificate signing and issuing request through the certificate additional unit.
8. The secure credential issuance and management system according to claim 1, wherein: the certificate requiring end generates a pair of public key and private key, the certificate checking unit can safely obtain the public key through the certificate additional unit, and a certificate issuing request of the certificate requiring end is generated according to the public key.
9. A secure credential issuance and management system according to claim 7 or 8, wherein: the certificate checking unit can safely transmit the certificate issuing request to the certificate issuing unit through the registration approval unit.
10. A secure credential issuance and management system according to claim 9, wherein: the certificate issuing unit issues a certificate through the second checking unit, the certificate is transmitted to the certificate additional unit through the registration and approval unit and the certificate checking unit, and the certificate additional unit adds the certificate to the certificate demand side.
11. A secure certificate issuing and managing method is characterized by comprising
A certificate demand end generates a pair of public key and private key by using an asymmetric algorithm, and generates a certificate signing request according to the public key and the private key;
a certificate attaching unit for securely obtaining the certificate issuing request from the certificate request terminal;
a certificate checking unit obtains the certificate signing and issuing request from the certificate additional unit safely;
the certificate checking unit securely transmits the certificate issuing request to a registration and approval unit;
the registration and approval unit securely transmits the certificate issuing request to a certificate issuing unit;
the certificate issuing unit issues a certificate aiming at the certificate issuing request by using a certificate issuing unit private key stored in a second checking unit;
the certificate issuing unit transmits the certificate to the certificate additional unit safely through the registration approval unit and the certificate checking unit;
and the certificate attaching unit adds the certificate to the certificate requiring end.
12. A secure certificate issuing and managing method is characterized in that: comprises that
A certificate demand end generates a pair of public key and private key;
a certificate attaching unit for securely obtaining the public key from the certificate request terminal;
a certificate checking unit obtains the public key from the certificate additional unit safely;
the certificate checking unit generates a certificate issuing request of the certificate demand end by using the public key;
the certificate checking unit securely transmits the certificate issuing request to a registration and approval unit;
the registration and approval unit securely transmits the certificate issuing request to a certificate issuing unit;
the certificate issuing unit issues a certificate for the certificate issuing request by using a private key of the certificate issuing unit built in the second checking unit;
the certificate issuing unit transmits the certificate to the certificate additional unit safely through the registration approval unit and the certificate checking unit;
and the certificate attaching unit adds the certificate to the certificate requiring end.
CN202010240982.7A 2020-03-31 2020-03-31 Certificate safety issuing and managing system and method Active CN111614466B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010240982.7A CN111614466B (en) 2020-03-31 2020-03-31 Certificate safety issuing and managing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010240982.7A CN111614466B (en) 2020-03-31 2020-03-31 Certificate safety issuing and managing system and method

Publications (2)

Publication Number Publication Date
CN111614466A true CN111614466A (en) 2020-09-01
CN111614466B CN111614466B (en) 2023-07-14

Family

ID=72198196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010240982.7A Active CN111614466B (en) 2020-03-31 2020-03-31 Certificate safety issuing and managing system and method

Country Status (1)

Country Link
CN (1) CN111614466B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2115932A2 (en) * 2007-02-16 2009-11-11 Tibco Software Inc. Systems and methods for automating certification authority practices
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
JP2012531822A (en) * 2009-06-24 2012-12-10 デバイススケープ・ソフトウェア・インコーポレーテッド System and method for obtaining network credentials
US20150052351A1 (en) * 2013-08-19 2015-02-19 Smartguard, Llc Secure installation of encryption enabling software onto electronic devices
US20150095999A1 (en) * 2013-10-01 2015-04-02 Kalman Csaba Toth Electronic Identity and Credentialing System
EP2874094A1 (en) * 2013-11-14 2015-05-20 Software602 a.s. Data authorization method
CN107277000A (en) * 2017-06-09 2017-10-20 北京明朝万达科技股份有限公司 A kind of electronic certificate method for managing security and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2115932A2 (en) * 2007-02-16 2009-11-11 Tibco Software Inc. Systems and methods for automating certification authority practices
JP2012531822A (en) * 2009-06-24 2012-12-10 デバイススケープ・ソフトウェア・インコーポレーテッド System and method for obtaining network credentials
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
US20150052351A1 (en) * 2013-08-19 2015-02-19 Smartguard, Llc Secure installation of encryption enabling software onto electronic devices
US20150095999A1 (en) * 2013-10-01 2015-04-02 Kalman Csaba Toth Electronic Identity and Credentialing System
EP2874094A1 (en) * 2013-11-14 2015-05-20 Software602 a.s. Data authorization method
CN107277000A (en) * 2017-06-09 2017-10-20 北京明朝万达科技股份有限公司 A kind of electronic certificate method for managing security and system

Also Published As

Publication number Publication date
CN111614466B (en) 2023-07-14

Similar Documents

Publication Publication Date Title
US10862892B2 (en) Certificate system for verifying authorized and unauthorized secure sessions
US9602497B2 (en) Trusted and unsupervised digital certificate generation using a security token
KR100962399B1 (en) Method for providing anonymous public key infrastructure and method for providing service using the same
US7526649B2 (en) Session key exchange
US8555075B2 (en) Methods and system for storing and retrieving identity mapping information
US6948061B1 (en) Method and device for performing secure transactions
CN102035838B (en) Trust service connecting method and trust service system based on platform identity
JP2008507892A (en) System and method for implementing a digital signature using a one-time private key
KR102078913B1 (en) AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE
CN101241528A (en) Terminal access trusted PDA method and access system
CN111431840A (en) Security processing method and device
CN112968779B (en) Security authentication and authorization control method, control system and program storage medium
CN114091009A (en) Method for establishing secure link by using distributed identity
KR101491553B1 (en) Secure SmartGrid Communication System and Method using DMS based on Certification
KR101616795B1 (en) Method for manage private key file of public key infrastructure and system thereof
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
CN111614466A (en) System and method for secure issuance and management of certificates
TWI744844B (en) Certificate securely signing and management system and certificate securely signing and management method
KR20200057660A (en) Method for operating account reinstating service based account key pairs, system and computer-readable medium recording the method
Toth et al. Privacy by design architecture composed of identity agents decentralizing control over digital identity
CN117676580B (en) Safety authentication method based on vehicle-mounted gateway
CN116305330B (en) Safety management method for CPU hardware
Tanwar et al. A Novel Framework for Efficient Multiple Signature on Certificate with Database Security
CN116318637A (en) Method and system for secure network access communication of equipment
CN117150473A (en) Secure access method, apparatus, electronic device, and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant