CN113536391A - Electronic certificate, digital certificate class black box authentication method, system and related products - Google Patents
Electronic certificate, digital certificate class black box authentication method, system and related products Download PDFInfo
- Publication number
- CN113536391A CN113536391A CN202110727152.1A CN202110727152A CN113536391A CN 113536391 A CN113536391 A CN 113536391A CN 202110727152 A CN202110727152 A CN 202110727152A CN 113536391 A CN113536391 A CN 113536391A
- Authority
- CN
- China
- Prior art keywords
- authentication
- digital
- certificate
- result information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an electronic certificate, a digital certificate class black box authentication method, a system and a related product, wherein the scheme comprises that an authentication center publishes credible digital certificate information; the authentication request initiating terminal initiates a verification request of electronic certificates and digital certificates; the authentication center receives the authentication request of the request initiating end, then carries out verification processing and returns verified authentication result information; the request initiating end can further verify the credibility of the authentication result information after receiving the authentication result. The scheme provided by the invention adopts the credible authentication of the authentication request information and the authentication result information of the electronic certificate and the digital certificate based on the cryptographic technology, can effectively prevent intermediate attack behaviors, and improves the safety and credibility of information authentication.
Description
Technical Field
The application relates to the technical field of computers, in particular to an authentication technology of electronic certificates and digital certificates.
Background
The authentication technology of the electronic certificate and the digital certificate mainly refers to the related technology for processing the authentication process and the authentication result of the electronic certificate and the digital certificate file in an authentication center.
The main processes for authenticating the electronic certificate and the digital certificate file in the conventional technology are as follows:
1. the authentication request terminal directly uploads the electronic certificate and the digital certificate file and requests the authentication center to authenticate;
2. the authentication center directly calls the service for authentication after receiving the authentication request;
3. and directly returning the authentication result to the authentication request end.
The above authentication process has a large uncertain security risk in the actual operation process, which is mainly expressed in the following aspects:
(1) the electronic certificate and the electronic certificate file information which request authentication from the authentication request terminal lack effective confidentiality protection;
(2) the authentication center lacks effective safety protection for authentication service in the authentication process;
(3) the authentication center lacks effective security protection for the authentication result, and the authenticity, integrity and tamper-proof property of the authentication result cannot be achieved.
Therefore, in order to perform secure, effective and credible authentication on the electronic certificate and the digital certificate file, the prior art needs to be purposefully perfected and optimized, so that intermediate attack behaviors can be effectively prevented, and the secure, effective and credible authentication process and authentication result can be realized.
Disclosure of Invention
Aiming at the problems of the existing electronic certificate and digital certificate technology in the aspect of safety, the invention aims to provide a black box authentication method for the electronic certificate and the digital certificate, which improves the safety and the credibility of the authentication of the electronic certificate and the digital certificate; the invention further provides a system for realizing the method and related equipment on the basis.
In order to achieve the above purpose, the method for authenticating the electronic certificate and the digital certificate black box provided by the invention comprises the following steps:
the authentication center publicly issues credible digital certificate information;
the authentication request initiating terminal initiates an authentication request of electronic certificates and digital certificates;
after receiving an authentication request of a request initiating end, the authentication center calls a verification module in the associated authentication service for authentication, after finishing authentication in the associated authentication service, digital signature protection is carried out on the verified result information to form authentication result information, and the verified authentication result information is returned;
the request initiating end can further verify the credibility of the authentication result information after receiving the authentication result.
Furthermore, in the authentication method, the authentication request initiating terminal can encrypt the authentication request information in advance through a public key digital certificate which is publicly issued by the authentication center and then initiate the authentication request.
Further, when the authentication center receives the authentication request from the request initiator in the authentication method, the method includes:
preprocessing according to the data format of the authentication request;
the authentication center requests the associated authentication service by calling the electronic certificate and the digital certificate type black box authentication module, and calls the verification module in the associated authentication service for verification;
after the authentication center completes authentication in the associated authentication service, the authentication result information is subjected to digital signature protection through a private key corresponding to a digital certificate which is published by the authentication center to form authentication result information, and then the authentication result information is sent to an authentication request initiating terminal.
Further, when the digital signature protection is performed on the verification result information, the digital signature information may be added with time stamp information.
Furthermore, in the authentication method, after the authentication request initiating terminal receives the authentication result, the digital signature information of the authentication result information can be further verified.
Furthermore, in the authentication method, after the authentication request initiating terminal receives the authentication result, the validity and validity of the digital certificate in the authentication result information are verified.
Further, in the authentication method, after the authentication request initiating terminal receives the authentication result, the validity of the timestamp added to the authentication result information is verified.
Further, the black box authentication module can be subordinate to a part of the authentication center or independently serve as a third party authentication service.
In order to achieve the above object, the present invention provides an electronic certificate and digital certificate type black box authentication system, comprising:
the authentication request module runs at an authentication request initiating end, forms authentication request information of an electronic certificate and a digital certificate and sends an authentication request to an authentication center;
the authentication module runs in an authentication center, calls the verification module in the associated authentication service for authentication after receiving the authentication request of the authentication request module, forms authentication result information after performing digital signature protection on the verified result information in the associated authentication service and returns the verified authentication result information;
and the authentication result verification module runs at the authentication request initiating end, receives the authentication result returned by the authentication module and further verifies the credibility of the authentication result information.
Furthermore, the authentication module calls an electronic certificate and a digital certificate type black box authentication module to perform request verification.
Further, the authentication module performs digital signature protection on the verified result information through a private key corresponding to a digital certificate which is published by the authentication center, and then authentication result information is formed and returned.
Further, the authentication module performs digital signature protection on the verified result information, and the digital signature information is attached with timestamp information.
In order to achieve the above object, the present invention provides a computer-readable storage medium having a program stored thereon, the program implementing the steps of the above-mentioned electronic certificate, digital certificate class black box authentication method when being executed by a processor.
In order to achieve the above object, the present invention provides a processor, where the processor is configured to execute a program, and the program executes the steps of the above method for authenticating an electronic certificate and a digital certificate black box.
In order to achieve the above object, the present invention provides a terminal device, which includes a processor, a memory, and a program stored in the memory and executable on the processor, wherein the program code is loaded and executed by the processor to implement the steps of the above method for authenticating an electronic certificate and a digital certificate black box.
In order to achieve the above object, the present invention provides a computer program product adapted to perform the steps of the above-mentioned electronic certificate, digital certificate-like black box authentication method when executed on a data processing device.
The scheme provided by the invention adopts the credible authentication of the authentication request information and the authentication result information of the electronic certificate and the digital certificate based on the cryptographic technology, thereby improving the safety and credibility of the information.
The scheme provided by the invention is used as a block chaining technique, and can be used for trusted verification of cloud computing and cloud service in a trusted environment and an untrusted environment.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific examples.
The authentication technology of the electronic certificate and the digital certificate mainly refers to the related technology for processing the authentication process and the authentication result of the electronic certificate and the digital certificate file in an authentication center.
In the authentication technique here:
(1) the information requesting authentication refers to electronic documents such as electronic certificates and digital certificates, and the electronic documents are provided with electronic signatures or electronic signature information;
(2) the authentication center verifies the validity of the electronic certificate and the digital certificate for verification and the validity of the electronic signature based on the cryptographic technology, and verifies the validity period, the state and other information of the electronic certificate and the digital certificate.
Therefore, the authentication of the electronic certificate and the digital certificate in the scheme of the application is to perform credible authentication on the authentication request information and the authentication result information of the electronic certificate and the digital certificate based on the cryptographic technology, so that the safety and the credibility of the information are improved.
Therefore, the scheme of the patent provides an electronic certificate and digital certificate type black box authentication method, and trusted authentication is carried out on authentication request information and authentication result information of the electronic certificate and the digital certificate.
The authentication process of the electronic certificate and the digital certificate black box in the scheme is mainly completed by an authentication center. The authentication center calls the verification module to verify in the associated authentication service by requesting the associated authentication service, so that the unreliability of the authentication result of the authentication center server after the authentication center server falls down can be effectively prevented, and the security of the authentication service is improved; after the authentication center completes authentication in the associated authentication service, the authentication center performs digital signature protection on the verified result information to form authentication result information, and the authenticity, integrity and tamper resistance of the authentication result are ensured.
Specifically, the authentication method mainly relates to an authentication center and an authentication request initiating terminal. The authentication center is a server of the authentication system, and a matched authentication website, etc., and publicly issues an authenticated digital certificate, receives and schedules request authentication information of an authentication request initiator, and provides authentication service.
Therefore, when the scheme is realized, the method mainly comprises the following steps:
s1: the authentication center publicly issues trusted digital certificate information.
S2: the authentication request initiating terminal initiates an authentication request of electronic certificates and digital certificates.
S3: the authentication center receives the authentication request of the request initiating end, then carries out verification processing, and returns the verified authentication result information.
In the step, the authentication center calls the verification module in the associated authentication service for authentication, so that the unreliability of the authentication result of the authentication center server after the authentication center server falls down can be effectively prevented; meanwhile, after the associated authentication service completes authentication, the authentication center performs digital signature protection on the verified result information to form authentication result information, so that the authenticity, integrity and tamper resistance of the authentication result are ensured.
S4: after receiving the authentication result information, the authentication request initiating terminal can further verify the credibility of the authentication result information to establish the credibility of the final verification result.
In some embodiments of the present solution, the format standard conforming to the x.509 public key certificate is adopted for the certificate authority to publish and issue the trusted digital certificate information, so as to ensure the publishing, standardization and verifiability of the digital certificate.
In some embodiments of the present disclosure, when the authentication request initiator initiates the authentication request information of the electronic license and the digital certificate, the authentication request initiator may encrypt the public key digital certificate issued by the authentication center in advance and then initiate the authentication request. The electronic certificate and electronic certificate electronic file data are encrypted and protected from the authentication request initiating end, so that intermediate attack behaviors can be effectively prevented, and the confidentiality and the credibility of a data source are ensured.
In some embodiments of the present solution, the authentication request initiator in the present solution initiates the verification request information of the electronic certificate and the digital certificate, or directly requests the verification service of the authentication center without encrypting through a public key certificate.
In some embodiments of the present solution, when receiving a verification request service from a request initiator, the authentication center in the present solution first performs preprocessing according to a received verification request data format. If the encryption is carried out through the public key certificate, the decryption is carried out through a corresponding private key of the authentication center.
Then, the authentication center calls an electronic certificate and a digital certificate type black box authentication module to perform authentication:
(1) the electronic certificate and digital certificate type black box authentication module calls the verification module to verify in the associated authentication service by requesting the associated authentication service, so that the unreliability of the authentication result of the authentication center server after the authentication center server falls down can be effectively prevented, and the security of the authentication service is improved;
(2) after the authentication center completes authentication in the associated authentication service, the authentication center performs digital signature protection on the verified result information to form authentication result information, and the authenticity, integrity and tamper resistance of the authentication result are ensured.
It should be noted that the black box authentication used herein may be a part of the authentication center, or may be a third party authentication service independently.
And finally, when the digital signature protection is carried out on the verified result information, the verified result information can be subjected to digital signature protection through a private key corresponding to a digital certificate which is published by the authentication center in a public way to form authentication result information, and then the authentication result information is sent to the authentication request initiating terminal. The authenticity, integrity and non-tamper property of the authentication result can be ensured by performing digital signature protection on the authentication result information, and meanwhile, the authentication request initiating end can perform public digital signature verification on the authentication result information.
On the basis, when the verification result information is subjected to standard digital signature protection, the digital signature information can be added with timestamp information. Here, by adding the time stamp information, the validity of the authentication behavior of the authentication center can be further ensured, and the tracing of the authentication behavior can be performed if necessary.
In some embodiments of the present solution, after receiving the authentication result, the authentication request initiator in the present solution further verifies the credibility of the authentication result information, and can ensure the authenticity, integrity, tamper resistance and validity of the authentication result returned by the authentication center by verifying the digital signature information of the authentication result.
For example, in the scheme, when the digital signature information of the authentication result is verified, the validity and validity of the authentication result can be further ensured by comparing the digital certificate in the verification authentication result with the digital certificate published by the authentication center.
The validity of the additional time stamp can be further verified according to needs, so that the credibility of the authentication result information can be verified.
In addition, for example, the verification method adopted by the scheme when verifying the credibility of the authentication result information includes, but is not limited to: the authentication center provides a verification tool, such as a local verification tool and a server-side verification tool; or a separate third party verification tool.
Therefore, the electronic certificate and digital certificate type black box authentication method is formed, and when the method is specifically applied, the authentication can be realized by combining the password technology:
(1) the authentication request terminal requests to initiate authentication, namely, an electronic certificate with electronic signature or electronic signature information and a digital certificate file are sent to an authentication center;
(2) the authentication request terminal requests to initiate authentication, and can encrypt the electronic certificate and the digital certificate file through a digital certificate disclosed by the authentication center;
(3) the authentication center receives the electronic certificate and the digital certificate file of the authentication request, verifies the validity of all electronic signatures or electronic signature information through a black box-like authentication mode, and synchronously verifies the validity period, state and other information of the electronic certificate and the digital certificate;
(4) the authentication center carries out digital signature on the returned authentication result information by adopting a secret key S2 corresponding to a public digital certificate (the public key is called S1), and the returned authentication result information and the authentication result are returned to the request end;
(5) after the requester receives the signature, the signature verification can be performed through the public digital certificate (S1), so as to ensure that the authentication result is real, legal and valid.
Aiming at the scheme for authenticating the electronic certificate and the digital certificate type black box, a corresponding software program can be formed when the scheme is specifically applied, and a corresponding system for authenticating the electronic certificate and the digital certificate type black box is formed. When the software program runs, the electronic certificate and the digital certificate type black box authentication method are executed and simultaneously stored in the corresponding storage medium for the processor to call and execute.
The electronic certificate and digital certificate type black box authentication system formed by the method mainly comprises the following functions: the system comprises an authentication request module, an authentication module and an authentication result verification module.
The authentication request module in the system runs at an authentication request initiating end to form authentication request information of electronic certificates and digital certificates and sends an authentication request to an authentication center.
The authentication request module can encrypt the public key digital certificate issued by the authentication center in advance and then issue the authentication service of the authentication request authentication center.
The authentication module in the system runs in an authentication center, performs verification processing after receiving an authentication request of the authentication request module, and returns verified authentication result information.
Specifically, the authentication module first performs preprocessing according to a received authentication request data format; if the authentication request information is encrypted through the public key certificate, the authentication center decrypts the authentication request information by adopting a private key corresponding to the publicly issued digital certificate.
The authentication module calls an electronic certificate and digital certificate type black box authentication module aiming at the preprocessed authentication request data to perform request authentication; and meanwhile, the verified result information is subjected to digital signature protection through a private key corresponding to a digital certificate which is published by the authentication center to form authentication result information, and then the authentication result information is sent to the authentication request sending end.
The request authentication process of the electronic certificate and digital certificate black box authentication module is as described above, and is not described herein again.
According to the requirement, the authentication module carries out standard digital signature protection on the verification result information, and the digital signature information can be added with time stamp information.
The authentication result verification module in the system runs at an authentication request initiating end, receives the authentication result returned by the authentication module and further verifies the credibility of the authentication result information.
Specifically, when the authentication result verification module verifies the authenticity of the authentication result information with respect to the received authentication result, the verifiable information includes:
verifying the authenticity and validity of the digital signature;
verifying the validity and validity of the digital certificate;
the validity of the appended timestamp is verified.
When the formed electronic certificate and digital certificate type black box authentication system runs, the credible authentication of the authentication request information and the authentication result information of the electronic certificate and the digital certificate type can be realized, so that the safety and the credibility of the information are improved. Thus, the system is used for the credible verification of cloud computing and cloud services in a credible environment and an untrustworthy environment.
As a further supplementary example scenario:
the scheme also provides a computer readable storage medium, wherein a program is stored on the computer readable storage medium, and the program realizes the steps of the electronic certificate and digital certificate type black box authentication method when being executed by a processor.
The scheme also provides a processor, wherein the processor is used for running the program, and the steps of the electronic certificate and digital certificate black box authentication method are executed when the program runs.
The scheme also provides terminal equipment which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the program code is loaded and executed by the processor to realize the steps of the electronic certificate and digital certificate class black box authentication method.
