CN114650160A - Digital certificate processing method and device, storage medium and electronic equipment - Google Patents
Digital certificate processing method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN114650160A CN114650160A CN202011522429.9A CN202011522429A CN114650160A CN 114650160 A CN114650160 A CN 114650160A CN 202011522429 A CN202011522429 A CN 202011522429A CN 114650160 A CN114650160 A CN 114650160A
- Authority
- CN
- China
- Prior art keywords
- certificate
- state
- public key
- encryption
- double
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims description 8
- 238000000034 method Methods 0.000 claims abstract description 65
- 238000012545 processing Methods 0.000 claims abstract description 52
- 230000009977 dual effect Effects 0.000 claims description 181
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012550 audit Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 19
- 238000009434 installation Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000003993 interaction Effects 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to a method and a device for processing a digital certificate, a storage medium and an electronic device, relating to the field of information security, wherein the method is applied to an RA system and comprises the following steps: the method comprises the steps of determining a first double certificate to be revoked corresponding to a serial number to be revoked according to a received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate, determining the state of the first double certificate, sending the identification of the first double certificate to a CA system through a first message queue, enabling the CA system to determine the identification of a first encryption public key included in the first double certificate according to the identification of the first double certificate, and sending the identification of the first encryption public key to a KMC system through a second message queue, wherein the KMC system is used for setting the states of the first encryption public key and a corresponding first encryption private key to be revoked according to the identification of the first encryption public key, and finally, the RA system sets the state of the first double certificate to be revoked.
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to a method and an apparatus for processing a digital certificate, a storage medium, and an electronic device.
Background
With the development of electronic information technology, digital certificates have been widely used in the fields of online banking, online securities, e-government affairs, e-commerce, and the like, and accordingly, digital certificate authentication systems for realizing management functions of issuing, updating, canceling, and the like of digital certificates have been more and more widely used. The digital certificate authentication system mainly includes systems such as RA (Registration Authority, chinese), CA (authentication Authority, chinese), KMC (Key Manager Center, chinese), and the like. Generally, operations such as issuing, updating, canceling and the like of a digital certificate are realized through data interaction among systems, but the service processing time of the digital certificate is long due to high coupling among the systems, and if abnormal interruption occurs in the interaction process of the systems, the related data records of the digital certificate and a key are disordered, the operations cannot be continuously executed, and the processing efficiency and the security of the digital certificate are influenced.
Disclosure of Invention
The purpose of the present disclosure is to provide a method, an apparatus, a storage medium, and an electronic device for processing a digital certificate, so as to improve the processing efficiency and security of the digital certificate.
According to a first aspect of the embodiments of the present disclosure, a method for processing a digital certificate is provided, where the method is applied to a registration auditor RA system, and the method includes:
determining a first double certificate to be revoked corresponding to a serial number to be revoked according to a received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate, the serial number of the first signature certificate is matched with the serial number to be revoked, and/or the serial number of the first encryption certificate is matched with the serial number to be revoked;
determining a state of the first dual certificate, the state of the first dual certificate being: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
if the state of the first double certificate is a used state or an updated state, sending the identifier of the first double certificate to a Certificate Authority (CA) system through a first message queue, so that the CA system determines the identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, wherein the KMC system is used for setting the states of the first encryption public key and a corresponding first encryption private key to be a revoked state according to the identifier of the first encryption public key, and the identifier of the first double certificate comprises a serial number of the first signature certificate and a serial number of the first encryption certificate;
setting a state of the first dual certificate to a revoked state.
Optionally, the method further comprises:
generating an issuing request comprising a signature public key;
sending the issuing request to the CA system so that the CA system generates a key pair generating request according to the issuing request and sends the key pair generating request to the KMC system, wherein the KMC system is used for generating an encryption public key and an encryption private key and setting the states of the encryption public key and the encryption private key as a to-be-used state;
receiving a double certificate sent by the CA system, wherein the double certificate is generated by the CA system according to the signature public key and the encryption public key sent by the KMC system, and the CA system is used for setting the state of the double certificate to be in a to-be-used state after sending the double certificate to the RA system;
installing the double certificates, and setting the states of the double certificates to be used states;
sending a first update message to the CA system through the first message queue to cause the CA system to set the state of the dual certificate to a used state and sending a second update message to the KMC system through the second message queue, the KMC system being configured to set the states of the cryptographic public key and the cryptographic private key to a used state;
setting the state of the dual certificate to a used state.
Optionally, the method further comprises:
determining a second double certificate to be updated corresponding to the serial number to be updated according to the received serial number to be updated, wherein the second double certificate comprises a second signature certificate and a second encryption certificate, the serial number of the second signature certificate is matched with the serial number to be updated, and/or the serial number of the second encryption certificate is matched with the serial number to be updated;
determining a status of the second dual certificate;
if the state of the second double certificate is a used state or an updated state, generating an update request according to the serial number to be updated, and sending the update request to the CA system, so that the CA system determines an identifier of a second encryption public key included in the second double certificate according to the update request, and sends an update request of a key pair to the KMC system, wherein the update request of the key pair is generated by the CA system according to the update request and the identifier of the second encryption public key; the KMC system is used for generating a third encryption public key and a third encryption private key according to the key pair updating request, determining a second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, and setting the states of the third encryption public key and the third encryption private key to be in a to-be-used state and the states of the second encryption public key and the second encryption private key to be in a to-be-unregistered state;
receiving a third double certificate sent by the CA system, wherein the third double certificate is generated by the CA system according to the third encrypted public key sent by the KMC system, and the CA system is used for setting the state of the third double certificate as a to-be-updated state and setting the state of the second double certificate as a to-be-revoked state after sending the third double certificate to the RA system;
installing the third double certificate, and setting the state of the third double certificate as a state to be updated;
sending a third update message to the CA system through the first message queue to cause the CA system to set the state of the third dual certificate to an updated state and send a fourth update message to the KMC system through the second message queue, the KMC system being configured to set the states of the third cryptographic public key and the third cryptographic private key to a used state and set the states of the second cryptographic public key and the second cryptographic private key to a revoked state;
setting a state of the third dual certificate to an updated state.
According to a second aspect of the embodiments of the present disclosure, there is provided a method for processing a digital certificate, which is applied to a certificate authority CA system, the method including:
receiving an identifier of a first double certificate sent by a registration auditing mechanism (RA) system through a first message queue, wherein the identifier of the first double certificate is sent by the RA system after the RA system receives a serial number to be revoked, and determining the first double certificate to be revoked according to the serial number to be revoked, and under the condition that the state of the first double certificate is determined to be a used state or an updated state, the state of the first double certificate is as follows: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
determining the identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sending the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, so that the KMC system sets the states of the first encryption public key and a corresponding first encryption private key to be a logout state according to the identifier of the first encryption public key;
setting a state of the first dual certificate to a revoked state.
Optionally, the method further comprises:
receiving an issuing request which is sent by the RA system and comprises a signature public key;
generating a key pair generation request according to the issuance request, and sending the key pair generation request to the KMC system so that the KMC system generates an encryption public key and an encryption private key, and setting the states of the encryption public key and the encryption private key as a to-be-used state;
receiving the encrypted public key sent by the KMC system, and generating a double certificate according to the signature public key and the encrypted public key;
sending the dual certificate to the RA system so that the RA system installs the dual certificate and sets the state of the dual certificate to be a to-be-used state;
setting the state of the double certificate as a to-be-used state, and receiving a first updating message sent by the RA system through the first message queue;
sending a second update message to the KMC system through the second message queue to cause the KMC system to set the states of the encrypted public key and the encrypted private key to a used state;
setting the state of the dual certificate to a used state.
Optionally, the method further comprises:
receiving an update request sent by the RA system, and determining an identifier of a second encrypted public key included in a second double certificate according to the update request, wherein the update request is sent when the RA system receives a serial number to be updated and determines the second double certificate to be updated according to the serial number to be updated and determines that the state of the second double certificate is a used state or an updated state;
generating a key pair updating request according to the updating request and the identification of a second encryption public key, and sending the key pair updating request to the KMC system, so that the KMC system generates a third encryption public key and a corresponding third encryption private key according to the key pair updating request, and determines the second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, wherein the KMC system is used for setting the states of the third encryption public key and the third encryption private key to be used and setting the states of the second encryption public key and the second encryption private key to be unregistered;
generating a third double certificate according to the third encrypted public key, and setting the state of the third double certificate as a to-be-used state;
sending the third dual certificate to the RA system, so that the RA system installs the third dual certificate, and setting the state of the third dual certificate as a to-be-used state;
receiving a third update message sent by the RA system through the first message queue, and sending a fourth update message to the KMC system through the second message queue, so that the KMC system sets the states of the third encryption public key and the third encryption private key to be in a used state, and sets the states of the second encryption public key and the second encryption private key to be in a logged-off state;
setting the state of the second dual certificate to a revoked state, and setting the state of a third dual certificate to an updated state.
According to a third aspect of the embodiments of the present disclosure, there is provided a processing apparatus of a digital certificate, which is applied to a registration auditor RA system, the apparatus including:
the first determining module is used for determining a first double certificate to be revoked corresponding to a serial number to be revoked according to the received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate, the serial number of the first signature certificate is matched with the serial number to be revoked, and/or the serial number of the first encryption certificate is matched with the serial number to be revoked;
a second determining module, configured to determine a state of the first dual certificate, where the state of the first dual certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
a sending module, configured to send, if the state of the first double certificate is a used state or an updated state, an identifier of the first double certificate to a certificate authority CA system through a first message queue, so that the CA system determines, according to the identifier of the first double certificate, an identifier of a first encryption public key included in the first double certificate, and sends, through a second message queue, the identifier of the first encryption public key to a key management center KMC system, where the KMC system is configured to set, according to the identifier of the first encryption public key, the states of the first encryption public key and a corresponding first encryption private key to a revoked state, and the identifier of the first double certificate includes a serial number of the first signature certificate and a serial number of the first encryption certificate;
and the setting module is used for setting the state of the first double certificate as a logout state.
Optionally, the apparatus further comprises:
the generating module is used for generating an issuing request comprising a signature public key;
the sending module is further configured to: sending the issuing request to the CA system so that the CA system generates a key pair generating request according to the issuing request and sends the key pair generating request to the KMC system, wherein the KMC system is used for generating an encryption public key and an encryption private key and setting the states of the encryption public key and the encryption private key as a to-be-used state;
the receiving module is used for receiving a double certificate sent by the CA system, wherein the double certificate is generated by the CA system according to the signature public key and the encrypted public key sent by the KMC system, and the CA system is used for setting the state of the double certificate to be a to-be-used state after sending the double certificate to the RA system;
the installation module is used for installing the double certificates and setting the states of the double certificates as to-be-used states;
the sending module is further configured to: sending a first update message to the CA system through the first message queue to cause the CA system to set the state of the dual certificate to a used state and sending a second update message to the KMC system through the second message queue, the KMC system being configured to set the states of the cryptographic public key and the cryptographic private key to a used state;
the setup module is further configured to: setting the state of the dual certificate to a used state.
Optionally, the first determining module is further configured to: determining a second double certificate to be updated corresponding to the serial number to be updated according to the received serial number to be updated, wherein the second double certificate comprises a second signature certificate and a second encryption certificate, the serial number of the second signature certificate is matched with the serial number to be updated, and/or the serial number of the second encryption certificate is matched with the serial number to be updated;
the second determination module is further to: determining a status of the second dual certificate;
the generation module is further to: if the state of the second double certificate is a used state or an updated state, generating an update request according to the serial number to be updated, and sending the update request to the CA system, so that the CA system determines an identifier of a second encryption public key included in the second double certificate according to the update request, and sends an update request of a key pair to the KMC system, wherein the update request of the key pair is generated by the CA system according to the update request and the identifier of the second encryption public key; the KMC system is used for generating a third encryption public key and a third encryption private key according to the key pair updating request, determining a second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, and setting the states of the third encryption public key and the third encryption private key to be in a to-be-used state and the states of the second encryption public key and the second encryption private key to be in a to-be-unregistered state;
the receiving module is further configured to: a third double certificate sent by the CA system, wherein the third double certificate is generated by the CA system according to the third encrypted public key sent by the KMC system, and the CA system is used for setting the state of the third double certificate as a to-be-updated state and setting the state of the second double certificate as a to-be-revoked state after sending the third double certificate to the RA system;
the installation module is further configured to: installing the third double certificate, and setting the state of the third double certificate as a state to be updated;
the sending module is further configured to: sending a third update message to the CA system through the first message queue to cause the CA system to set the state of the third dual certificate to an updated state and send a fourth update message to the KMC system through the second message queue, the KMC system being configured to set the states of the third cryptographic public key and the third cryptographic private key to a used state and set the states of the second cryptographic public key and the second cryptographic private key to a revoked state;
the setup module is further configured to: setting a state of the third dual certificate to an updated state.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an apparatus for processing a digital certificate, which is applied to a certificate authority CA system, the apparatus including:
a receiving module, configured to receive, through a first message queue, an identifier of a first dual certificate sent by an RA system of a registration and audit authority, where the identifier of the first dual certificate is sent by the RA system when the RA system receives a serial number to be revoked, and after determining, according to the serial number to be revoked, the first dual certificate to be revoked, if the state of the first dual certificate is determined to be a used state or an updated state, the state of the first dual certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
the determining module is used for determining an identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sending the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, so that the KMC system sets the states of the first encryption public key and a corresponding first encryption private key to be a revoked state according to the identifier of the first encryption public key;
and the setting module is used for setting the state of the first double certificate as a logout state.
Optionally, the receiving module is further configured to: receiving an issuing request which is sent by the RA system and comprises a signature public key;
the device further comprises:
the generating module is used for generating a key pair generating request according to the issuing request, sending the key pair generating request to the KMC system so as to enable the KMC system to generate an encrypted public key and an encrypted private key, and setting the states of the encrypted public key and the encrypted private key to be in a to-be-used state;
the receiving module is further configured to: receiving the encrypted public key sent by the KMC system, and generating a double certificate according to the signature public key and the encrypted public key;
the sending module is used for sending the double certificates to the RA system so that the RA system installs the double certificates and sets the states of the double certificates to be in a to-be-used state;
the receiving module is further configured to: setting the state of the double certificate as a to-be-used state, and receiving a first updating message sent by the RA system through the first message queue;
the sending module is further configured to: sending a second update message to the KMC system through the second message queue to cause the KMC system to set the states of the cryptographic public key and the cryptographic private key to a used state;
the setup module is further configured to: setting the state of the dual certificate to a used state.
Optionally, the receiving module is further configured to: receiving an update request sent by the RA system, and determining an identifier of a second encrypted public key included in a second double certificate according to the update request, wherein the update request is sent when the RA system receives a serial number to be updated and determines the second double certificate to be updated according to the serial number to be updated and determines that the state of the second double certificate is a used state or an updated state;
the generation module is further to: generating a key pair updating request according to the updating request and the identification of a second encryption public key, and sending the key pair updating request to the KMC system, so that the KMC system generates a third encryption public key and a corresponding third encryption private key according to the key pair updating request, and determines the second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, wherein the KMC system is used for setting the states of the third encryption public key and the third encryption private key to be used and setting the states of the second encryption public key and the second encryption private key to be unregistered;
the generation module is further to: generating a third double certificate according to the third encrypted public key, and setting the state of the third double certificate as a to-be-used state;
the sending module is further configured to: sending the third dual certificate to the RA system, so that the RA system installs the third dual certificate, and setting the state of the third dual certificate as a to-be-used state;
the receiving module is further configured to: receiving a third update message sent by the RA system through the first message queue, and sending a fourth update message to the KMC system through the second message queue, so that the KMC system sets the states of the third encryption public key and the third encryption private key to be in a used state, and sets the states of the second encryption public key and the second encryption private key to be in a logged-off state;
the setup module is further configured to: setting the state of the second dual certificate to a revoked state, and setting the state of a third dual certificate to an updated state.
According to a fifth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method of any one of the first aspects of the embodiments of the present disclosure.
According to a sixth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method of any one of the second aspects of embodiments of the present disclosure.
According to a seventh aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any one of the first aspect of the embodiments of the present disclosure.
According to an eighth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any one of the second aspects of the embodiments of the present disclosure.
