CN1547341A - Method for Trust Domain spanning intercommunication of digital certificate - Google Patents
Method for Trust Domain spanning intercommunication of digital certificate Download PDFInfo
- Publication number
- CN1547341A CN1547341A CNA2003101090562A CN200310109056A CN1547341A CN 1547341 A CN1547341 A CN 1547341A CN A2003101090562 A CNA2003101090562 A CN A2003101090562A CN 200310109056 A CN200310109056 A CN 200310109056A CN 1547341 A CN1547341 A CN 1547341A
- Authority
- CN
- China
- Prior art keywords
- certificate
- gateway
- client
- digital
- trust domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000006243 chemical reaction Methods 0.000 claims abstract description 7
- 230000005540 biological transmission Effects 0.000 claims abstract description 5
- 230000004044 response Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 8
- 239000012467 final product Substances 0.000 claims description 4
- 230000009977 dual effect Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000004888 barrier function Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000013332 literature search Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Abstract
The invention is a kind of digital certification confidence domain spanning mutual connection method, which belongs to computer and information security technology field. The invention uses certification applied gateway, at first, the user applies the certification between the two confidence domains, there has two digital certifications which two are a digital certification an and a certification b, the two certifications accord the X.509V3 standards certification format, and uses the same personal key structure, which are signed with two confidence domains CA, thus realizes the certification conversion, data transmission through the gateway, namely that the gateway receives the digital certification an and the correspondent SSL protocol package, replaces the digital certification b and the correspondent SSL protocol is transmitted to the safe certification gateway, thus the certification a can be converted into the digital certification b, the certification application gateway can be used to testify the digital certification a.
Description
Technical field
What the present invention relates to is a kind of digital certificate authentication method, and particularly a kind of digital certificate is striden the trust domain interoperability methods, belongs to computer and field of information security technology.
Background technology
Current China PKI trust systems is built, particularly towards the public the PKI trust systems of service to build the barrier between different departments problem outstanding, traditional view is exactly only to emphasize that network identity differentiates a kind of function in the middle of interconnected.In other words, the PKI certificate only plays the network identity card.Country can set up CA management organization, is responsible for that on the one hand CA is carried out safety examination and authoritative examination and approval and sets up and cancel; Be responsible for instructing the solution of national PKI interconnect problem on the other hand by it.Realize that interconnected technology mode mainly contains three kinds.First kind of pattern is that the whole nation is unified under the root CA, and other CA can be in respectively on the trusted node of secondary CA or three grades of CA by the status at its importance and place.The user of different CA just reviews with the trust chain under the root by digital certificate and can realize mutual authentication.Second kind of pattern is the cross-certification mode under adopting different root CA.Under this pattern, the PKI of the certificate that different CA will send out other CA carries out digital signature, realizes cross-certification between the different CA certificates by the authentication to digital signature then.But this latticed trust chain is obviously than first kind of tree-shaped trust chain complexity.The third mode is to build a bridge joint CA again by country on different CA, realizes the connection of the mutual trusting relationship between each CA.These three kinds of patterns all respectively have merits and demerits.But they only satisfy a kind of like this function of online identity identification, and also having the reality that must face is that all trades and professions authentication web aspect may have special requirement.If this information requirement is indispensable, will bring obstacle to carrying out interactive authentication between the different industries CA.
Find that by literature search the digital certificate authentication systematic research mainly concentrates on digital certificate on the using method of single application, Chinese patent application number: 00123530.3, title: universal electronic information network authentication system and method.This patent provides the electronic information of creating for the user that network signatures and corresponding signature verification are provided, but does not consider and at present use and how to realize that a certificate strides actual environments such as using intercommunication.
Summary of the invention
The present invention is directed to the deficiency and the defective that exist in the background technology, provide a kind of digital certificate to stride the trust domain interoperability methods, make it when the certificate trust service is provided, certificate can be included the various application messages of entity, satisfy the different requirements of using to entity information, thereby in CA is interconnected, can satisfy the actual demand of using simultaneously, solve above-mentioned the application and especially stride the trust domain intercommunication and bring disadvantageous problem, the popularization of acceleration digital certificate authentication to certificate.