The scheme also provides a computer program product which is suitable for executing the steps of the electronic certificate and digital certificate type black box authentication method when being executed on data processing equipment.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the module described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. An electronic certificate and digital certificate type black box authentication method is characterized by comprising the following steps:
the authentication center publicly issues credible digital certificate information;
the authentication request initiating terminal initiates an authentication request of electronic certificates and digital certificates;
after receiving an authentication request of a request initiating end, the authentication center calls a verification module in the associated authentication service for authentication, after finishing authentication in the associated authentication service, digital signature protection is carried out on the verified result information to form authentication result information, and the verified authentication result information is returned;
the request initiating end can verify the credibility of the authentication result information after receiving the authentication result.
2. The black box authentication method of electronic certificates and digital certificates according to claim 1, wherein the authentication request is issued after the authentication request is encrypted by a public key digital certificate issued by an authentication center in advance.
3. The method for authenticating the electronic certificate and the digital certificate black box according to claim 1, wherein when an authentication center receives an authentication request from a request initiating terminal, the method comprises the following steps:
preprocessing according to the data format of the authentication request;
the authentication center requests the associated authentication service by calling the electronic certificate and the digital certificate type black box authentication module, and calls the verification module in the associated authentication service for verification;
after the authentication center completes authentication in the associated authentication service, the authentication result information is subjected to digital signature protection through a private key corresponding to a digital certificate which is published by the authentication center to form authentication result information, and then the authentication result information is sent to an authentication request initiating terminal.
4. The method for authenticating the electronic certificate and the digital certificate black box as claimed in claim 3, wherein the digital signature information is added with time stamp information when the digital signature protection is performed on the verified result information.
5. The method for authenticating the electronic certificate and the digital certificate black box as claimed in claim 4, wherein the digital signature information of the authentication result information can be further verified after the authentication request initiating terminal receives the authentication result information.
6. The method for authenticating the electronic certificate and the digital certificate black box as claimed in claim 3, wherein the black box authentication module can be attached to a part of the authentication center or independently serve as a third party authentication service.
7. Electronic certificate, digital voucher class black box authentication system, its characterized in that includes:
the authentication request module runs at an authentication request initiating end, forms authentication request information of an electronic certificate and a digital certificate and sends an authentication request to an authentication center;
the authentication module runs in an authentication center, calls the verification module in the associated authentication service for authentication after receiving the authentication request of the authentication request module, forms authentication result information after performing digital signature protection on the verified result information in the associated authentication service and returns the verified authentication result information;
and the authentication result verification module runs at the authentication request initiating end, receives the authentication result returned by the authentication module and further verifies the credibility of the authentication result information.
8. The system according to claim 7, wherein the authentication module invokes the electronic license, digital certificate class black box authentication module for verification.
9. The system according to claim 7, wherein the authentication module performs digital signature protection on the verified result information through a private key corresponding to a digital certificate issued by the authentication center in a public manner to form authentication result information, and returns the authentication result information.
10. The system according to claim 9, wherein the authentication module performs digital signature protection on the verified result information, and the digital signature information can be added with timestamp information.
11. A computer-readable storage medium, on which a program is stored, which, when being executed by a processor, carries out the steps of the electronic certificate, digital voucher-like black box authentication method of any one of claims 1 to 6.
12. A processor for executing a program, wherein the program executes to perform the steps of the electronic certificate, digital certificate class black box authentication method of any one of claims 1 to 6.
13. A terminal device comprising a processor, a memory and a program stored on the memory and executable on the processor, characterized in that the program code is loaded and executed by the processor to implement the steps of the electronic certificate, digital certificate class black box authentication method as claimed in any one of claims 1 to 6.