According to the technical scheme, the RA system firstly determines a first double certificate to be revoked corresponding to the serial number to be revoked according to the received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate which are matched with the serial number to be revoked, then determines the state of the first double certificate, and sends the identifier of the first double certificate to the CA system through a first message queue if the state of the first double certificate is a used state or an updated state. And the CA system determines the identifier of the first encrypted public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encrypted public key to the key management center KMC system through the second message queue, wherein the identifier of the first double certificate comprises the serial number of the first signed certificate and the serial number of the first encrypted certificate. And the KMC system sets the states of the first encryption public key and the corresponding first encryption private key to be a logout state according to the identification of the first encryption public key. Finally, the RA system sets the state of the first dual certificate to the revoked state. According to the method and the device, the dual-certificate is subjected to logout processing according to the state of the dual-certificate, and data transmission is performed through the message queue, so that the processing efficiency and the security are improved.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a block diagram of a digital certificate authentication system;
FIG. 2 is a flow diagram illustrating a method of processing a digital certificate in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating another method of processing a digital certificate in accordance with an illustrative embodiment;
FIG. 4 is a flow diagram illustrating another method of processing a digital certificate in accordance with an illustrative embodiment;
FIG. 5 is a flow diagram illustrating a method of processing a digital certificate in accordance with an exemplary embodiment;
FIG. 6 is a flow diagram illustrating another method of processing a digital certificate in accordance with an illustrative embodiment;
FIG. 7 is a flow diagram illustrating another method of processing a digital certificate in accordance with an illustrative embodiment;
FIG. 8 is a block diagram illustrating a digital certificate processing apparatus in accordance with an exemplary embodiment;
FIG. 9 is a block diagram illustrating another digital certificate processing apparatus in accordance with an illustrative embodiment;
fig. 10 is a block diagram illustrating a digital certificate processing apparatus in accordance with an exemplary embodiment;
FIG. 11 is a block diagram illustrating another digital certificate processing apparatus in accordance with an illustrative embodiment;
FIG. 12 is a block diagram illustrating an electronic device in accordance with an exemplary embodiment;
FIG. 13 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Before describing the method for processing a digital certificate provided by the present disclosure, an application scenario related to various embodiments of the present disclosure is first described. The application scenario may be a digital certificate authentication system, which includes an RA system, a CA system, and a KMC system, and is configured as shown in fig. 1. The RA system may send a request for processing of the digital certificate (e.g., a to-deregister serial number, an issue request, or a to-update serial number, mentioned below) to the CA system through the network, or may send an update message (e.g., a first update message or a third update message, mentioned below) to the CA system through the message queue. The CA system may send a key pair processing request (e.g., a key pair generation request or a key pair update request mentioned below) directly to the KMC system, may send an update message (e.g., a second update message or a fourth update message mentioned below) to the KMC system through the message queue, and may send the generated digital certificate to the RA system, and the KMC system may generate a key pair including an encrypted private key and an encrypted public key and send the encrypted public key thereof to the CA system. The RA system may be understood as a service acceptance system that handles services such as issuance, update, logout, and the like of a digital certificate for a user, the CA system may be understood as a system responsible for issuing and managing a digital certificate, and the KMC system may be understood as a system responsible for providing key services such as generation, saving, backup, update, restoration, inquiry, and the like of a key for the CA system. It should be noted that the digital certificates in the embodiments of the present disclosure are both double certificates, and include a signature certificate and an encryption certificate, where the signature certificate is a certificate generated according to a signature public key provided by a user, and the encryption certificate is a certificate generated according to an encryption public key generated by a KMC system.
Fig. 2 is a flowchart illustrating a method for processing a digital certificate according to an exemplary embodiment, where the method is applied to an RA system, as shown in fig. 2, and may include the following steps:
For example, the user may submit the serial number to be logged out to the RA system by inputting the serial number to be logged out in a logging-out page provided by the RA system and clicking a submit button. The RA system may receive a serial number to be revoked submitted by a user, and search a first double certificate to be revoked corresponding to the serial number to be revoked in a local database according to the serial number to be revoked, where the first double certificate may include a first signature certificate and a first encryption certificate, and the serial number of the first signature certificate matches the serial number to be revoked, and/or the serial number of the first encryption certificate matches the serial number to be revoked.
It should be noted that the serial number to be revoked may be a serial number that is the same as the serial number of the first signed certificate or the serial number of the first encrypted certificate. The serial number to be revoked may also be two serial numbers, one of which is the same as the serial number of the first signed certificate, and the other of which is the same as the serial number of the first encrypted certificate. In both cases, the RA system may determine the first double certificate from the serial number of the first signed certificate and/or the serial number of the first encrypted certificate. If the serial number to be revoked comprises two serial numbers, but one serial number is the same as the serial number of the first signature certificate or the serial number of the first encryption certificate, and the other serial number is the same as the serial number of the signature certificate or the serial number of the encryption certificate of a group of double certificates except the first double certificate, at this time, the RA system may display an error prompt message to prompt the user that the serial number to be revoked submitted is incorrect.
For example, the RA system, after determining the first dual certificate, may determine a state of the first dual certificate, which may be: the certificate management system comprises a first double certificate, a second double certificate, a third double certificate and a fourth double certificate, wherein the first double certificate comprises a to-be-used state, a to-be-updated state, an updated state, a to-be-revoked state and a revoked state, and the state of the first double certificate can be an uninstalled state. The to-be-used state can be used for representing a state that the dual certificate is not used after being issued, the used state can be used for representing a state that the dual certificate is used after being installed, the to-be-updated state can be used for representing a state that the updated dual certificate is not used after being issued, the updated state can be used for representing a state that the updated dual certificate is used after being installed, the to-be-revoked state can be used for representing a state that the dual certificate to be revoked is before being revoked, the revoked state can be used for representing a state that the dual certificate is revoked, and the uninstalled state can be used for representing a state that the dual certificate is not installed after being issued.
The dual certificate has different states in the RA system and the CA system, as shown in table 1, that is, in the RA system, the dual certificate includes: the CA system comprises 7 states of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state, a logged-off state and an uninstalled state, wherein the CA system comprises: the service state, the used state, the update state, the updated state, the logout state and the logout state are 6 states.
| Status of state | RA system | CA system |
| State of use | √ | √ |
| State to be updated | √ | √ |
| Pending logout state | √ | √ |
| Updated state | √ | √ |
| Logged off state | √ | √ |
| In an uninstalled state | √ | |
| Used state | √ | √ |
TABLE 1
If the state of the first dual certificate is a used state or an updated state, the RA system may generate a dual certificate state deregistration message according to the identity of the first dual certificate and transmit the dual certificate state deregistration message to the CA system through the first message queue, and after the transmission is successful, the RA system may set the state of the first dual certificate to a deregistered state. Therefore, after the RA system successfully sends the dual-certificate state logout message to the first message queue, the RA system can directly set the state of the first dual-certificate to be the logout state without waiting for the confirmation of the CA system, and the coupling between the CA system and the RA system and the delay of data transmission are reduced. The identifier of the first double certificate may include a serial number of the first encrypted certificate and a serial number of the first signed certificate, the first message queue may be understood as a message queue used when data interaction is performed between the RA system and the CA system, and the structure of the double-certificate-status logout message may be as follows:
the CA system may subscribe to the first message queue with a message whose Topic is RA, and screen out a message whose Tags is RevokeConfirm, thereby obtaining a dual certificate status logout message, and obtain a serial number of the first encrypted certificate and a serial number of the first signed certificate by analyzing the dual certificate status logout message. Then, according to the serial number of the first encrypted certificate and the serial number of the first signed certificate, the identifier of the first encrypted public key included in the first double certificate may be determined, and a key state logout message may be generated according to the identifier of the first encrypted public key, and then the key state logout message may be sent to the KMC system through the second message queue, and after the sending is successful, the CA system may set the state of the first double certificate to be a logout state. Wherein, the second message queue can be understood as a message queue used in data interaction between the CA system and the KMC system, and the structure of the key status logout message can be as follows:
the KMC system can subscribe a message with Topic as CA to the second message queue, and screen out a message with Tags as RevokeConfirm, so as to obtain a key state logout message, and obtain the identifier of the first encrypted public key by analyzing the key state logout message. Then, the first encryption public key and the corresponding first encryption private key can be determined according to the identifier of the first encryption public key, and the states of the first encryption public key and the first encryption private key are set to be the cancelled state.
It should be noted that, if an abort occurs during the logout process, when the RA system receives the serial number to be logout again, which is submitted by the user, the RA system may determine whether the first dual certificate may be logout by determining whether the state of the first dual certificate is the used state or the updated state, and if the state of the first dual certificate is the used state or the updated state, the process from step 101 to step 104 may be executed again, that is, the first dual certificate may be continuously logout, so as to improve the processing efficiency and the security of the digital certificate.
Fig. 3 is a flow chart illustrating another method of processing a digital certificate, according to an example embodiment, the method including, as shown in fig. 3:
And 106, sending the issuing request to the CA system so that the CA system generates a key pair generating request according to the issuing request, and sending the key pair generating request to the KMC system, wherein the KMC system is used for generating an encrypted public key and an encrypted private key and setting the states of the encrypted public key and the encrypted private key to be used.
For example, the RA system may generate an issuance request that includes the public signature key and send the issuance request to the CA system. The CA system can generate a key pair generation request according to the issuance request after receiving the issuance request, and send the key pair generation request to the KMC system, and the KMC system can generate an encryption public key and an encryption private key according to the key pair generation request after receiving the key pair generation request, and set the states of the encryption public key and the encryption private key to be used.
And step 107, receiving a double certificate sent by the CA system, wherein the double certificate is generated by the CA system according to the signature public key and the encrypted public key sent by the KMC system, and the CA system is used for setting the state of the double certificate as a to-be-used state after sending the double certificate to the RA system.
And step 108, installing the double certificate, and setting the state of the double certificate as a to-be-used state.
For example, after receiving the encrypted public key sent by the KMC, the CA system may generate the dual certificate and the identifier of the dual certificate according to the encrypted public key, and further, the CA system may send the dual certificate information to the RA system, and set the state of the dual certificate as the to-be-used state. The dual certificate information may include a dual certificate and an identifier of the dual certificate, and the identifier of the dual certificate may include a serial number of a signature certificate and a serial number of an encryption certificate.
The RA system can receive the double-certificate information sent by the CA system, set the state of the double-certificate to be an uninstalled state, and then install the double-certificate into the USBKey of the user, if the installation is successful, set the state of the double-certificate to be a to-be-used state, and if the installation is failed, display an installation failure prompt message to prompt the user that the installation of the double-certificate fails.
For example, after the RA system installs the dual certificate in the USBKey of the user, the RA system may generate a first update message according to the identifier of the dual certificate, and send the first update message to the CA system through the first message queue, and after the sending is successful, the RA system may set the state of the dual certificate to the used state. The structure of the first update message may be as follows:
the CA system may subscribe to the first message queue with a message whose Topic is RA, and screen out a message whose Tags is ApplyConfirm, thereby obtaining the first update message, and obtain the serial number of the encrypted certificate and the serial number of the signature certificate by analyzing the first update message. Then, the identifier of the encrypted public key included in the double certificate may be determined according to the serial number of the encrypted certificate and the serial number of the signed certificate, a second update message may be generated according to the identifier of the encrypted public key, and then the second update message may be sent to the KMC system through the second message queue, and after the sending is successful, the CA system may set the state of the double certificate to the used state. The structure of the second update message may be as follows:
the structure of the second update message may also be as follows:
the KMC system may subscribe to the second message queue with a message whose Topic is CA, and screen out a message whose Tags is ApplyConfirm, thereby obtaining the second update message, and obtaining the identifier of the encrypted public key by analyzing the second update message. Then, the encrypted public key and the corresponding encrypted private key can be determined according to the identifier of the encrypted public key, and the states of the encrypted public key and the encrypted private key can be set to be used states.
It should be noted that, if an abort occurs during the issuing process, each system may determine the step to be executed according to the state of the dual certificate. Specifically, when the RA system receives an issuance request submitted by the user again, the RA system may query the local database for the corresponding dual certificate and the state of the dual certificate according to the issuance request, if the dual certificate corresponding to the issuance request does not exist, step 106 to step 110 may be performed, if the dual certificate corresponding to the issuance request exists and the state of the dual certificate is an uninstalled state, step 108 to step 110 may be performed, and if the dual certificate corresponding to the issuance request exists and the state of the dual certificate is a to-be-used state or a used state, step 109 to step 110 may be performed. If an exception occurs during the execution of step 109, the system that generated the exception may return the error to the system's log system in the form of a log, locate the location of the error by analyzing the error log, and resolve the error in an automated or manual manner.
Fig. 4 is a flowchart illustrating another method for processing a digital certificate according to an example embodiment, where the method further includes, as shown in fig. 4:
For example, the user may submit the serial number to be updated to the RA system by entering the serial number to be updated in an update page provided by the RA system and clicking a submit button. The RA system may receive a serial number to be updated submitted by a user, and search, according to the serial number to be updated, a second double certificate to be updated corresponding to the serial number to be updated in a local database, where the second double certificate may include a second signature certificate and a second encryption certificate, and the serial number of the second signature certificate matches the serial number to be updated, and/or the serial number of the second encryption certificate matches the serial number to be updated.
It should be noted that the serial number to be updated may be a serial number, which is the same as the serial number of the second signed certificate, or the same as the serial number of the second encrypted certificate. The serial number to be revoked may also be two serial numbers, one of which is respectively the same as the serial number of the second signed certificate, and the other of which is the same as the serial number of the second encrypted certificate. In both cases, the RA system may determine the second double certificate from the serial number of the second signed certificate and/or the serial number of the second encrypted certificate. If the serial number to be updated comprises two serial numbers, but one serial number is the same as the serial number of the second signature certificate or the serial number of the second encryption certificate, and the other serial number is the same as the serial number of the signature certificate or the serial number of the encryption certificate of the group of double certificates except the second double certificate, at this time, the RA system may send an error prompt message to the user to prompt the user that the serial number to be updated submitted by the user is incorrect.
At step 112, the status of the second dual certificate is determined.
And step 113, if the state of the second double certificate is the used state or the updated state, generating an update request according to the serial number to be updated, and sending the update request to the CA system, so that the CA system determines the identifier of the second encryption public key included in the second double certificate according to the update request, and sends the update request of the key pair to the KMC system, wherein the update request of the key pair is generated by the CA system according to the update request and the identifier of the second encryption public key. The KMC is used for generating a third encryption public key and a third encryption private key according to the key pair updating request, determining a second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, setting the states of the third encryption public key and the third encryption private key to be in a to-be-used state, and setting the states of the second encryption public key and the second encryption private key to be in a to-be-revoked state.
For example, the RA system may determine the status of the second dual certificate after determining the second dual certificate, and if the status of the second dual certificate is a used status or an updated status, may generate an update request according to the serial number to be updated, and send the update request to the CA system. The CA system, after receiving the update request, may determine, according to the update request, an identifier of the second encrypted public key included in the second double certificate, generate a key pair update request according to the update request and the identifier of the second encrypted public key, and then send the key pair update request to the KMC system. After receiving the key pair update request, the KMC system may generate a third encryption public key and a third encryption private key according to the key pair update request, and determine a second encryption public key and a corresponding second encryption private key according to an identifier of the second encryption public key, and further, the KMC system may set the states of the third encryption public key and the third encryption private key to a to-be-used state, and set the states of the second encryption public key and the second encryption private key to a to-be-revoked state.
And step 114, receiving a third double certificate sent by the CA system, where the third double certificate is generated by the CA system according to a third encrypted public key sent by the KMC system, and the CA system is configured to set the state of the third double certificate as a to-be-updated state and set the state of the second double certificate as a to-be-revoked state after sending the third double certificate to the RA system.
And step 115, installing a third double certificate, and setting the state of the third double certificate as a state to be updated.
For example, the CA system may determine the signature public key in the second double certificate according to the update request, and after receiving the third encrypted public key sent by the KMC system, may generate a third double certificate according to the third encrypted public key and the signature public key, and send the third double certificate information to the RA system, and further, the CA system may set the state of the third double certificate as a to-be-used state, and set the state of the second double certificate as a to-be-revoked state. The third dual certificate information may include a third dual certificate and an identifier of the third dual certificate, and the identifier of the third dual certificate may include a serial number of the third encrypted certificate and a serial number of the third signed certificate.
The RA system can receive third double-certificate information sent by the CA system, set the state of the third double-certificate to an uninstalled state, install the third double-certificate into the USBKey of the user, set the state of the third double-certificate to a to-be-updated state if the installation is successful, set the state of the second double-certificate to a to-be-revoked state, and display installation failure prompt information if the installation is failed to prompt the user of installation failure.
And step 116, sending a third update message to the CA system through the first message queue, so that the CA system sets the state of the third double certificate to an updated state, and sending a fourth update message to the KMC system through the second message queue, wherein the KMC system is configured to set the states of the third encryption public key and the third encryption private key to a used state, and set the states of the second encryption public key and the second encryption private key to a revoked state.
Step 117 sets the state of the third dual certificate to an updated state.
For example, after installing the third dual certificate into the USBKey of the user, the RA system may generate a third update message according to the identifier of the third dual certificate and send the third update message to the CA system through the first message queue, and after the sending is successful, the RA system may set the state of the third dual certificate to the updated state and set the state of the second dual certificate to the revoked state. Therefore, after the RA system successfully sends the third update message to the first message queue, the state of the third double certificate can be directly set to be the updated state and the state of the second double certificate is set to be the logout state without waiting for the confirmation of the CA system, so that the coupling between the CA system and the RA system and the delay of data transmission are reduced. The structure of the third update message may be as follows:
the CA system may subscribe to the first message queue with a message whose Topic is RA, and screen out a message whose Tags is UpdateConfirm, thereby obtaining a third update message, and obtain the sequence number of the third encryption certificate and the sequence number of the third signature certificate by analyzing the third update message. Then, according to the serial number of the third encrypted certificate and the serial number of the third signed certificate, the identifier of the third encrypted public key included in the third double certificate may be determined, and a fourth update message may be generated according to the identifier of the third encrypted public key, and then the fourth update message may be sent to the KMC system through the second message queue, and after the sending is successful, the CA system may set the state of the third double certificate to the updated state, and set the state of the second double certificate to the revoked state. The structure of the fourth update message may be as follows:
the KMC system may subscribe to the second message queue with a message whose Topic is CA, and screen out a message whose Tags is UpdateConfirm, thereby obtaining a fourth update message, and obtain an identifier of the second encryption public key and an identifier of the third encryption public key by analyzing the fourth update message. Then, the third encryption public key and the corresponding third encryption private key may be determined according to the identifier of the third encryption public key, and the second encryption public key and the corresponding second encryption private key may be determined according to the identifier of the second encryption public key. Further, the states of the third encryption public key and the third encryption private key may be set to a used state, and the states of the second encryption public key and the second encryption private key may be set to a revoked state.
It should be noted that, if an abort occurs during the update process, each system may determine the step to be performed according to the state of the dual certificate. Specifically, when the RA system receives the update request submitted by the user again, the RA system may query the local database for the corresponding third dual certificate and the state of the third dual certificate according to the update request, if the third dual certificate corresponding to the update request does not exist, step 113 to step 117 may be performed, if the third dual certificate corresponding to the update request exists and the state of the third dual certificate is an uninstalled state, step 115 to step 117 may be performed, and if the third dual certificate corresponding to the update request exists and the state of the third dual certificate is a to-be-updated state or an updated state, the state correspondence of the second dual certificate may be set to a to-be-revoked state or a revoked state, and step 116 to step 117 may be performed. If an exception occurs during the execution of step 116, the system that generated the exception may return the error to the system's log system in the form of a log, locate the location of the error by analyzing the error log, and resolve the error in an automated or manual manner.
In summary, the RA system first determines, according to the received serial number to be revoked, a first double certificate to be revoked corresponding to the serial number to be revoked, where the first double certificate includes a first signature certificate and a first encryption certificate that are matched with the serial number to be revoked, and then determines a state of the first double certificate, and sends an identifier of the first double certificate to the CA system through the first message queue if the state of the first double certificate is a used state or an updated state. And the CA system determines the identifier of the first encrypted public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encrypted public key to the key management center KMC system through the second message queue, wherein the identifier of the first double certificate comprises the serial number of the first signed certificate and the serial number of the first encrypted certificate. And the KMC system sets the states of the first encryption public key and the corresponding first encryption private key to be a logout state according to the identification of the first encryption public key. Finally, the RA system sets the state of the first dual certificate to the revoked state. According to the method and the device, the dual-certificate is subjected to logout processing according to the state of the dual-certificate, and data transmission is performed through the message queue, so that the processing efficiency and the security are improved.
Fig. 5 is a flowchart illustrating a method for processing a digital certificate according to an exemplary embodiment, where the method is applied to a CA system, as shown in fig. 5, and may include the following steps:
Fig. 6 is a flowchart illustrating another method for processing a digital certificate according to an example embodiment, where the method further includes, as shown in fig. 6:
And step 205, generating a key pair generation request according to the issuance request, and sending the key pair generation request to the KMC system, so that the KMC system generates an encryption public key and an encryption private key, and sets the states of the encryption public key and the encryption private key to be used.
And step 206, receiving the encrypted public key sent by the KMC system, and generating a double certificate according to the signature public key and the encrypted public key.
It should be noted that, if an abort occurs during the issuing process, each system may determine the step to be executed according to the state of the dual certificate. Specifically, when the CA system receives the issuance request sent by the RA system again, the CA system may query the local database for the corresponding dual certificate and the state of the dual certificate according to the issuance request. If the dual certificate corresponding to the issuance request does not exist, steps 205 through 210 may be performed. If the dual certificate corresponding to the issue request exists and the status of the dual certificate is a pending status or a used status, steps 208 to 210 may be executed. If an exception occurs during the execution of steps 208 to 209, the system in which the exception occurred may return the error to a log system of the system in the form of a log, locate the location of the error occurrence by analyzing the error log, and resolve the error occurrence in an automatic or manual manner by the system.
Fig. 7 is a flowchart illustrating another method for processing a digital certificate according to an example embodiment, where the method further includes, as shown in fig. 7:
And 212, generating a key pair updating request according to the updating request and the identifier of the second encrypted public key, and sending the key pair updating request to the KMC system, so that the KMC system generates a third encrypted public key and a corresponding third encrypted private key according to the key pair updating request, and determines the second encrypted public key and a corresponding second encrypted private key according to the identifier of the second encrypted public key, wherein the KMC system is used for setting the states of the third encrypted public key and the third encrypted private key to be in a to-be-used state, and setting the states of the second encrypted public key and the second encrypted private key to be in a to-be-revoked state.
And step 213, generating a third double certificate according to the third encrypted public key, and setting the state of the third double certificate as a to-be-used state.
Step 216 sets the state of the second dual certificate to a revoked state, and sets the state of the third dual certificate to an updated state.
It should be noted that, if an abort occurs during the update process, each system may determine the step to be performed according to the state of the dual certificate. Specifically, when the CA system receives the update request submitted by the RA system again, the local database may be queried for the statuses of the corresponding third dual certificate and the third dual certificate according to the update request, and if the third dual certificate corresponding to the update request does not exist, steps 212 to 216 may be performed. If the third dual certificate corresponding to the update request exists and the state of the third dual certificate is the to-be-updated state or the updated state, the state of the second dual certificate may be set to the to-be-revoked state or the revoked state, and steps 215 to 216 are performed. If an exception occurs during execution of step 215, the system that generated the exception may return the error to the system's log system in the form of a log, locate the location of the error by analyzing the error log, and resolve the error in an automated or manual manner.
With regard to the specific manner of each step in the above embodiments, detailed description has been made in the embodiments of the method for processing a digital certificate applied to the RA system, and a detailed description will not be made here.
In summary, the RA system first determines, according to the received serial number to be revoked, a first double certificate to be revoked corresponding to the serial number to be revoked, where the first double certificate includes a first signature certificate and a first encryption certificate that are matched with the serial number to be revoked, and then determines a state of the first double certificate, and sends an identifier of the first double certificate to the CA system through the first message queue if the state of the first double certificate is a used state or an updated state. And the CA system determines the identifier of the first encrypted public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encrypted public key to the key management center KMC system through the second message queue, wherein the identifier of the first double certificate comprises the serial number of the first signed certificate and the serial number of the first encrypted certificate. And the KMC system sets the states of the first encryption public key and the corresponding first encryption private key to be a logout state according to the identification of the first encryption public key. Finally, the RA system sets the state of the first dual certificate to the revoked state. According to the method and the device, the dual-certificate is subjected to logout processing according to the state of the dual-certificate, and data transmission is performed through the message queue, so that the processing efficiency and the security are improved.
Fig. 8 is a block diagram illustrating an apparatus for processing a digital certificate according to an exemplary embodiment, as shown in fig. 8, applied to an RA system, the apparatus 300 including:
the first determining module 301 is configured to determine, according to the received serial number to be revoked, a first double certificate to be revoked corresponding to the serial number to be revoked, where the first double certificate includes a first signature certificate and a first encryption certificate, and the serial number of the first signature certificate matches the serial number to be revoked, and/or the serial number of the first encryption certificate matches the serial number to be revoked.
A second determining module 302, configured to determine a state of the first dual certificate, where the state of the first dual certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state, and a logged-off state.
The sending module 303 is configured to send, if the state of the first double certificate is the used state or the updated state, an identifier of the first double certificate to a CA system of the certificate authority through a first message queue, so that the CA system determines, according to the identifier of the first double certificate, an identifier of a first encryption public key included in the first double certificate, and sends, through a second message queue, the identifier of the first encryption public key to a key management center KMC system, where the KMC system is configured to set, according to the identifier of the first encryption public key, the state of the first encryption public key and the state of a corresponding first encryption private key to a revoked state, and the identifier of the first double certificate includes a serial number of the first signature certificate and a serial number of the first encryption certificate.
A setting module 304, configured to set the state of the first dual certificate to a revoked state.
Fig. 9 is a block diagram illustrating another apparatus for processing a digital certificate according to an exemplary embodiment, where, as shown in fig. 9, the apparatus 300 further includes:
a generating module 305 for generating an issuance request including the public signature key.
The sending module 303 is further configured to: and sending the issuing request to a CA system so that the CA system generates a key pair generating request according to the issuing request, and sending the key pair generating request to a KMC system, wherein the KMC system is used for generating an encryption public key and an encryption private key and setting the states of the encryption public key and the encryption private key to be used.
The receiving module 306 is configured to receive a dual certificate sent by the CA system, where the dual certificate is generated by the CA system according to the signature public key and the encrypted public key sent by the KMC system, and the CA system is configured to set a state of the dual certificate as a to-be-used state after sending the dual certificate to the RA system.
And an installation module 307, configured to install the dual certificate, and set the state of the dual certificate as a to-be-used state.
The sending module 303 is further configured to: and sending a first updating message to the CA system through the first message queue so that the CA system sets the state of the double certificate to be in a used state, and sending a second updating message to the KMC system through the second message queue, wherein the KMC system is used for setting the states of the encryption public key and the encryption private key to be in a used state.
The setup module 304 is further configured to: the state of the dual certificate is set to the used state.
In an application scenario, the first determining module 301 is further configured to: and determining a second double certificate to be updated corresponding to the serial number to be updated according to the received serial number to be updated, wherein the second double certificate comprises a second signature certificate and a second encryption certificate, the serial number of the second signature certificate is matched with the serial number to be updated, and/or the serial number of the second encryption certificate is matched with the serial number to be updated.
The second determination module 302 is further configured to: the status of the second dual certificate is determined.
The generation module 305 is further configured to: and if the state of the second double certificate is a used state or an updated state, generating an updating request according to the serial number to be updated, and sending the updating request to the CA system, so that the CA system determines the identifier of a second encryption public key included in the second double certificate according to the updating request, and sends the updating request of the key pair to the KMC system, wherein the updating request of the key pair is generated by the CA system according to the updating request and the identifier of the second encryption public key. The KMC is used for generating a third encryption public key and a third encryption private key according to the key pair updating request, determining a second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, setting the states of the third encryption public key and the third encryption private key to be in a to-be-used state, and setting the states of the second encryption public key and the second encryption private key to be in a to-be-revoked state.
The receiving module 306 is further configured to: and the CA system is used for setting the state of the third double certificate as a state to be updated and setting the state of the second double certificate as a state to be revoked after the third double certificate is sent to the RA system.
The installation module 307 is also used for: and installing the third double certificate, and setting the state of the third double certificate as the state to be updated.
The sending module 303 is further configured to: and sending a third update message to the CA system through the first message queue so that the CA system sets the state of the third double certificate to be an updated state, and sending a fourth update message to the KMC system through the second message queue, wherein the KMC system is used for setting the states of the third encryption public key and the third encryption private key to be a used state, and setting the states of the second encryption public key and the second encryption private key to be a logged-off state.
The setup module 304 is further configured to: setting the state of the third dual certificate to an updated state.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
In summary, the RA system first determines, according to the received serial number to be revoked, a first double certificate to be revoked corresponding to the serial number to be revoked, where the first double certificate includes a first signature certificate and a first encryption certificate that are matched with the serial number to be revoked, and then determines a state of the first double certificate, and sends an identifier of the first double certificate to the CA system through the first message queue if the state of the first double certificate is a used state or an updated state. And the CA system determines the identifier of the first encrypted public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encrypted public key to the key management center KMC system through the second message queue, wherein the identifier of the first double certificate comprises the serial number of the first signed certificate and the serial number of the first encrypted certificate. And the KMC system sets the states of the first encryption public key and the corresponding first encryption private key to be a logout state according to the identification of the first encryption public key. Finally, the RA system sets the state of the first dual certificate to the revoked state. According to the method and the device, the dual-certificate is subjected to logout processing according to the state of the dual-certificate, and data transmission is performed through the message queue, so that the processing efficiency and the security are improved.
Fig. 10 is a block diagram illustrating a digital certificate processing apparatus according to an exemplary embodiment, where, as shown in fig. 10, the apparatus 400 is applied to a CA system, and includes:
a receiving module 401, configured to receive, through a first message queue, an identifier of a first dual certificate sent by an RA system of a registration and audit authority, where the identifier of the first dual certificate is sent by the RA system when the RA system receives a serial number to be revoked, and after determining, according to the serial number to be revoked, the first dual certificate to be revoked, and under a condition that a state of the first dual certificate is determined to be a used state or an updated state, a state of the first dual certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state, and a logged-off state.
The determining module 402 is configured to determine, according to the identifier of the first double-certificate, an identifier of a first encrypted public key included in the first double-certificate, and send the identifier of the first encrypted public key to the key management center KMC system through the second message queue, so that the KMC system sets, according to the identifier of the first encrypted public key, the states of the first encrypted public key and the corresponding first encrypted private key to a revoked state.
A setting module 403, configured to set the state of the first dual certificate to a revoked state.
Fig. 11 is a block diagram illustrating another digital certificate processing apparatus according to an exemplary embodiment, where as shown in fig. 11, the receiving module 401 is further configured to: and receiving an issuing request which is sent by the RA system and comprises a public signature key.
The apparatus 400 further comprises:
the generating module 404 is configured to generate a key pair generation request according to the issuance request, and send the key pair generation request to the KMC system, so that the KMC system generates an encrypted public key and an encrypted private key, and sets the states of the encrypted public key and the encrypted private key to a to-be-used state.
The receiving module 401 is further configured to: and receiving the encrypted public key sent by the KMC system, and generating a double certificate according to the signature public key and the encrypted public key.
A sending module 405, configured to send the dual certificate to the RA system, so that the RA system installs the dual certificate, and sets the state of the dual certificate as a to-be-used state.
The receiving module 401 is further configured to: and setting the state of the double certificate as a standby state, and receiving a first updating message sent by the RA system through the first message queue.
The sending module 405 is further configured to: a second update message is sent to the KMC system through a second message queue to cause the KMC system to set the states of the cryptographic public key and the cryptographic private key to a used state.
The setup module 403 is further configured to: the state of the dual certificate is set to the used state.
In an application scenario, the receiving module 401 is further configured to: and receiving an updating request sent by the RA system, and determining the identifier of a second encrypted public key included in the second double certificate according to the updating request, wherein the updating request is sent by the RA system when the RA system receives the serial number to be updated and determines the second double certificate to be updated according to the serial number to be updated and determines that the state of the second double certificate is a used state or an updated state.
The generation module 404 is further configured to: and generating a key pair updating request according to the updating request and the identifier of the second encryption public key, and sending the key pair updating request to the KMC system, so that the KMC system generates a third encryption public key and a corresponding third encryption private key according to the key pair updating request, and determines the second encryption public key and the corresponding second encryption private key according to the identifier of the second encryption public key, wherein the KMC system is used for setting the states of the third encryption public key and the third encryption private key to be used and setting the states of the second encryption public key and the second encryption private key to be unregistered.
The generation module 404 is further configured to: and generating a third double certificate according to the third encrypted public key, and setting the state of the third double certificate as a to-be-used state.
The sending module 405 is further configured to: and sending the third double certificate to the RA system so that the RA system installs the third double certificate and sets the state of the third double certificate as a to-be-used state.
The receiving module 401 is further configured to: and receiving a third updating message sent by the RA system through the first message queue, and sending a fourth updating message to the KMC system through the second message queue, so that the KMC system sets the states of the third encryption public key and the third encryption private key to be in a used state, and sets the states of the second encryption public key and the second encryption private key to be in a logged-off state.
The setup module 403 is further configured to: the state of the second dual certificate is set to a revoked state, and the state of the third dual certificate is set to an updated state.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
In summary, the RA system first determines, according to the received serial number to be revoked, a first double certificate to be revoked corresponding to the serial number to be revoked, where the first double certificate includes a first signature certificate and a first encryption certificate that are matched with the serial number to be revoked, and then determines a state of the first double certificate, and sends an identifier of the first double certificate to the CA system through the first message queue if the state of the first double certificate is a used state or an updated state. And the CA system determines the identifier of the first encrypted public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encrypted public key to the key management center KMC system through the second message queue, wherein the identifier of the first double certificate comprises the serial number of the first signed certificate and the serial number of the first encrypted certificate. And the KMC system sets the states of the first encryption public key and the corresponding first encryption private key to be a logout state according to the identification of the first encryption public key. Finally, the RA system sets the state of the first dual certificate to a revoked state. According to the method and the device, the dual-certificate is subjected to logout processing according to the state of the dual-certificate, and data transmission is performed through the message queue, so that the processing efficiency and the security are improved.
Fig. 12 is a block diagram illustrating an electronic device 1200 in accordance with an example embodiment. As shown in fig. 12, the electronic device 1200 may include: a processor 1201 and a memory 1202. The electronic device 1200 may also include one or more of a multimedia component 1203, an input/output (I/O) interface 1204, and a communications component 1205.
The processor 1201 is configured to control the overall operation of the electronic device 1200, so as to complete all or part of the steps in the above-mentioned method for processing the digital certificate. The memory 1202 is used to store various types of data to support operation of the electronic device 1200, such as instructions for any application or method operating on the electronic device 1200 and application-related data, such as contact data, messaging, pictures, audio, video, and so forth. The Memory 1202 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 1203 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signals may further be stored in the memory 1202 or transmitted via the communication component 1205. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 1204 provides an interface between the processor 1201 and other interface modules, such as a keyboard, a mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. A communication component 1205 is used for wired or wireless communication between the electronic device 1200 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 1205 can therefore include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 1200 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-mentioned Processing method of Digital certificates.
In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions, which when executed by a processor, implement the steps of the above-described method of processing a digital certificate. For example, the computer readable storage medium may be the memory 1202 including program instructions executable by the processor 1201 of the electronic device 1200 to perform the digital certificate processing method described above.
Fig. 13 is a block diagram illustrating an electronic device 1300 in accordance with an example embodiment. For example, the electronic device 1300 may be provided as a server. Referring to fig. 13, an electronic device 1300 includes a processor 1322, which may be one or more in number, and a memory 1332 for storing computer programs that are executable by the processor 1322. The computer programs stored in memory 1332 may include one or more modules that each correspond to a set of instructions. Further, the processor 1322 may be configured to execute the computer program to perform the above-described digital certificate processing method.
Additionally, the electronic device 1300 may also include a power component 1326 and a communication component 1350, the power component 1326 may be configured to perform power management for the electronic device 1300, and the communication component 1350 may be configured to enable communication, e.g., wired or wireless communication, for the electronic device 1300. The electronic device 1300 may also include input/output (I/O) interfaces 1358. The electronic device 1300 may operate based on an operating system, such as Windows Server, stored in the memory 1332TM,Mac OS XTM,UnixTM,LinuxTMAnd so on.
In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions, which when executed by a processor, implement the steps of the above-described method of processing a digital certificate. For example, the computer readable storage medium may be the memory 1332 comprising program instructions that are executable by the processor 1322 of the electronic device 1300 to perform the digital certificate processing method described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned digital certificate processing method when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the above embodiments, the various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various possible combinations will not be further described in the present disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (10)
1. A processing method of digital certificates is applied to a Registration Authority (RA) system, and comprises the following steps:
determining a first double certificate to be revoked corresponding to a serial number to be revoked according to a received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate, the serial number of the first signature certificate is matched with the serial number to be revoked, and/or the serial number of the first encryption certificate is matched with the serial number to be revoked;
determining a state of the first dual certificate, the state of the first dual certificate being: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
if the state of the first double certificate is a used state or an updated state, sending the identifier of the first double certificate to a Certificate Authority (CA) system through a first message queue, so that the CA system determines the identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sends the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, wherein the KMC system is used for setting the states of the first encryption public key and a corresponding first encryption private key to be a revoked state according to the identifier of the first encryption public key, and the identifier of the first double certificate comprises a serial number of the first signature certificate and a serial number of the first encryption certificate;
setting a state of the first dual certificate to a revoked state.
2. The method of claim 1, further comprising:
generating an issuing request comprising a signature public key;
sending the issuing request to the CA system so that the CA system generates a key pair generating request according to the issuing request and sends the key pair generating request to the KMC system, wherein the KMC system is used for generating an encryption public key and an encryption private key and setting the states of the encryption public key and the encryption private key as a to-be-used state;
receiving a double certificate sent by the CA system, wherein the double certificate is generated by the CA system according to the signature public key and the encrypted public key sent by the KMC system, and the CA system is used for setting the state of the double certificate to be a to-be-used state after sending the double certificate to the RA system;
installing the double certificates, and setting the states of the double certificates to be in a to-be-used state;
sending a first update message to the CA system through the first message queue to cause the CA system to set the state of the dual certificate to a used state and sending a second update message to the KMC system through the second message queue, the KMC system being configured to set the states of the cryptographic public key and the cryptographic private key to a used state;
setting the state of the dual certificate to a used state.
3. The method of claim 1, further comprising:
determining a second double certificate to be updated corresponding to the serial number to be updated according to the received serial number to be updated, wherein the second double certificate comprises a second signature certificate and a second encryption certificate, the serial number of the second signature certificate is matched with the serial number to be updated, and/or the serial number of the second encryption certificate is matched with the serial number to be updated;
determining a status of the second dual certificate;
if the state of the second double certificate is a used state or an updated state, generating an update request according to the serial number to be updated, and sending the update request to the CA system, so that the CA system determines an identifier of a second encryption public key included in the second double certificate according to the update request, and sends an update request of a key pair to the KMC system, wherein the update request of the key pair is generated by the CA system according to the update request and the identifier of the second encryption public key; the KMC system is used for generating a third encryption public key and a third encryption private key according to the key pair updating request, determining a second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, and setting the states of the third encryption public key and the third encryption private key to be in a to-be-used state and the states of the second encryption public key and the second encryption private key to be in a to-be-unregistered state;
receiving a third double certificate sent by the CA system, wherein the third double certificate is generated by the CA system according to the third encrypted public key sent by the KMC system, and the CA system is used for setting the state of the third double certificate as a to-be-updated state and setting the state of the second double certificate as a to-be-revoked state after sending the third double certificate to the RA system;
installing the third double certificate, and setting the state of the third double certificate as a state to be updated;
sending a third update message to the CA system through the first message queue to cause the CA system to set the state of the third dual certificate to an updated state and sending a fourth update message to the KMC system through the second message queue, the KMC system being configured to set the states of the third encrypted public key and the third encrypted private key to a used state and set the states of the second encrypted public key and the second encrypted private key to a logged-off state;
setting a state of the third dual certificate to an updated state.
4. A method for processing a digital certificate, which is applied to a Certificate Authority (CA) system, the method comprises the following steps:
receiving an identifier of a first double certificate sent by a registration auditing mechanism (RA) system through a first message queue, wherein the identifier of the first double certificate is sent by the RA system after the RA system receives a serial number to be revoked, and determining the first double certificate to be revoked according to the serial number to be revoked, and under the condition that the state of the first double certificate is determined to be a used state or an updated state, the state of the first double certificate is as follows: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
determining the identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sending the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, so that the KMC system sets the states of the first encryption public key and a corresponding first encryption private key to be a logout state according to the identifier of the first encryption public key;
setting a state of the first dual certificate to a revoked state.
5. The method of claim 4, further comprising:
receiving an issuing request which is sent by the RA system and comprises a signature public key;
generating a key pair generation request according to the issuing request, and sending the key pair generation request to the KMC system so that the KMC system generates an encryption public key and an encryption private key, and setting the states of the encryption public key and the encryption private key as a to-be-used state;
receiving the encrypted public key sent by the KMC system, and generating a double certificate according to the signature public key and the encrypted public key;
sending the dual certificate to the RA system so that the RA system installs the dual certificate and sets the state of the dual certificate to be a to-be-used state;
setting the state of the double certificate as a to-be-used state, and receiving a first updating message sent by the RA system through the first message queue;
sending a second update message to the KMC system through the second message queue to cause the KMC system to set the states of the encrypted public key and the encrypted private key to a used state;
setting the state of the dual certificate to a used state.