The present invention is achieved by the following technical solutions, the present invention takes certificate application gateway method, at first the user applies for certificate between two trust domain, have two digital certificates, be respectively digital certificate a and digital certificate b, two certificates all meet X.509V3 standard certificate format, and use identical private key to construct, sign and issue by two trust domain CA respectively, realize the certificate conversion by the certificate application gateway then, data forwarding, be that the certificate application gateway is accepted digital certificate a and the corresponding ssl protocol bag that the user sends, replace digital certificate b and corresponding ssl protocol bag is sent to Security Certificate gateway, thereby before Security Certificate gateway, customer digital certificate a is converted to digital certificate b.Be equivalent to user and Security Certificate gateway and set up the ssl protocol passage, and the certificate application gateway is replaced certificate in the centre, and communication key is not had influence (certificate a is the same with the PKI of certificate b).Wherein be responsible for checking to customer digital certificate a by the certificate application gateway.And it seems that for application service the user is to use digital certificate b to land, so can utilize corresponding application message among the digital certificate b.
Below the present invention is further illustrated, comprise following content:
1, the certificate request between the trust domain
Two trust domain A and trust domain B, one common user is arranged between them, A has issued a customer digital certificate a for this user, this user at first arrives employing digital certificate b X.509V3 of B place application, the private key of this digital certificate b is the private key of customer digital certificate a, this that is to say that digital certificate a and b all use same PKI to construct, but the certificate information of being filled among digital certificate a and the b basis certificate policy CPS of CA separately determines, do not write in the certificate medium of access customer after digital certificate b has signed and issued simultaneously, but directly be distributed to the certificate issuance point, if write the certificate medium, what see in that user's hand is exactly two certificates.
The user has applied for digital certificate a in trust domain A after, the certificate that the hand-held trust domain A of user is issued uses " card is logical ", trust domain B also needs to issue certificate, this be because: (1) be not the certificate user of all trust domain A all are users of trust domain B, and trust domain B also needs the user of oneself is managed simultaneously; (2) CPS of the CPS of trust domain B and trust domain A can be different, and the certificate that trust domain B is issued may comprise the application message in more this trust domain; (3) application in the trust domain can be accepted the certificate that this trust domain CA is issued for general for uniformity and convenience.
Digital certificate b that trust domain B is issued and common certificate are different.The user can't see this digital certificate b in the process of using, the application that they use digital certificate a to remove to visit trust domain B is digital certificate b and the application of trust domain B is seen.User's identity has a process of conversion automatically in access process, promptly change user's (application is limited) of trust domain B into from the user of trust domain A.
The flow process of certificate request, granting can have dual mode, and a kind of is that the user directly arrives trust domain B place application certificate, and another kind then can be by trust domain A to trust domain B application certificate.But different with common certificate request flow process is that the user need submit to digital certificate a to prove own identity in trust domain A.Trust domain B is when certificate issuance simultaneously, and digital certificate a and digital certificate b need bundle, and can set up corresponding relation by the ID of certificate, promptly can find digital certificate b by digital certificate a on the certificate issuance point of trust domain B.
2, certificate application gateway
The certificate application gateway is to be structured on the SSLV3 agreement, is before the SSL Security Certificate gateway customer digital certificate a to be converted to digital certificate b.The certificate application gateway plays functions such as conversion certificate, data forwarding.SSLV3 standard agreement flow process by client-access SSL Security Certificate gateway is as follows:
When (1) client and SSL Security Certificate gateway connect, at first send client (Client Hello) information of shaking hands by client;
(2) after the SSL Security Certificate gateway is received the client handshake information, i.e. response, send server is shaken hands, the certificate of service end, client certificate request, server handshaking finish (Server Hello Done) information;
(3) then, after client is received the server handshaking end, promptly send client certificate, client key exchange, service end certification authentication, selection algorithm tabulation, client end (finished) information;
(4) after the SSL Security Certificate gateway receives that service end finishes, the checking client certificate, checking by after i.e. response send the selection algorithm tabulation, service end finishes.At this moment, client and SSL Security Certificate gateway are shaken hands and are finished.
(5) like this, client gets final product the transmission application request of safety, is transmitted to WEB SERVER by the SSL Security Certificate gateway, after the WEB SERVER response, the result is sent to the SSL Security Certificate gateway, the SSL Security Certificate gateway just with this as a result safety feed back to client, go down so alternately.
In the certificate application gateway,, specific as follows by the authentication gateway of client by certificate application gateway access application:
When (1) client and SSL Security Certificate gateway connect, at first send the client handshaking information by client;
(2) after the certificate application gateway is received the client handshake information, transmit to the SSL Security Certificate gateway.The SSL Security Certificate gateway responds after receiving this message, by the certificate application gateway to the client send server shake hands, the certificate of service end, client certificate request, server handshaking ending message;
(3) then, after client is received the server handshaking end, promptly send client certificate, client key exchange, service end certification authentication, selection algorithm tabulation, client ending message;
(4) after the certificate application gateway is received client certificate message, the authentication certificate legitimacy, checking is replaced certificate by the back, be about to digital certificate a and replace with digital certificate b, simultaneously client certificate (replacing), client key exchange, service end certification authentication, selection algorithm tabulation, service end ending message are sent to the SSL Security Certificate gateway;
(5) after the SSL Security Certificate gateway receives that service end finishes, the checking client certificate, checking by after i.e. response send the selection algorithm tabulation, service end finishes, send to client by the certificate application gateway.At this moment, client is shaken hands by certificate application gateway and SSL Security Certificate gateway and is finished.
(6) like this, client gets final product the transmission application request of safety, be transmitted to WEB SERVER by the certificate application gateway by the SSL Security Certificate gateway, after the WEB SERVER response, the result is sent to the SSL Security Certificate gateway, the SSL Security Certificate gateway just with this as a result safety feed back to client, go down so alternately.
Among the present invention, certificate application gateway mode does not need to carry out any transformation to using service end, but before Security Certificate gateway customer digital certificate a is converted to digital certificate b.In fact the certificate application gateway plays the effect of identity conversion, is about to the identity a of user in trust domain A and is converted to b among the trust domain B, and bring in for client and application service and to say so transparently, does not need to participate in.
Compared with prior art, by the certificate application gateway can be very convenient, realize " card is logical " apace, promptly use a certificate can visit zones of different, the application of different industries.This gateway has proposed how to provide the inter-trade interoperability methods of entity certificate in a kind of digital certificate authentication system, it is solved above-mentionedly use especially inter-trade intercommunication to certificate and bring disadvantageous problem, quickens the popularization of digital certificate authentication system.
Description of drawings
Fig. 1 the present invention adopts the certificate applicating flow chart behind the certificate application gateway
Embodiment
As shown in Figure 1, for the present invention adopts certificate applicating flow chart behind the certificate application gateway, provide following examples in conjunction with content of the present invention:
Building the barrier between different departments problem with the PKI trust systems of service towards the public is example." piece " can be regarded as the CA that the aspect, region is built, and as Shanghai ECA, Zhejiang CA etc., " bar " can be regarded as the CA that the industry aspect is built, as CFCA etc.Suppose that a provincial digital certificate authentication system is trust domain A, the digital certificate authentication system of industrial and commercial industry is trust domain B.The user has applied for digital certificate a in A.Desire uses digital certificate a to use the national application of industrial and commercial industry.
At first the user uses digital certificate a to apply for digital certificate b to trust domain B, so his application that can use digital certificate a to land industrial and commercial industry by the certificate application gateway.The certificate application gateway plays functions such as conversion certificate, data forwarding.This gateway can be placed in regional CA or the regional industry, is responsible for transmitting to national industry by it.
The concrete effect of implementing: the user uses digital certificate a by certificate application gateway access security authentication gateway, and set up SSL safety and connect, the certificate application gateway is transmitted corresponding message, and the legitimacy of checking digital certificate a, checking by after customer digital certificate a is converted to digital certificate b.The SSL Security Certificate gateway is accepted corresponding message and is responded, the legitimacy of simultaneous verification digital certificate b.Checking by after can set up SSL by certificate application gateway and client and be connected, transmit data.Client is used the application of digital certificate a in can access application server.The present invention can satisfy the actual demand of using simultaneously in CA is interconnected, solution is striden the trust domain intercommunication and brought disadvantageous problem, quickens the popularization of digital certificate authentication.
Claims (5)
1, a kind of digital certificate is striden the trust domain interoperability methods, it is characterized in that, take certificate application gateway method, at first the user applies for certificate between two trust domain, have two digital certificates, be respectively digital certificate a and digital certificate b, two certificates all meet X.509V3 standard certificate format, and use identical private key to construct, sign and issue by two trust domain CA respectively, realize the certificate conversion by the certificate application gateway then, data forwarding, be that the certificate application gateway is accepted digital certificate a and the corresponding ssl protocol bag that the user sends, replace digital certificate b and corresponding ssl protocol bag is sent to Security Certificate gateway, thereby before Security Certificate gateway, customer digital certificate a is converted to digital certificate b, wherein be responsible for checking customer digital certificate a by the certificate application gateway.
2, digital certificate according to claim 1 is striden the trust domain interoperability methods, it is characterized in that, the certificate request between the described trust domain is specific as follows:
Two trust domain A and trust domain B, one common user is arranged between them, A has issued a customer digital certificate a for this user, this user at first arrives employing digital certificate b X.509V3 of B place application, digital certificate a and b all use same PKI to construct, but the certificate information of being filled among digital certificate a and the b basis certificate policy CPS of CA separately determines, directly be distributed to the certificate issuance point after digital certificate b has signed and issued simultaneously, if write the certificate medium, what see in that user's hand is exactly two certificates.
3, digital certificate according to claim 2 is striden the trust domain interoperability methods, it is characterized in that, certificate request, the flow process of providing has dual mode, a kind of is that the user directly arrives trust domain B place application certificate, another kind is then applied for certificate by trust domain A to trust domain B, but the user need submit to digital certificate a to prove own identity in trust domain A, trust domain B is when certificate issuance simultaneously, digital certificate a and digital certificate b must bundle, ID by certificate sets up corresponding relation, promptly finds digital certificate b by digital certificate a on the certificate issuance point of trust domain B.
4, digital certificate according to claim 1 is striden the trust domain interoperability methods, it is characterized in that, described certificate application gateway, be to be structured on the SSLV3 agreement, be before the SSL Security Certificate gateway, customer digital certificate a to be converted to digital certificate b, as follows by the SSLV3 standard agreement flow process of client-access SSL Security Certificate gateway:
When (1) client and SSL Security Certificate gateway connect, at first send the client handshaking information by client;
(2) after the SSL Security Certificate gateway is received the client handshake information, i.e. response, send server is shaken hands, the certificate of service end, client certificate request, server handshaking ending message;
(3) then, after client is received the server handshaking end, promptly send client certificate, client key exchange, service end certification authentication, selection algorithm tabulation, client ending message;
(4) after the SSL Security Certificate gateway receives that service end finishes, the checking client certificate, checking by after i.e. response send the selection algorithm tabulation, service end finishes, at this moment, client and SSL Security Certificate gateway are shaken hands and are finished;
(5) like this, client gets final product the transmission application request of safety, is transmitted to WEB SERVER by the SSL Security Certificate gateway, after the WEB SERVER response, the result is sent to the SSL Security Certificate gateway, the SSL Security Certificate gateway just with this as a result safety feed back to client, go down so alternately.
5, stride the trust domain interoperability methods according to claim 1 or 4 described digital certificates, it is characterized in that, in the certificate application gateway, by the authentication gateway of client by certificate application gateway access application, idiographic flow is as follows:
When (1) client and SSL Security Certificate gateway connect, at first send the client handshaking information by client;
(2) after the certificate application gateway is received the client handshake information, transmit to the SSL Security Certificate gateway, the SSL Security Certificate gateway responds after receiving this message, by the certificate application gateway to the client send server shake hands, the certificate of service end, client certificate request, server handshaking ending message;
(3) then, after client is received the server handshaking end, promptly send client certificate, client key exchange, service end certification authentication, selection algorithm tabulation, client ending message;
(4) after the certificate application gateway is received client certificate message, the authentication certificate legitimacy, checking is replaced certificate by the back, be about to digital certificate a and replace with digital certificate b, the client certificate that will replace, client key exchange, service end certification authentication, selection algorithm tabulation, service end ending message are sent to the SSL Security Certificate gateway simultaneously;
(5) after the SSL Security Certificate gateway receives that service end finishes, the checking client certificate, checking by after i.e. response send selection algorithm tabulation, service end finishes, send to client by the certificate application gateway, at this moment, client is shaken hands by certificate application gateway and SSL Security Certificate gateway and is finished;
(6) like this, client gets final product the transmission application request of safety, be transmitted to WEB SERVER by the certificate application gateway by the SSL Security Certificate gateway, after the WEB SERVER response, the result is sent to the SSL Security Certificate gateway, the SSL Security Certificate gateway with this as a result safety feedback give client, go down so alternately.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101090562A CN1306749C (en) | 2003-12-04 | 2003-12-04 | Method for Trust Domain spanning intercommunication of digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101090562A CN1306749C (en) | 2003-12-04 | 2003-12-04 | Method for Trust Domain spanning intercommunication of digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1547341A true CN1547341A (en) | 2004-11-17 |
| CN1306749C CN1306749C (en) | 2007-03-21 |
Family
ID=34335000
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101090562A Expired - Lifetime CN1306749C (en) | 2003-12-04 | 2003-12-04 | Method for Trust Domain spanning intercommunication of digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1306749C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838593B (en) * | 2005-03-07 | 2010-12-01 | 富士施乐株式会社 | Certificate acquisition system, certificate acquisition method, management communication apparatus and certification authority |
| CN105099679A (en) * | 2014-05-05 | 2015-11-25 | 中国电子信息产业发展研究院 | Method of applying digital certificate to user identity authentication and device |
| CN105227313A (en) * | 2014-06-27 | 2016-01-06 | 罗伯特·博世有限公司 | Reduce the storage demand of cryptographic key |
| CN109842626A (en) * | 2019-02-14 | 2019-06-04 | 众安信息技术服务有限公司 | The method and apparatus for distributing safety zone access credentials |
| CN109995737A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | The digital certificate management method and device of decentralization, node, system |
| CN110463160A (en) * | 2017-04-03 | 2019-11-15 | 微软技术许可有限责任公司 | Elastic public key infrastructure for cloud computing |
| CN111049798A (en) * | 2019-11-11 | 2020-04-21 | 深信服科技股份有限公司 | Information processing method and device and computer readable storage medium |
| CN111339537A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for detecting digital certificate |
| CN111342968A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
| CN113824566A (en) * | 2021-10-19 | 2021-12-21 | 恒宝股份有限公司 | Certificate authentication method, code number downloading method, device, server and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10075417B2 (en) | 2016-09-12 | 2018-09-11 | International Business Machines Corporation | Verifying trustworthiness of redirection targets in a tiered web delivery network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7107248B1 (en) * | 2000-09-11 | 2006-09-12 | Nokia Corporation | System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure |
| CN1265609C (en) * | 2002-02-08 | 2006-07-19 | 泰康亚洲(北京)科技有限公司 | Confirmation method for safe mobile e-business platform digital certificate |
-
2003
- 2003-12-04 CN CNB2003101090562A patent/CN1306749C/en not_active Expired - Lifetime
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838593B (en) * | 2005-03-07 | 2010-12-01 | 富士施乐株式会社 | Certificate acquisition system, certificate acquisition method, management communication apparatus and certification authority |
| CN105099679A (en) * | 2014-05-05 | 2015-11-25 | 中国电子信息产业发展研究院 | Method of applying digital certificate to user identity authentication and device |
| CN105227313A (en) * | 2014-06-27 | 2016-01-06 | 罗伯特·博世有限公司 | Reduce the storage demand of cryptographic key |
| CN105227313B (en) * | 2014-06-27 | 2021-03-19 | 罗伯特·博世有限公司 | Method for providing certificates and for communicating over multiple protocols and related devices |
| CN110463160A (en) * | 2017-04-03 | 2019-11-15 | 微软技术许可有限责任公司 | Elastic public key infrastructure for cloud computing |
| CN109995737A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | The digital certificate management method and device of decentralization, node, system |
| CN109995737B (en) * | 2018-01-02 | 2021-08-10 | 中国移动通信有限公司研究院 | Decentralized digital certificate management method and device, node and system |
| CN111339537B (en) * | 2018-12-18 | 2023-03-14 | 武汉信安珞珈科技有限公司 | Method and system for detecting digital certificate |
| CN111342968B (en) * | 2018-12-18 | 2023-04-07 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
| CN111339537A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for detecting digital certificate |
| CN111342968A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
| CN109842626A (en) * | 2019-02-14 | 2019-06-04 | 众安信息技术服务有限公司 | The method and apparatus for distributing safety zone access credentials |
| CN111049798B (en) * | 2019-11-11 | 2022-08-09 | 深信服科技股份有限公司 | Information processing method and device and computer readable storage medium |
| CN111049798A (en) * | 2019-11-11 | 2020-04-21 | 深信服科技股份有限公司 | Information processing method and device and computer readable storage medium |
| CN113824566A (en) * | 2021-10-19 | 2021-12-21 | 恒宝股份有限公司 | Certificate authentication method, code number downloading method, device, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1306749C (en) | 2007-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107767267B (en) | Virtual resource transfer method and device | |
| US6367009B1 (en) | Extending SSL to a multi-tier environment using delegation of authentication and authority | |
| EP2586179B1 (en) | Federation among services for supporting virtual-network overlays | |
| US20040003247A1 (en) | Non-centralized secure communication services | |
| US20030131232A1 (en) | Directory-based secure communities | |
| CN1306749C (en) | Method for Trust Domain spanning intercommunication of digital certificate | |
| US20010021928A1 (en) | Method for inter-enterprise role-based authorization | |
| CN101355557B (en) | Method and system for implementing network access control in MPLS/VPN network | |
| CN101193103B (en) | A method and system for allocating and validating identity identifier | |
| WO2010139167A1 (en) | Expert support application system platform for government affair and business affair decision-making and its construction method | |
| CN102497356A (en) | Public service platform integrated system of internet medicine trading market | |
| WO2011062596A1 (en) | Binding resources in a shared computing environment | |
| CN107135081A (en) | A kind of double certificate CA systems and its implementation | |
| Fahrenholtz et al. | Transactional security for a distributed reputation management system | |
| CN1300721C (en) | Method for realizing peer-to-peer network system architecture | |
| Liu et al. | Cross-heterogeneous domain authentication scheme based on blockchain | |
| WO2009089697A1 (en) | A kind of network plane, a station and a method for realizing the multiple stations cooperation service on them | |
| CN107071016A (en) | A kind of cloud AC management platforms and its multi-domain authentication power supply management method | |
| CN100512306C (en) | Service network safety system structure plan based on reciprocity calculation | |
| Johnston et al. | A use-condition centered approach to authenticated global capabilities: Security architectures for large-scale distributed collaboratory environments | |
| US20030200322A1 (en) | Autonomic system for selective administation isolation of a secure remote management of systems in a computer network | |
| CN112991031A (en) | Electronic account book management system based on block chain technology | |
| CN114553527A (en) | Block chain-based identity authentication service system crossing CA trust domain | |
| Gritzalis, D. Gritzalis, C. Moulinos, J. Iliadis | An integrated architecture for deploying a virtual private medical network over the Web | |
| Khurana et al. | Integrated security services for dynamic coalitions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Shanghai best information technology Co.,Ltd. Assignor: SHANGHAI KOAL SOFTWARE Co.,Ltd. Contract record no.: 2010310000166 Denomination of invention: Method for Trust Domain spanning intercommunication of digital certificate Granted publication date: 20070321 License type: Exclusive License Open date: 20041117 Record date: 20100909 |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20070321 |