14. A computer program product, characterized in that it is adapted to perform the steps of the electronic certificate, digital voucher like black box authentication method of any of claims 1-6, when being executed on a data processing device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110727152.1A CN113536391A (en) | 2021-06-29 | 2021-06-29 | Electronic certificate, digital certificate class black box authentication method, system and related products |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110727152.1A CN113536391A (en) | 2021-06-29 | 2021-06-29 | Electronic certificate, digital certificate class black box authentication method, system and related products |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113536391A true CN113536391A (en) | 2021-10-22 |
Family
ID=78097114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110727152.1A Pending CN113536391A (en) | 2021-06-29 | 2021-06-29 | Electronic certificate, digital certificate class black box authentication method, system and related products |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113536391A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152182A (en) * | 2013-03-08 | 2013-06-12 | 新疆君盾信息技术有限公司 | Method for authenticating and validating electronic data |
| CN105512570A (en) * | 2015-11-27 | 2016-04-20 | 南威软件股份有限公司 | E-government internal network electronic certificate authentication method and system |
| CN107146186A (en) * | 2017-04-05 | 2017-09-08 | 合肥拓普网络系统工程有限责任公司 | A kind of electronics license voucher presentment system |
| CN107317683A (en) * | 2017-06-20 | 2017-11-03 | 上海浩霖汇信息科技有限公司 | A kind of bi-directional verification method and device of electronics license |
| CN109495276A (en) * | 2018-12-29 | 2019-03-19 | 金邦达有限公司 | A kind of implementation method of the electronic driving license based on SE chip, computer installation, computer readable storage medium |
| US20200287912A1 (en) * | 2015-03-31 | 2020-09-10 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
| CN111698093A (en) * | 2020-06-11 | 2020-09-22 | 江苏海洋大学 | Digital time stamp issuing and verifying method based on PKI system |
-
2021
- 2021-06-29 CN CN202110727152.1A patent/CN113536391A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152182A (en) * | 2013-03-08 | 2013-06-12 | 新疆君盾信息技术有限公司 | Method for authenticating and validating electronic data |
| US20200287912A1 (en) * | 2015-03-31 | 2020-09-10 | Paradigm, Inc. | Systems and methods for generating and validating certified electronic credentials |
| CN105512570A (en) * | 2015-11-27 | 2016-04-20 | 南威软件股份有限公司 | E-government internal network electronic certificate authentication method and system |
| CN107146186A (en) * | 2017-04-05 | 2017-09-08 | 合肥拓普网络系统工程有限责任公司 | A kind of electronics license voucher presentment system |
| CN107317683A (en) * | 2017-06-20 | 2017-11-03 | 上海浩霖汇信息科技有限公司 | A kind of bi-directional verification method and device of electronics license |
| CN109495276A (en) * | 2018-12-29 | 2019-03-19 | 金邦达有限公司 | A kind of implementation method of the electronic driving license based on SE chip, computer installation, computer readable storage medium |
| CN111698093A (en) * | 2020-06-11 | 2020-09-22 | 江苏海洋大学 | Digital time stamp issuing and verifying method based on PKI system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7526649B2 (en) | Session key exchange | |
| US9589143B2 (en) | Semi-trusted Data-as-a-Service platform | |
| US8555075B2 (en) | Methods and system for storing and retrieving identity mapping information | |
| CN110832519A (en) | Improving integrity of communications between blockchain networks and external data sources | |
| JP2022545627A (en) | Decentralized data authentication | |
| CN109905360B (en) | Data verification method and terminal equipment | |
| US8312518B1 (en) | Island of trust in a service-oriented environment | |
| WO2017000648A1 (en) | Authentication method and apparatus for reinforced software | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| US20220417028A1 (en) | Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession | |
| CN112070502A (en) | Data verification method and system based on block chain | |
| JP6387908B2 (en) | Authentication system | |
| CN110992218A (en) | Music copyright protection method, device and medium based on block chain | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| CN111431840A (en) | Security processing method and device | |
| CN106992978B (en) | Network security management method and server | |
| CN115065542A (en) | Permission verification method and device, processor and electronic equipment | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN117436043A (en) | Method and device for verifying source of file to be executed and readable storage medium | |
| CN116599750A (en) | System and method for ensuring traceability of data change by utilizing encryption technology | |
| US7330982B1 (en) | Secured automated process for signed, encrypted or validated content generation | |
| CN113536391A (en) | Electronic certificate, digital certificate class black box authentication method, system and related products | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN112673591A (en) | System and method for providing authorized third parties with secure key escrow access to a secret public ledger | |
| US11418350B2 (en) | Management system and method for secure signing of certificates |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |