CN114499897A - Self-adaptive verification method and verification system for SM2 security certificate - Google Patents
Self-adaptive verification method and verification system for SM2 security certificate Download PDFInfo
- Publication number
- CN114499897A CN114499897A CN202210390750.9A CN202210390750A CN114499897A CN 114499897 A CN114499897 A CN 114499897A CN 202210390750 A CN202210390750 A CN 202210390750A CN 114499897 A CN114499897 A CN 114499897A
- Authority
- CN
- China
- Prior art keywords
- certificate
- security
- verification
- service system
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Abstract
Description
Claims (6)
- An adaptive verification method for SM2 security certificates, characterized by: the steps of the self-adaptive verification method are as follows:s1: a certificate service system is installed on a computer in advance;s2: the user accesses an http website which adopts an SM2 commercial password on the internet through a browser on a computer;s3: the browser acquires the security certificate of the http website based on SM2 by accessing the http website;s4: the browser calls a certificate service system to verify the security certificate of the http website;s5: after the website certificate passes verification, the user can safely use the functions of the website.
- 2. The adaptive verification method of SM2 security certificates according to claim 1, wherein: step S2 includes:s2.1, the certificate service system obtains the security certificate of the certificate service system from each CA mechanism in advance;s2.2, the browser appoints a trusted CA mechanism to the certificate service system, and then the certificate service system provides a security certificate issued by the CA mechanism to the certificate service system for the browser;s2.3, the browser verifies the certificate of the certificate service system to the trusted CA mechanism and confirms whether the certificate service system is a legal system.
- 3. The adaptive verification method of SM2 security certificates according to claim 1, wherein: in an SM2 certificate chain of a CA mechanism given by an http website security certificate, using an SM2 public key contained in the http website certificate to sequentially decrypt signature data of each certificate in the certificate chain, calculating a data fingerprint, and comparing the data fingerprint with the data fingerprint of the http website security certificate, wherein if the comparison with the fingerprint existing in the data fingerprint of the http website security certificate is successful, the verification is passed, otherwise, the verification is not passed.
- 4. The adaptive verification method of SM2 security certificates according to claim 1, wherein: the certificate service system can be further extended to other asymmetric cryptographic algorithms besides SM2, including elliptic curve cryptography algorithm ECC, public key cryptography algorithm RSA, digital signature algorithm DSA, and key exchange algorithm D-H, to support more secure certificate verifications.
- 5. A system for validating SM2 security certificates, comprising: including front end and rear end, wherein the front end further includes:the request receiving module is used for receiving the certificate access and certificate verification requests and the related information thereof sent by the browser and respectively sending the requests and the related information thereof to the storage module or the rear end;the result feedback module is used for sending the result of certificate access or certificate verification to the browser;and the storage module is used for storing the security certificate of the certificate service system and outputting the security certificate of the certificate service system to the result feedback module according to the requirement of the request receiving module.
- 6. A system for validating SM2 security certificates as claimed in claim 5, wherein: wherein the back end further comprises:the acquisition module is used for acquiring the security certificate of the certificate service system from a CA (certificate authority) and sending the security certificate to the storage module at the front end for storage;the verification module is used for receiving a certificate verification request sent by the front end, acquiring an SM2 certificate chain from a CA (certificate authority), sequentially decrypting signature data of each certificate in the certificate chain by using an SM2 public key contained in the certificate verification request, calculating a data fingerprint, comparing the data fingerprint with the data fingerprint of the http website security certificate, if the comparison with the fingerprint existing in the data fingerprint of the http website security certificate is successful, passing the verification, and if the comparison is not successful, passing the verification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210390750.9A CN114499897B (en) | 2022-04-14 | 2022-04-14 | Self-adaptive verification method and verification system for SM2 security certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210390750.9A CN114499897B (en) | 2022-04-14 | 2022-04-14 | Self-adaptive verification method and verification system for SM2 security certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114499897A true CN114499897A (en) | 2022-05-13 |
CN114499897B CN114499897B (en) | 2022-08-02 |
Family
ID=81487576
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210390750.9A Active CN114499897B (en) | 2022-04-14 | 2022-04-14 | Self-adaptive verification method and verification system for SM2 security certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114499897B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115567201A (en) * | 2022-09-22 | 2023-01-03 | 矩阵时光数字科技有限公司 | Adaptive terminal quantum encryption and decryption method and system thereof |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639534A (en) * | 2014-12-30 | 2015-05-20 | 北京奇虎科技有限公司 | Website safety information uploading method and browser device |
CN105282153A (en) * | 2015-09-30 | 2016-01-27 | 北京奇虎科技有限公司 | Method for achieving data transmission and terminal equipment |
CN107046539A (en) * | 2017-04-07 | 2017-08-15 | 山东中创软件商用中间件股份有限公司 | The method to set up and device of a kind of application secure access |
CN108763967A (en) * | 2018-06-05 | 2018-11-06 | 苏州科达科技股份有限公司 | Obtain system, method, apparatus and the storage medium of device certificate |
CN109040055A (en) * | 2018-07-30 | 2018-12-18 | 美通云动(北京)科技有限公司 | The method for realizing Web secure access using domestic password |
CN109040318A (en) * | 2018-09-25 | 2018-12-18 | 网宿科技股份有限公司 | The HTTPS connection method of CDN network and CDN node server |
CN110311923A (en) * | 2019-07-16 | 2019-10-08 | 丁晓东 | Adaptive, the twin-channel national secret algorithm HTTPS access method of one kind and system |
CN112087467A (en) * | 2020-09-18 | 2020-12-15 | 杭州弗兰科信息安全科技有限公司 | Information encryption transmission method and system based on web system |
CN112653672A (en) * | 2020-12-11 | 2021-04-13 | 苏州浪潮智能科技有限公司 | Two-way authentication method, device, equipment and readable medium based on cryptographic algorithm |
CN113572740A (en) * | 2021-06-30 | 2021-10-29 | 长沙证通云计算有限公司 | Cloud management platform authentication encryption method based on state password |
CN113904767A (en) * | 2021-09-29 | 2022-01-07 | 深圳市惠尔顿信息技术有限公司 | System for establishing communication based on SSL |
-
2022
- 2022-04-14 CN CN202210390750.9A patent/CN114499897B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639534A (en) * | 2014-12-30 | 2015-05-20 | 北京奇虎科技有限公司 | Website safety information uploading method and browser device |
US20170359185A1 (en) * | 2014-12-30 | 2017-12-14 | Beijing Qihoo Technology Company Limited | Method for loading website security information and browser apparatus |
CN105282153A (en) * | 2015-09-30 | 2016-01-27 | 北京奇虎科技有限公司 | Method for achieving data transmission and terminal equipment |
CN107046539A (en) * | 2017-04-07 | 2017-08-15 | 山东中创软件商用中间件股份有限公司 | The method to set up and device of a kind of application secure access |
CN108763967A (en) * | 2018-06-05 | 2018-11-06 | 苏州科达科技股份有限公司 | Obtain system, method, apparatus and the storage medium of device certificate |
CN109040055A (en) * | 2018-07-30 | 2018-12-18 | 美通云动(北京)科技有限公司 | The method for realizing Web secure access using domestic password |
CN109040318A (en) * | 2018-09-25 | 2018-12-18 | 网宿科技股份有限公司 | The HTTPS connection method of CDN network and CDN node server |
CN110311923A (en) * | 2019-07-16 | 2019-10-08 | 丁晓东 | Adaptive, the twin-channel national secret algorithm HTTPS access method of one kind and system |
CN112087467A (en) * | 2020-09-18 | 2020-12-15 | 杭州弗兰科信息安全科技有限公司 | Information encryption transmission method and system based on web system |
CN112653672A (en) * | 2020-12-11 | 2021-04-13 | 苏州浪潮智能科技有限公司 | Two-way authentication method, device, equipment and readable medium based on cryptographic algorithm |
CN113572740A (en) * | 2021-06-30 | 2021-10-29 | 长沙证通云计算有限公司 | Cloud management platform authentication encryption method based on state password |
CN113904767A (en) * | 2021-09-29 | 2022-01-07 | 深圳市惠尔顿信息技术有限公司 | System for establishing communication based on SSL |
Non-Patent Citations (6)
Title |
---|
ZHAOFENG MA: ""Digital rights management: Model, technology and application"", 《CHINA COMMUNICATIONS》 * |
刘迪等: "基于国密算法安全中间件的安全功能研究与设计", 《网络安全技术与应用》 * |
孟伟明等: "基于PKI的数字证书实现对网站访问的有连接控制", 《电脑知识与技术》 * |
张俊贤等: "国产安全浏览器技术研究", 《信息安全研究》 * |
王高华等: "国产密码证书全生态应用研究与实践", 《网络空间安全》 * |
项川等: "支持商密算法TLS浏览器的设计与实现", 《信息网络安全》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115567201A (en) * | 2022-09-22 | 2023-01-03 | 矩阵时光数字科技有限公司 | Adaptive terminal quantum encryption and decryption method and system thereof |
CN115567201B (en) * | 2022-09-22 | 2024-04-19 | 矩阵时光数字科技有限公司 | Self-adaptive terminal quantum encryption and decryption method and system thereof |
Also Published As
Publication number | Publication date |
---|---|
CN114499897B (en) | 2022-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11223614B2 (en) | Single sign on with multiple authentication factors | |
JP7297360B2 (en) | Key management method, device, system, computer equipment and computer program | |
US9544297B2 (en) | Method for secured data processing | |
US7689828B2 (en) | System and method for implementing digital signature using one time private keys | |
US9172541B2 (en) | System and method for pool-based identity generation and use for service access | |
US9350555B2 (en) | Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer | |
US8788836B1 (en) | Method and apparatus for providing identity claim validation | |
WO2019094611A1 (en) | Identity-linked authentication through a user certificate system | |
US20220394026A1 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
US8332647B2 (en) | System and method for dynamic multi-attribute authentication | |
CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
CN110535807B (en) | Service authentication method, device and medium | |
EP3292495B1 (en) | Cryptographic data | |
JP2006340178A (en) | Attribute certificate verifying method and device | |
WO2019178763A1 (en) | Certificate importing method and terminal | |
CN114499897B (en) | Self-adaptive verification method and verification system for SM2 security certificate | |
CN110868415B (en) | Remote identity verification method and device | |
US11764979B2 (en) | Customer-controlled authentication | |
AU2020204174B2 (en) | Assuring external accessibility for devices on a network | |
CN115150831A (en) | Processing method, device, server and medium for network access request | |
WO2022171263A1 (en) | Key attestation methods, computing devices having key attestation abilities, and their provisioning | |
CN117675309A (en) | Data access method and device, storage medium and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information |
Inventor after: Shen Yimin Inventor after: Hou Dong Inventor after: Chen Zheng Inventor after: Wang Xiaolong Inventor after: Li Xiaodong Inventor after: Yu Chunlei Inventor after: Lin Ranzi Inventor after: Wang Tao Inventor before: Shen Yimin Inventor before: Hou Dong Inventor before: Chen Zheng Inventor before: Wang Xiaolong Inventor before: Li Xiaodong Inventor before: Yu Chunlei Inventor before: Lin Ranzi Inventor before: Wang Tao |
|
CB03 | Change of inventor or designer information |