6. The method of claim 4, further comprising:
receiving an update request sent by the RA system, and determining an identifier of a second encrypted public key included in a second double certificate according to the update request, wherein the update request is sent when the RA system receives a serial number to be updated and determines the second double certificate to be updated according to the serial number to be updated and determines that the state of the second double certificate is a used state or an updated state;
generating a key pair updating request according to the updating request and the identification of a second encryption public key, and sending the key pair updating request to the KMC system, so that the KMC system generates a third encryption public key and a corresponding third encryption private key according to the key pair updating request, and determines the second encryption public key and a corresponding second encryption private key according to the identification of the second encryption public key, wherein the KMC system is used for setting the states of the third encryption public key and the third encryption private key to be used and setting the states of the second encryption public key and the second encryption private key to be unregistered;
generating a third double certificate according to the third encrypted public key, and setting the state of the third double certificate as a to-be-used state;
sending the third dual certificate to the RA system, so that the RA system installs the third dual certificate, and setting the state of the third dual certificate as a to-be-used state;
receiving a third update message sent by the RA system through the first message queue, and sending a fourth update message to the KMC system through the second message queue, so that the KMC system sets the states of the third encryption public key and the third encryption private key to be in a used state, and sets the states of the second encryption public key and the second encryption private key to be in a logged-off state;
setting the state of the second dual certificate to a revoked state, and setting the state of a third dual certificate to an updated state.
7. A digital certificate processing apparatus, which is applied to a registered audit authority RA system, the apparatus comprising:
the first determining module is used for determining a first double certificate to be revoked corresponding to a serial number to be revoked according to the received serial number to be revoked, wherein the first double certificate comprises a first signature certificate and a first encryption certificate, the serial number of the first signature certificate is matched with the serial number to be revoked, and/or the serial number of the first encryption certificate is matched with the serial number to be revoked;
a second determining module, configured to determine a state of the first dual certificate, where the state of the first dual certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
a sending module, configured to send, if the state of the first double certificate is a used state or an updated state, an identifier of the first double certificate to a certificate authority CA system through a first message queue, so that the CA system determines, according to the identifier of the first double certificate, an identifier of a first encryption public key included in the first double certificate, and sends the identifier of the first encryption public key to a key management center KMC system through a second message queue, where the KMC system is configured to set, according to the identifier of the first encryption public key, the states of the first encryption public key and a corresponding first encryption private key to be a revoked state, and the identifier of the first double certificate includes a serial number of the first signature certificate and a serial number of the first encryption certificate;
and the setting module is used for setting the state of the first double certificate as a logout state.
8. An apparatus for processing a digital certificate, applied to a Certificate Authority (CA) system, the apparatus comprising:
a receiving module, configured to receive, through a first message queue, an identifier of a first double certificate sent by an RA system of a registration and audit authority, where the identifier of the first double certificate is sent when the RA system receives a serial number to be revoked, and after determining, according to the serial number to be revoked, that the first double certificate to be revoked is in a used state or an updated state, and the state of the first double certificate is: any one of a to-be-used state, a to-be-updated state, an updated state, a to-be-logged-off state and a logged-off state;
the determining module is used for determining an identifier of a first encryption public key included in the first double certificate according to the identifier of the first double certificate, and sending the identifier of the first encryption public key to a Key Management Center (KMC) system through a second message queue, so that the KMC system sets the states of the first encryption public key and a corresponding first encryption private key to be a revoked state according to the identifier of the first encryption public key;
and the setting module is used for setting the state of the first double certificate as a logout state.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1-3 or 4-6.
10. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1-3 or 4-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011522429.9A CN114650160B (en) | 2020-12-21 | 2020-12-21 | Digital certificate processing method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011522429.9A CN114650160B (en) | 2020-12-21 | 2020-12-21 | Digital certificate processing method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114650160A true CN114650160A (en) | 2022-06-21 |
| CN114650160B CN114650160B (en) | 2024-05-10 |
Family
ID=81991814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011522429.9A Active CN114650160B (en) | 2020-12-21 | 2020-12-21 | Digital certificate processing method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114650160B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| WO2015154555A1 (en) * | 2014-09-09 | 2015-10-15 | 中兴通讯股份有限公司 | Method, device and system for processing status of digital certificate |
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| US20170279785A1 (en) * | 2016-03-25 | 2017-09-28 | Ca, Inc. | Synchronized issuance of public x.509 digital certificates |
| CN109829282A (en) * | 2018-12-27 | 2019-05-31 | 航天信息股份有限公司 | Digital certificate processing method and processing device based on digital certificate authentication system |
| CN110113166A (en) * | 2019-03-21 | 2019-08-09 | 平安科技(深圳)有限公司 | The method, apparatus and storage medium of ring signatures certificate are cancelled on block chain |
| US10547457B1 (en) * | 2016-10-21 | 2020-01-28 | Wells Fargo Bank N.A. | Systems and methods for notary agent for public key infrastructure names |
| CN111342970A (en) * | 2019-12-27 | 2020-06-26 | 航天信息股份有限公司 | Digital certificate management method and system |
| KR20200106435A (en) * | 2019-09-25 | 2020-09-14 | 넷마블 주식회사 | Method and apparatus for authenticating user |
-
2020
- 2020-12-21 CN CN202011522429.9A patent/CN114650160B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| WO2015154555A1 (en) * | 2014-09-09 | 2015-10-15 | 中兴通讯股份有限公司 | Method, device and system for processing status of digital certificate |
| US20170279785A1 (en) * | 2016-03-25 | 2017-09-28 | Ca, Inc. | Synchronized issuance of public x.509 digital certificates |
| CN106385315A (en) * | 2016-08-30 | 2017-02-08 | 北京三未信安科技发展有限公司 | Digital certificate management method and system |
| US10547457B1 (en) * | 2016-10-21 | 2020-01-28 | Wells Fargo Bank N.A. | Systems and methods for notary agent for public key infrastructure names |
| CN109829282A (en) * | 2018-12-27 | 2019-05-31 | 航天信息股份有限公司 | Digital certificate processing method and processing device based on digital certificate authentication system |
| CN110113166A (en) * | 2019-03-21 | 2019-08-09 | 平安科技(深圳)有限公司 | The method, apparatus and storage medium of ring signatures certificate are cancelled on block chain |
| KR20200106435A (en) * | 2019-09-25 | 2020-09-14 | 넷마블 주식회사 | Method and apparatus for authenticating user |
| CN111342970A (en) * | 2019-12-27 | 2020-06-26 | 航天信息股份有限公司 | Digital certificate management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114650160B (en) | 2024-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110912938B (en) | Access verification method and device for network access terminal, storage medium and electronic equipment | |
| US8539231B1 (en) | Encryption key management | |
| JP7069286B2 (en) | Privacy data processing methods, privacy data processing devices, devices and media | |
| CN111245825B (en) | Applet login method, server and electronic device | |
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| EP4216077A1 (en) | Blockchain network-based method and apparatus for data processing, and computer device | |
| US20110258454A1 (en) | Cross-domain identity management for a whitelist-based online secure device provisioning framework | |
| CN110875925A (en) | Information processing apparatus, authorization system, and authentication method | |
| CN109657492B (en) | Database management method, medium, and electronic device | |
| US20150222632A1 (en) | Unauthorized device detection method, unauthorized device detection server, and unauthorized device detection system | |
| CN112714158A (en) | Transaction processing method, relay network, cross-link gateway, system, medium, and device | |
| US11611435B2 (en) | Automatic key exchange | |
| CN111741012B (en) | Authorization signature generation method, node management method, device, equipment and medium | |
| CN111833507A (en) | Visitor authentication method, device, equipment and computer readable storage medium | |
| CN116011590A (en) | Federal learning method, device and system | |
| CN112132554A (en) | Government affair information processing method and device, electronic equipment and storage medium | |
| CN111885080A (en) | Login service architecture, server and client | |
| CN115037480A (en) | Method, device, equipment and storage medium for equipment authentication and verification | |
| CN113051035B (en) | Remote control method, device, system and host | |
| WO2018219260A1 (en) | Method, device and system for binding mobile phone number | |
| CN112702419A (en) | Data processing method, device, equipment and storage medium based on block chain | |
| CN114500630A (en) | Message pushing method, device, system, storage medium and electronic equipment | |
| CN114650160B (en) | Digital certificate processing method and device, storage medium and electronic equipment | |
| CN112347456B (en) | Program verification method and device, platform, user terminal and online service system | |
| CN111698299B (en) | Session object replication method, device, distributed micro-service architecture and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |