CN113541930B - Method, device, system and storage medium for checking digital certificate state - Google Patents
Method, device, system and storage medium for checking digital certificate state Download PDFInfo
- Publication number
- CN113541930B CN113541930B CN202010314931.4A CN202010314931A CN113541930B CN 113541930 B CN113541930 B CN 113541930B CN 202010314931 A CN202010314931 A CN 202010314931A CN 113541930 B CN113541930 B CN 113541930B
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- information
- message digest
- digital
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004590 computer program Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000007689 inspection Methods 0.000 claims 10
- 238000010586 diagram Methods 0.000 description 24
- 230000006870 function Effects 0.000 description 9
- 238000012216 screening Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The invention discloses a method, a device and a system for checking the state of a digital certificate and a storage medium, and relates to the field of information security. The method for checking the digital certificate state comprises the following steps: generating a message digest of information of the digital certificate to be checked; sending part of information in the digital abstract to a server of the digital certificate; receiving a message digest of information of one or more revoked digital certificates sent by a server as reference message digests, wherein each reference message digest comprises partial information; in the presence of a reference message digest that coincides with the message digest of the information of the digital certificate to be checked, the state of the digital certificate to be checked is determined as a revoked state. Therefore, when the embodiment of the invention meets the inquiry requirement of the digital certificate state, the privacy protection of the user is improved.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a method, an apparatus, a system, and a storage medium for checking a digital certificate status.
Background
The "life" of a digital certificate does not necessarily extend to a predetermined expiration date, as the digital certificate may result in the private key being lost, stolen, etc. When this happens, serious consequences may result if the corresponding digital certificate continues to be used. Thus, the data certificate is revoked just before the expiration date comes, and revocation of the certificate also represents termination of the validity of the certificate.
When verifying the validity of a digital certificate, it is necessary to verify whether the certificate is revoked. In the related art, an Online Certificate Status Protocol (OCSP) is the most commonly used Online query mechanism. By transmitting the serial number of the digital certificate to the OCSP server, it is possible to know whether the target certificate is revoked.
Disclosure of Invention
After the inventor analyzes the related technology, it is found that directly querying the serial number reveals the target accessed by the user to the OCSP server.
The embodiment of the invention aims to solve the technical problem that: how to improve privacy protection for users when querying digital certificate status.
According to a first aspect of some embodiments of the present invention, there is provided a method for checking a digital certificate status, including: generating a message digest of information of the digital certificate to be checked; sending part of information in the digital abstract to a server of the digital certificate; receiving a message digest of information of one or more revoked digital certificates sent by a server as reference message digests, wherein each reference message digest comprises partial information; in the presence of a reference message digest that coincides with the message digest of the information of the digital certificate to be checked, the state of the digital certificate to be checked is determined as a revoked state.
In some embodiments, the part of the information in the digital summary is information of a preset length starting from a preset position of the digital summary.
In some embodiments, the predetermined length is determined based on a predetermined number of filters and a number of revoked digital certificates.
In some embodiments, the predetermined length is determined based on a logarithm of a ratio of the predetermined number of filters to the number of revoked digital certificates, based on 1/2.
In some embodiments, the information of the digital certificate is a serial number of the digital certificate.
According to a second aspect of some embodiments of the present invention, there is provided a method for checking a digital certificate status, including: receiving partial information in a message digest of the information of the digital certificate to be checked, which is sent by a relying party of the digital certificate; and sending a message digest of the information of the one or more revoked digital certificates, which includes part of the information, as a reference message digest to the relying party, so that the relying party determines the state of the digital certificate to be checked as a revoked state in the presence of the reference message digest, which is consistent with the message digest of the information of the digital certificate to be checked.
According to a third aspect of some embodiments of the present invention, there is provided an apparatus for checking a digital certificate status, including: a message digest generation module configured to generate a message digest of information of the digital certificate to be checked; the information sending module is configured to send part of information in the digital abstract to a server of the digital certificate; a digest receiving module configured to receive, as reference message digests, message digests of information of one or more revoked digital certificates sent by a server, wherein each reference message digest includes partial information; a state determination module configured to determine a state of the digital certificate to be checked as a revoked state in a case where there is a reference message digest that coincides with a message digest of the information of the digital certificate to be checked.
In some embodiments, the checking device is located at a relying party device for the digital certificate.
In some embodiments, the relying party device is a browser.
According to a fourth aspect of some embodiments of the present invention, there is provided an apparatus for checking a status of a digital certificate, including: the information receiving module is configured to receive partial information in a message digest of the information of the digital certificate to be checked, which is sent by a relying party of the digital certificate; a digest transmission module configured to transmit a message digest of information of one or more revoked digital certificates, which includes partial information, as a reference message digest to a relying party so that the relying party determines a state of a digital certificate to be checked as a revoked state in a case where there is a reference message digest identical to a message digest of information of a digital certificate to be checked.
In some embodiments, the checking means is located at a server of the digital certificate.
In some embodiments, the server of the digital certificate is an online certificate status protocol server.
According to a fifth aspect of some embodiments of the present invention, there is provided a system for checking a status of a digital certificate, comprising: any one of the above check devices for digital certificate status, which comprises a message digest generation module, an information transmission module, a digest reception module, and a status determination module, is used as a first check device; and any one of the above-mentioned digital certificate status checking devices comprising an information receiving module and a digest sending module is used as a second checking device.
According to a sixth aspect of some embodiments of the present invention, there is provided an apparatus for checking a digital certificate status, including: a memory; and a processor coupled to the memory, the processor configured to execute any of the aforementioned methods of checking the status of a digital certificate based on instructions stored in the memory.
According to a seventh aspect of some embodiments of the present invention, there is provided a non-transitory computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements any one of the aforementioned methods of checking the status of a digital certificate.
Some embodiments of the above invention have the following advantages or benefits: since the server receives partial information of the digest, it is difficult to uniquely determine the digital certificate to be queried. After the server returns one or more reference message digests including partial information to the request side, the request side judges the state of the digital certificate to be checked. Therefore, when the inquiry requirement of the digital certificate state is met, the privacy protection of the user is improved.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 illustrates a flow diagram of a method of checking digital certificate status according to some embodiments of the invention.
Fig. 2 illustrates a flow diagram of a preset length determination method according to some embodiments of the invention.
Fig. 3 is a flow diagram illustrating a digital certificate checking method according to another embodiment of the present invention.
Fig. 4 is a schematic structural diagram of an apparatus for checking a digital certificate status on a digital certificate relying party side according to some embodiments of the present invention.
Fig. 5 shows a schematic structural diagram of an apparatus for checking a digital certificate status at a digital certificate server side according to some embodiments of the present invention.
FIG. 6 illustrates a block diagram of a system for checking the status of a digital certificate, in accordance with some embodiments of the present invention.
Fig. 7 is a schematic structural diagram of an apparatus for checking a digital certificate status according to another embodiment of the present invention.
Fig. 8 is a schematic structural diagram of an apparatus for checking the status of a digital certificate according to some embodiments of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
FIG. 1 illustrates a flow diagram of a method of checking digital certificate status according to some embodiments of the invention. As shown in fig. 1, the method for checking the digital certificate status of this embodiment includes steps S102 to S108.
In step S102, a message digest of information of the digital certificate to be checked is generated.
The information of the digital certificate may be, for example, a serial number of the digital certificate, or data for uniquely identifying the digital certificate such as all contents of the digital certificate.
The message digest may be obtained by a hash function, i.e., a hash function calculation. The hash function is unidirectional, i.e. the original information cannot be obtained from the message digest computed by the hash function. Therefore, the safety of information transmission and processing is improved.
In some embodiments, the message digest is computed using the secret SM3 algorithm.
In step S104, part of the information in the digital digest is transmitted to the server of the digital certificate.
In some embodiments, the part of the information in the digital summary is information of a preset length starting from a preset position of the digital summary. For example, the first N bits of the digital digest may be taken and sent to the server of the digital certificate.
In some embodiments, the server of the digital certificate is an OCSP server.
The server determines the digest information of the revoked digital certificate, and returns the digest information including the received partial information therein.
In step S106, a message digest of information of one or more revoked digital certificates sent by the server is received as reference message digests, wherein each reference message digest includes partial information.
In step S108, in the case where there is a reference message digest that coincides with the message digest of the information of the digital certificate to be checked, the state of the digital certificate to be checked is determined as a revoked state. The consistency of the message digests indicates that the original information relied on when the digests are extracted is consistent. Since the server sends the message digest of the revoked digital certificate, it is possible to verify whether the digital certificate to be checked is in the revoked digital certificate.
And if the received reference message digest is inconsistent with the message digest of the information of the digital certificate to be checked, determining the state of the digital certificate to be checked as an unrevoked state.
In the method of the above embodiment, since the server receives partial information of the digest, it is difficult to uniquely determine the digital certificate to be queried. After the server returns one or more reference message digests including partial information to the request side, the request side judges the state of the digital certificate to be checked. Therefore, when the inquiry requirement of the digital certificate state is met, the privacy protection of the user is improved.
If the length of the part of information sent to the server is short, the number of the reference message digests including the part of information is large, so that the difficulty of determining the queried digital certificate by the server or an attacker is increased, but the bandwidth overhead and the calculation burden on the request side are also increased; on the contrary, if the length of the part of information sent to the server is long, the number of reference message digests including the part of information is small, so that the difficulty of the server or the attacker in determining the queried digital certificate is reduced, but the bandwidth overhead and the computational burden on the requesting side are also reduced. In some embodiments, the requesting side may preset the screening number, and determine the preset length of the partial information according to the preset screening number and the number of revoked digital certificates, so as to adjust the priority between the privacy protection and the processing performance as needed. An embodiment of a preset length determination method of partial information according to the present invention is described below with reference to fig. 2.
Fig. 2 illustrates a flow diagram of a preset length determination method according to some embodiments of the invention. As shown in fig. 2, the determination method of this embodiment includes steps S202 to S204.
In step S202, the number of revoked digital certificates is queried. This information may be queried from a website.
In step S204, a preset length of the partial information is determined according to a preset screening number and the number of revoked digital certificates.
The preset screening number refers to the number of reference message digests which are ideally obtained from the server by the requester. In some embodiments, the predetermined length is in a positive correlation with the predetermined number of filters and in a negative correlation with the number of revoked digital certificates.
In some embodiments, the predetermined length is determined based on the logarithm of the ratio of the predetermined number of filters to the number of revoked digital certificates, base 1/2. For example, the preset length n may be determined using equation (1):
in formula (1), M represents a preset screening number, and C represents the number of revoked digital certificates. Thus, when the message digests represented by 0 and 1 are obtained by using the hash function, the number of reference message digests obtained according to the preset length can be made closer to M by taking the logarithm of M/C with base 1/2 as the preset length.
In some embodiments, the preset length may be updated periodically.
The above-described embodiments may be performed by a relying party for digital certificates, such as a browser. An embodiment of a digital certificate checking method is described below in conjunction with a particular apparatus, with reference to fig. 3.
Fig. 3 is a flow diagram illustrating a method for checking a digital certificate according to another embodiment of the present invention. As shown in fig. 3, the method for checking a digital certificate of this embodiment includes steps S302 to S310.
In this embodiment, when a user wants to access a website, a relying party (e.g. a browser) of the digital certificate of the website first checks whether the digital certificate of the website is revoked through the following process.
In step S302, the relying party of the digital certificate extracts the first n bits (denoted as h') of the serialized message digest (denoted as h) of the digital certificate to be checked.
In step S304, the relying party sends h' to the OCSP server.
In step S306, the OCSP server obtains the digest messages of the digital certificates in the list t of the revoked digital certificates, and generates a list t' including the digest messages.
Step S306 may also be performed before step S302 or S304.
In step S308, the OCSP server sends the message digest including h 'in the list t' to the relying party.
In step S310, the relying party checks whether h is identical to one of the message digests transmitted by the OCSP. If yes, the certificate is revoked; otherwise it is not revoked.
By the embodiment, the relying party can accurately inquire whether the digital certificate of the website accessed by the user is revoked, and the OCSP server is difficult to determine the access purpose of the user through the request sent by the relying party, so that the website access security is improved, the access target of the user is prevented from being exposed, and the protection of the user privacy is improved.
An embodiment of the apparatus for checking the digital certificate status on the digital certificate relying party side of the present invention is described below with reference to fig. 4.
Fig. 4 illustrates an architecture diagram of an apparatus for checking digital certificate status on a digital certificate relying party side according to some embodiments of the invention. As shown in fig. 4, the apparatus 400 for checking the digital certificate status of the relying party side of the embodiment includes: a message digest generation module 4100 configured to generate a message digest of information of the digital certificate to be checked; an information sending module 4200 configured to send a part of information in the digital digest to a server of the digital certificate; a digest reception module 4300 configured to receive, as reference message digests, message digests of information of one or more revoked digital certificates transmitted by the server, wherein each reference message digest includes partial information; a state determination module 4400 configured to determine the state of the digital certificate to be checked as a revoked state in a case where there is a reference message digest that is consistent with the message digest of the information of the digital certificate to be checked.
In some embodiments, the part of the information in the digital summary is information of a preset length starting from a preset position of the digital summary.
In some embodiments, the predetermined length is determined based on a predetermined number of filters and a number of revoked digital certificates.
In some embodiments, the predetermined length is determined based on a logarithm of a ratio of the predetermined number of filters to the number of revoked digital certificates, based on 1/2.
In some embodiments, the information of the digital certificate is a serial number of the digital certificate.
In some embodiments, the checking device 400 is located at a relying party device for digital certificates.
In some embodiments, the relying party device is a browser.
An embodiment of the digital certificate status checking apparatus on the digital certificate server side of the present invention is described below with reference to fig. 5.
Fig. 5 shows a schematic structural diagram of an apparatus for checking a digital certificate status at a digital certificate server side according to some embodiments of the present invention. As shown in fig. 5, the apparatus 500 for checking the digital certificate status on the server side of the embodiment includes: an information receiving module 5100 configured to receive partial information in a message digest of information of a digital certificate to be checked, which is sent by a relying party of the digital certificate; a digest transmission module 5200 configured to transmit a message digest of information of one or more revoked digital certificates, which includes partial information, to the relying party as a reference message digest, so that the relying party determines the state of the digital certificate to be checked as a revoked state in the presence of the reference message digest that coincides with the message digest of the information of the digital certificate to be checked.
In some embodiments, the checking means is located at a server of the digital certificate.
In some embodiments, the server of the digital certificate is an online certificate status protocol server.
An embodiment of the digital certificate status checking system of the present invention is described below with reference to fig. 6.
FIG. 6 illustrates a block diagram of a system for checking the status of a digital certificate according to some embodiments of the invention. As shown in fig. 6, the checking system 60 of this embodiment includes a first checking means, implemented by a checking means 400 of digital certificate status; and second checking means implemented by the checking means 500 of the digital certificate status.
Fig. 7 is a schematic structural diagram of an apparatus for checking a digital certificate status according to another embodiment of the present invention. As shown in fig. 7, the digital certificate status checking apparatus 70 of this embodiment includes: a memory 710 and a processor 720 coupled to the memory 710, the processor 720 being configured to execute the method for checking the status of the digital certificate in any of the above embodiments based on instructions stored in the memory 710.
Fig. 8 is a schematic structural diagram of an apparatus for checking the status of a digital certificate according to some embodiments of the present invention. As shown in fig. 8, the digital certificate status checking apparatus 80 of this embodiment includes: the memory 810 and the processor 820 may further include an input/output interface 830, a network interface 840, a storage interface 850, and the like. These interfaces 830, 840, 850 and the memory 810 and the processor 820 may be connected, for example, by a bus 860. The input/output interface 830 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 840 provides a connection interface for various networking devices. The storage interface 850 provides a connection interface for external storage devices such as an SD card and a usb disk.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, wherein the computer program is configured to implement any one of the foregoing methods for checking a digital certificate status when executed by a processor.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention, which is intended to cover any modifications, equivalents, improvements, etc. within the spirit and scope of the present invention.
Claims (15)
1. A method for checking a digital certificate status, comprising:
generating a message digest of information of the digital certificate to be checked;
sending part of information in the digital abstract to a server of a digital certificate;
receiving, as reference message digests, message digests of information of one or more revoked digital certificates sent by the server, wherein each reference message digest includes the partial information;
determining the state of the digital certificate to be checked as a revoked state in the presence of a reference message digest that coincides with a message digest of the information of the digital certificate to be checked.
2. The inspection method of claim 1, wherein the partial information in the digital digest is information of a preset length starting from a preset position of the digital digest.
3. The inspection method according to claim 2, wherein the preset length is determined according to a preset number of filters and the number of revoked digital certificates.
4. The inspection method according to claim 3, wherein the preset length is determined according to a logarithm of a ratio of a preset number of filters to the number of revoked digital certificates, base 1/2.
5. The inspection method according to claim 1, wherein the information of the digital certificate is a serial number of the digital certificate.
6. A method for checking a digital certificate status, comprising:
receiving partial information in a message digest of the information of the digital certificate to be checked, which is sent by a relying party of the digital certificate;
and sending a message digest of the information of the one or more revoked digital certificates, which includes the partial information, as a reference message digest to the relying party, so that the relying party determines the state of the digital certificate to be checked as a revoked state in the case that the reference message digest consistent with the message digest of the information of the digital certificate to be checked exists.
7. An apparatus for checking a digital certificate status, comprising:
a message digest generation module configured to generate a message digest of information of the digital certificate to be checked;
the information sending module is configured to send part of information in the digital abstract to a server of a digital certificate;
a digest reception module configured to receive, as reference message digests, message digests of information of one or more revoked digital certificates sent by the server, wherein each reference message digest includes the partial information;
a state determination module configured to determine a state of the digital certificate to be checked as a revoked state in a case where there is a reference message digest that coincides with a message digest of the information of the digital certificate to be checked.
8. The inspection device of claim 7, wherein the inspection device is located at a relying party device for digital certificates.
9. The inspection device of claim 8, wherein the relying party device is a browser.
10. An apparatus for checking a digital certificate status, comprising:
the information receiving module is configured to receive partial information in a message digest of the information of the digital certificate to be checked, which is sent by a relying party of the digital certificate;
a digest transmission module configured to transmit a message digest of information of one or more revoked digital certificates, which includes the partial information, as a reference message digest to the relying party, so that the relying party determines the state of the digital certificate to be checked as a revoked state in a case where there is a reference message digest that coincides with the message digest of the information of the digital certificate to be checked.
11. The inspection device of claim 10, wherein the inspection device is located at a server of a digital certificate.
12. The inspection apparatus of claim 11, wherein the server of the digital certificate is an online certificate status protocol server.
13. A system for checking a digital certificate status, comprising:
the apparatus for checking a digital certificate status as set forth in any one of claims 7 to 9, as the first checking means; and
the apparatus for checking a digital certificate status as set forth in any one of claims 10 to 12, as a second checking apparatus.
14. An apparatus for checking a digital certificate status, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of checking the status of a digital certificate of any of claims 1-6 based on instructions stored in the memory.
15. A non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of checking the status of a digital certificate according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010314931.4A CN113541930B (en) | 2020-04-21 | 2020-04-21 | Method, device, system and storage medium for checking digital certificate state |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010314931.4A CN113541930B (en) | 2020-04-21 | 2020-04-21 | Method, device, system and storage medium for checking digital certificate state |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113541930A CN113541930A (en) | 2021-10-22 |
| CN113541930B true CN113541930B (en) | 2022-08-19 |
Family
ID=78123760
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010314931.4A Active CN113541930B (en) | 2020-04-21 | 2020-04-21 | Method, device, system and storage medium for checking digital certificate state |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113541930B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116455633B (en) * | 2023-04-17 | 2024-01-30 | 清华大学 | Digital certificate verification method and device, electronic equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020073310A1 (en) * | 2000-12-11 | 2002-06-13 | Ibm Corporation | Method and system for a secure binding of a revoked X.509 certificate to its corresponding certificate revocation list |
| US7761703B2 (en) * | 2002-03-20 | 2010-07-20 | Research In Motion Limited | System and method for checking digital certificate status |
| CN100495963C (en) * | 2006-09-23 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | Public key certificate state obtaining and verification method |
| CN101572707B (en) * | 2009-05-31 | 2012-08-08 | 成都市华为赛门铁克科技有限公司 | Method, apparatus and system for validating certificate state |
| CN107332833B (en) * | 2017-06-22 | 2021-05-18 | 宇龙计算机通信科技(深圳)有限公司 | Verification method and device |
-
2020
- 2020-04-21 CN CN202010314931.4A patent/CN113541930B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113541930A (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10891383B2 (en) | Validating computer resource usage | |
| US9800416B2 (en) | Distributed validation of digitally signed electronic documents | |
| WO2021012552A1 (en) | Login processing method and related device | |
| US9325509B2 (en) | Determination method for cryptographic algorithm used for signature, validation server and program | |
| JP2021516495A (en) | Key management methods, devices, systems, computer equipment and computer programs | |
| US9401911B2 (en) | One-time password certificate renewal | |
| US8375211B2 (en) | Optimization of signing soap body element | |
| US20040054889A1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
| KR20080106532A (en) | Generation of electronic signatures | |
| US20210058258A1 (en) | Methods, Application Server, IoT Device and Media For Implementing IoT Services | |
| CN110912920A (en) | Data processing method, apparatus and medium | |
| JP4558099B1 (en) | Digital data content certification system, data certification device, user terminal, computer program and method | |
| JP2020532928A (en) | Digital signature methods, devices and systems | |
| US8719574B2 (en) | Certificate generation using virtual attributes | |
| EP2747377A2 (en) | Trusted certificate authority to create certificates based on capabilities of processes | |
| CN115361233B (en) | Block chain-based electronic document signing method, device, equipment and medium | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| CN101951605A (en) | Digital signature method of movable Widget | |
| CN107332833B (en) | Verification method and device | |
| US8214634B1 (en) | Establishing trust via aggregate peer ranking | |
| Anada et al. | RSA public keys with inside structure: Proofs of key generation and identities for web-of-trust | |
| CN113541930B (en) | Method, device, system and storage medium for checking digital certificate state | |
| CN115550061B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| Schaad | Certificate Management over CMS (CMC) Updates | |
| CN113676332A (en) | Two-dimensional code authentication method, communication device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20211022 Assignee: Tianyiyun Technology Co.,Ltd. Assignor: CHINA TELECOM Corp.,Ltd. Contract record no.: X2024110000020 Denomination of invention: Methods, devices, systems, and storage media for checking the status of digital certificates Granted publication date: 20220819 License type: Common License Record date: 20240315 |