TWI775405B - Credential management system for automatic network domain verification and method thereof - Google Patents
Credential management system for automatic network domain verification and method thereof Download PDFInfo
- Publication number
- TWI775405B TWI775405B TW110114696A TW110114696A TWI775405B TW I775405 B TWI775405 B TW I775405B TW 110114696 A TW110114696 A TW 110114696A TW 110114696 A TW110114696 A TW 110114696A TW I775405 B TWI775405 B TW I775405B
- Authority
- TW
- Taiwan
- Prior art keywords
- certificate
- application
- domain
- server
- automated
- Prior art date
Links
Images
Abstract
Description
一種憑證管理系統及其方法,尤其是指一種透過自動化憑證管理環境服務伺服器進行自動化網域驗證的自動化網域驗證的憑證管理系統及其方法。A certificate management system and method thereof, in particular to a certificate management system and method for automatic domain verification through automated certificate management environment service server for automatic domain verification.
現有對於網域憑證的申請,要先對憑證申請人是否合法擁有該網域進行驗證,而現有對於網域的驗證過程是需要憑證申請人與憑證發行單位進行繁複的網域設定與網域驗證。In the existing application for domain certificate, it is necessary to verify whether the certificate applicant legally owns the domain, and the existing verification process for the domain requires the certificate applicant and certificate issuer to perform complicated domain settings and domain verification. .
現有對於網域的驗證過程是在憑證申請人提出申請後,憑證發行單位會要求憑證申請人在網域的指定路徑、網域名稱系統紀錄…等設置憑證發行單位要求的資訊,在憑證申請人完成憑證發行單位要求資訊於網域的指定路徑、網域名稱系統紀錄…等的設置後,憑證申請人會需要等待憑證發行單位對憑證申請人是否合法擁有該網域進行驗證,在憑證發行單位確認憑證申請人合法擁有該網域後,才對憑證申請人所申請的網域進行網域憑證發行。The existing verification process for the domain is that after the certificate applicant submits an application, the certificate issuing unit will require the certificate applicant to set the information required by the certificate issuing unit, such as the designated path in the domain, the domain name system record, etc., in the certificate applicant. After completing the setting of the specified path, domain name system record, etc. required by the certificate issuing unit in the domain, the certificate applicant will need to wait for the certificate issuing unit to verify whether the certificate applicant legally owns the domain. Only after confirming that the certificate applicant legally owns the domain, the domain certificate is issued for the domain applied by the certificate applicant.
現有對於網域憑證的申請往往需要花費過多的時間進行對憑證申請人是否合法擁有該網域進行驗證,且對於大量的網域憑證申請也會造成對憑證申請人是否合法擁有該網域進行驗證的困擾。Existing applications for domain certificates often take too much time to verify whether the certificate applicant legally owns the domain, and a large number of domain certificate applications will also result in verification of whether the certificate applicant legally owns the domain troubles.
綜上所述,可知先前技術中長期以來一直存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,因此有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a long-standing problem in the prior art that the verification of whether the certificate applicant legally owns the domain is time-consuming and the verification process is inconvenient. Therefore, it is necessary to propose improved technical means to solve the problem. solve this problem.
有鑒於先前技術存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,本發明遂揭露一種自動化網域驗證的憑證管理系統及其方法,其中:In view of the existing problems in the prior art that it takes too much time to verify whether the certificate applicant legally owns the domain, and the verification process is inconvenient, the present invention discloses a certificate management system and method for automatic domain verification, wherein :
本發明所揭露的自動化網域驗證的憑證管理系統,其包含:網域管理者裝置、憑證伺服器以及自動化憑證管理環境服務伺服器,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,自動化憑證申請應用程式更包含:裝置接收模組、裝置生成模組、裝置連線模組、設置模組以及裝置傳送模組;憑證伺服器與自動化憑證申請應用程式建立連線,憑證伺服器更包含:憑證接收模組、審核模組、憑證生成模組以及憑證傳送模組;自動化憑證管理環境服務伺服器更包含:伺服器接收模組、伺服器生成模組、驗證模組以及伺服器傳送模組。The certificate management system for automatic network domain verification disclosed in the present invention includes: a network domain administrator device, a certificate server, and an automated certificate management environment service server. The network domain administrator device downloads and installs the automatic certificate application from the certificate server. Application, the automated certificate application application further includes: a device receiving module, a device generating module, a device connection module, a setting module and a device sending module; the certificate server establishes a connection with the automated certificate application application, and the certificate The server also includes: a certificate receiving module, an auditing module, a certificate generating module and a certificate transmitting module; the automatic certificate management environment service server further includes: a server receiving module, a server generating module, a verification module and Server transfer module.
裝置接收模組是用以接收至少一憑證申請資訊,接收自動化憑證管理環境(Automatic Certificate Management Environment,ACME)申請連結;裝置生成模組是用以依據至少一憑證申請資訊對應生成至少一憑證申請請求;裝置連線模組是用以當自動化憑證管理環境申請連結被觸發時,連結至自動化憑證管理環境服務伺服器,並提供至少一憑證申請請求至自動化憑證管理環境服務伺服器,接收與至少一憑證申請請求對應的隨機值與設置位置列表,接收與至少一憑證申請請求對應的驗證成功回應並傳送與至少一憑證申請請求對應的憑證下載請求,接收與至少一憑證申請請求對應的憑證下載連結,當憑證下載連結被觸發時,連結至憑證伺服器以進行與至少一憑證申請請求對應的網域憑證下載;設置模組是用以依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置;及裝置傳送模組是傳送至少一憑證申請請求,當設置模組對對應的網域完成隨機值的設置後,傳送對應的設置完成回應。The device receiving module is used for receiving at least one certificate application information and receiving the automatic certificate management environment (Automatic Certificate Management Environment, ACME) application link; the device generating module is used for correspondingly generating at least one certificate application request according to the at least one certificate application information ; The device connection module is used to connect to the automated credential management environment service server when the automated credential management environment application link is triggered, and to provide at least one credential application request to the automated credential management environment service server, and to receive and communicate with at least one A list of random values and setting locations corresponding to the credential application request, receiving a successful verification response corresponding to at least one credential application request and transmitting a credential download request corresponding to at least one credential application request, and receiving a credential download link corresponding to at least one credential application request , when the certificate download link is triggered, link to the certificate server to download the domain certificate corresponding to at least one certificate application request; the setting module is used to set the corresponding random value according to each setting position in the setting position list The random value is set in the corresponding network domain; and the device transmission module transmits at least one certificate application request, and when the setting module completes the setting of the random value for the corresponding network domain, it transmits a corresponding setting completion response.
憑證接收模組是用以自裝置傳送模組接收至少一憑證申請請求,接收與至少一憑證申請請求對應的驗證成功回應;審核模組是用以對至少一憑證申請請求進行審核;憑證生成模組是用以當憑證接收模組接收到對應的驗證成功回應時,依據對應的至少一憑證申請請求生成網域憑證;及憑證傳送模組是當至少一憑證申請請求審核通過時,傳送自動化憑證管理環境申請連結至裝置接收模組。The credential receiving module is used to receive at least one credential application request from the device transmission module, and receive a verification success response corresponding to the at least one credential application request; the auditing module is used to examine the at least one credential application request; the credential generating module The group is used to generate a domain certificate according to the corresponding at least one certificate application request when the certificate receiving module receives the corresponding verification success response; and the certificate transmission module is used to transmit the automated certificate when at least one certificate application request is approved. The management environment application is linked to the device receiving module.
伺服器接收模組是用以自裝置連線模組接收至少一憑證申請請求,自裝置傳送模組接收對應的設置完成回應,自裝置連線模組接收與至少一憑證申請請求對應的憑證下載請求;伺服器生成模組是用以分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,依據憑證下載請求生成對應的憑證下載連結;驗證模組是依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確;及伺服器傳送模組是用以傳送對應的隨機值與設置位置列表至裝置連線模組,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,分別傳送對應的驗證成功回應至裝置連線模組以及憑證接收模組,傳送憑證下載連結至裝置連線模組。The server receiving module is used to receive at least one certificate application request from the device connection module, receive a corresponding setup completion response from the device transmission module, and receive a certificate download corresponding to the at least one certificate application request from the device connection module request; the server generation module is used to respectively generate a random value and a setting location list according to at least one certificate application request, and generate a corresponding certificate download link according to the certificate download request; the verification module is used to connect separately according to at least one certificate application request to the corresponding domain, and verify whether there is a random value and whether the random value is correct according to each setting location in the corresponding setting location list; and the server transmission module is used to transmit the corresponding random value and setting location list to The device connection module, when the random value set at each setting location in the corresponding network domain setting location list is successfully verified, it sends the corresponding verification success response to the device connection module and the certificate receiving module, respectively, and sends The certificate download link is linked to the device connection module.
本發明所揭露的自動化網域驗證的憑證管理方法,其包含下列步驟:The credential management method for automatic domain verification disclosed in the present invention includes the following steps:
首先,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式;接著,網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求;接著,網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器;接著,憑證伺服器對至少一憑證申請請求分別進行審核;接著,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式;接著,網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求;接著,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表;接著,自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式;接著,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置;接著,當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器;接著,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確;接著,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器;接著,當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證;接著,自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器;接著,自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式;最後,自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。First, the domain manager device downloads and installs an automated certificate application application program from the certificate server; then, the domain manager device receives at least one certificate application information and generates at least one certificate application request correspondingly according to the at least one certificate application information; then, The domain manager device transmits at least one certificate application request to the certificate server through the automated certificate application application; then, the certificate server separately examines the at least one certificate application request; then, when the at least one certificate application request is approved, the certificate The server provides the automated certificate management environment application link to the automated certificate application application; then, the domain administrator device applies the link through the automated certificate application application according to the automated certificate management environment to link to the automated certificate management environment service server and provides at least one A certificate application request; then, the automated certificate management environment service server respectively generates a random value and a setting location list according to at least one certificate application request; then, the automated certificate management environment service server feeds back the corresponding random value and setting location list to the automated certificate Apply for an application; then, the automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list; After completing the setting of the random value, the feedback corresponding setting is completed and a response is sent to the automatic certificate management environment service server; then, the automatic certificate management environment service server is respectively connected to the corresponding network domain according to at least one certificate application request, and according to the corresponding Each setting location in the setting location list verifies whether it has a random value and whether the random value is correct; then, when the random value set by each setting location in the setting location list in the corresponding domain is verified successfully, the automated credential The management environment service server respectively feeds back the corresponding verification success response to the automated certificate application application and the certificate server; then, when the certificate server receives the verification success response, the certificate server generates a domain according to the corresponding at least one certificate application request certificate; then, the automated certificate application application sends a certificate download request corresponding to at least one certificate application request to the automatic certificate management environment service server; then, the automatic certificate management environment service server generates a corresponding certificate download link according to the certificate download request and Feed back to the automated certificate application application; finally, the automated certificate application application connects to the certificate server through the certificate download link to download the corresponding domain certificate.
本發明所揭露的系統及方法如上,與先前技術之間的差異在於網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式,以依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域以進行網域的驗證,當驗證成功後,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證,自動化憑證申請應用程式再透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。The system and method disclosed in the present invention are as above, and the difference between the system and the prior art is that the domain administrator device downloads and installs the automated certificate application application program from the certificate server. When at least one certificate application request is approved, the certificate server provides The automated credential management environment application is linked to the automated credential application application, so as to connect to the automated credential management environment service server according to the automated credential management environment application and provide at least one credential application request, and the automated credential management environment service server is based on the at least one The certificate application request generates a list of random values and setting locations. The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list. The automatic certificate management environment service server Then, according to the at least one certificate application request, it is respectively connected to the corresponding domain for verification of the domain. When the verification is successful, the certificate server generates a domain certificate according to the corresponding at least one certificate application request, and the automated certificate application application passes the Certificate download link to link to the certificate server for the corresponding domain certificate download.
透過上述的技術手段,本發明可以達成減少網域憑證申請在網域驗證的驗證時間與提高驗證效率的技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of reducing the verification time of the verification of the domain certificate application in the domain and improving the verification efficiency.
以下將配合圖式及實施例來詳細說明本發明的實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.
以下首先要說明本發明所揭露的自動化網域驗證的憑證管理系統,並請參考「第1圖」所示,「第1圖」繪示為本發明自動化網域驗證的憑證管理系統的系統方塊圖。The following first describes the credential management system for automatic domain verification disclosed in the present invention, and please refer to "Fig. 1". "Fig. 1" shows the system blocks of the credential management system for automated domain verification of the present invention. picture.
本發明所揭露的自動化網域驗證的憑證管理系統,其包含:網域管理者裝置10、憑證伺服器20以及自動化憑證管理環境服務伺服器30,網域管理者裝置10自憑證伺服器20下載並安裝自動化憑證申請應用程式11,自動化憑證申請應用程式11更包含:裝置接收模組12、裝置生成模組13、裝置連線模組14、設置模組15以及裝置傳送模組16;憑證伺服器20與自動化憑證申請應用程式11建立連線,憑證伺服器20更包含:憑證接收模組21、審核模組22、憑證生成模組23以及憑證傳送模組24;自動化憑證管理環境服務伺服器30更包含:伺服器接收模組31、伺服器生成模組32、驗證模組33以及伺服器傳送模組34。The certificate management system for automatic domain verification disclosed in the present invention includes: a
網域管理者裝置10例如是:一般電腦、筆記型電腦…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇,網域管理者裝置10、憑證伺服器20以及自動化憑證管理環境服務伺服器30彼此之間是透過有線傳輸方式或是無線傳輸方是建立連線,前述的有線傳輸方式例如是:電纜網路、光纖網路…等,前述的無線傳輸方式例如是:Wi-Fi、行動通訊網路(例如是:3G、4G、5G…等)…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The
請同時參考「第1圖」以及「第2圖」所示,「第2圖」繪示為本發明自動化網域驗證的憑證管理的資訊流示意圖。Please refer to "Fig. 1" and "Fig. 2" at the same time, "Fig. 2" is a schematic diagram of the information flow of the certificate management for automated domain verification according to the present invention.
在網域管理者需要對網域申請憑證時,即可透過網域管理者裝置10自憑證伺服器20下載並安裝的自動化憑證申請應用程式11進行自動化憑證申請,網域管理者透過自動化憑證申請應用程式11所提供的使用者介面輸入至少一憑證申請資訊,憑證申請資訊包含有基本資訊、聯絡人資訊以及付費資訊…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the domain administrator needs to apply for a certificate for the domain, he can apply for an automated certificate through the automated
當網域管理者於使用者介面輸入至少一憑證申請資訊完成後,裝置接收模組12即可接收至少一憑證申請資訊,在裝置接收模組12接收至少一憑證申請資訊時,裝置生成模組13即可依據至少一憑證申請資訊對應生成至少一憑證申請請求41,在裝置生成模組13依據至少一憑證申請資訊對應生成至少一憑證申請請求41時,裝置傳送模組16即可傳送至少一憑證申請請求41至憑證接收模組21。After the domain administrator completes inputting at least one certificate application information on the user interface, the
憑證接收模組21自裝置傳送模組16接收至少一憑證申請請求41時,審核模組22即可對至少一憑證申請請求41進行審核,審核模組22即是對憑證申請資訊中的基本資訊、聯絡人資訊以及付費資訊…等資訊進行審核,例如是:透過聯絡人資訊中的手機號碼以簡訊提供一次性密碼的方式確認聯絡人、依據付費資訊中匯入帳號、匯出帳號以及匯款金額確認匯款金額的正確性…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the
當至少一憑證申請請求41通過審核模組22的審核時,憑證傳送模組24即可傳送自動化憑證管理環境申請連結42至裝置接收模組12,裝置接收模組12即可自憑證傳送模組24接收自動化憑證管理環境申請連結42,當自動化憑證管理環境申請連結42被網域管理者觸發時,裝置連線模組14即可連結至自動化憑證管理環境服務伺服器30,並且裝置連線模組14提供至少一憑證申請請求41至自動化憑證管理環境服務伺服器30。When at least one
伺服器接收模組31自裝置連線模組14接收至少一憑證申請請求41時,伺服器生成模組32即可分別依據至少一憑證申請請求41對應生成隨機值43與設置位置列表44,設置位置列表44中具有至少一設置位置,設置位置例如是:網域的指定路徑、網域名稱系統紀錄(DNS record)…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the server receiving
值得注意的是,設置位置列表44中的每一個設置位置可對應設置相同的隨機值43,或是設置位置列表44中的每一個設置位置對應設置不相同的隨機值43,具體而言,在網域的指定路徑設置隨機值43為123456以及在網域名稱系統紀錄設置隨機值43為123456,或是在網域的指定路徑設置隨機值43為123456以及在網域名稱系統紀錄設置隨機值43為654321,在此僅為舉例說明之,並不以此侷限本發明的應用範疇,伺服器生成模組32生成隨機值43可以是直接進行隨機值的計算或是依據對應的憑證申請請求41進行隨機值43的計算,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。It is worth noting that each setting position in the
在伺服器生成模組32分別依據至少一憑證申請請求41對應生成隨機值43與設置位置列表44時,伺服器傳送模組34即可傳送與至少一憑證申請請求41對應的隨機值43與設置位置列表44至裝置連線模組14,在裝置連線模組14自伺服器傳送模組34接收到與至少一憑證申請請求41對應的隨機值43與設置位置列表44時,設置模組15即可依據設置位置列表44中的每一個設置位置將對應的隨機值43於對應的網域進行隨機值的設置。When the
在設置模組15依據設置位置列表44中的每一個設置位置將對應的隨機值43於對應的網域進行隨機值的設置,即設置模組15對對應的網域完成隨機值43的設置,裝置傳送模組16即會傳送與至少一憑證申請請求41對應的設置完成回應45至伺服器接收模組31。In the
在伺服器接收模組31自裝置傳送模組16接收與至少一憑證申請請求41對應的設置完成回應45時,驗證模組33即會依據至少一憑證申請請求41分別連線至對應的網域,並依據與至少一憑證申請請求41對應的設置位置列表44中的每一個設置位置驗證是否具有隨機值43以及驗證隨機值43是否正確。When the server receiving
當對應的網域中設置位置列表44中的每一個設置位置所設置的隨機值43被驗證模組33驗證成功時,即可藉由伺服器傳送模組34分別傳送與至少一憑證申請請求41對應的驗證成功回應46至裝置連線模組14以及憑證接收模組21。When the
憑證接收模組21在自伺服器傳送模組34接收到與至少一憑證申請請求41對應的驗證成功回應46時,憑證生成模組23即會依據對應的至少一憑證申請請求41生成網域憑證47。When the
裝置連線模組14在自伺服器傳送模組34接收到與至少一憑證申請請求41對應的驗證成功回應46時,裝置連線模組14即可傳送與至少一憑證申請請求41對應的憑證下載請求48至伺服器接收模組31,在伺服器接收模組31自裝置連線模組14接收與至少一憑證申請請求41對應的憑證下載請求48時,伺服器生成模組32即可依據憑證下載請求48生成對應的憑證下載連結49。When the
在伺服器生成模組32依據憑證下載請求48生成對應的憑證下載連結49時,伺服器傳送模組34即可傳送憑證下載連結49至裝置連線模組14,當憑證下載連結49被觸發時,自動化憑證申請應用程式11即可連結至憑證伺服器20以進行與至少一憑證申請請求41對應的網域憑證47下載。When the
接著,以下將說明本發明的運作方法,並請同時參考「第3A圖」至「第3C圖」所示,「第3A圖」至「第3C圖」繪示為本發明自動化網域驗證的憑證管理方法的方法流程圖。Next, the operation method of the present invention will be described below, and please refer to "Fig. 3A" to "Fig. 3C" at the same time. Method flow diagram of the credential management method.
首先,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式(步驟101);接著,網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求(步驟102);接著,網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器(步驟103);接著,憑證伺服器對至少一憑證申請請求分別進行審核(步驟104);接著,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式(步驟105);接著,網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求(步驟106);接著,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表(步驟107);接著,自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式(步驟108);接著,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置(步驟109);接著,當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器(步驟110);接著,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確(步驟111);接著,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器(步驟112);接著,當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證(步驟113);接著,自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器(步驟114);接著,自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式(步驟115);最後,自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載(步驟116)。First, the domain administrator device downloads and installs an automated certificate application application from the certificate server (step 101 ); then, the domain administrator device receives at least one certificate application information and generates at least one certificate application correspondingly according to the at least one certificate application information request (step 102 ); then, the domain administrator device transmits at least one certificate application request to the certificate server through the automated certificate application application (step 103 ); then, the certificate server checks the at least one certificate application request respectively (step 103 ) 104); then, when at least one certificate application request is approved, the certificate server provides an automatic certificate management environment application link to the automatic certificate application application (step 105); The automatic certificate management environment application link is connected to the automatic certificate management environment service server and provides at least one certificate application request (step 106 ); then, the automatic certificate management environment service server correspondingly generates random values and settings according to the at least one certificate application request. Location list (step 107 ); then, the automated certificate management environment service server feeds back the corresponding random value and setting location list to the automated certificate application application (step 108 ); A setting location sets the corresponding random value in the corresponding domain (step 109 ); then, after the automated certificate application application completes the setting of the random value for the corresponding domain, the corresponding setting is completed and the response is sent to The automated certificate management environment service server (step 110 ); then, the automated certificate management environment service server is connected to the corresponding network domain according to at least one certificate application request, and is set according to each setting location in the corresponding setting location list Verify whether there is a random value and verify whether the random value is correct (step 111 ); then, when the random value set in each setting location in the setting location list in the corresponding network domain is successfully verified, the automated certificate management environment service server respectively Feedback the corresponding verification success response to the automated certificate application application and the certificate server (step 112 ); then, when the certificate server receives the verification success response, the certificate server generates a domain certificate according to the corresponding at least one certificate application request ( Step 113); then, the automated certificate application application sends a certificate download request corresponding to at least one certificate application request to the automated certificate management environment service server (step 114); then, the automated certificate management environment service server generates a certificate download request according to the certificate download request The corresponding certificate download link is fed back to the automated certificate application application (step 115 ); finally, the automated certificate application application connects to the certificate server through the certificate download link to download the corresponding domain certificate (step 116 ).
綜上所述,可知本發明與先前技術之間的差異在於網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式,以依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域以進行網域的驗證,當驗證成功後,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證,自動化憑證申請應用程式再透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。From the above, it can be seen that the difference between the present invention and the prior art is that the domain administrator device downloads and installs the automated certificate application application program from the certificate server. When at least one certificate application request is approved, the certificate server provides the automatic certificate The management environment application is linked to the automated certificate application application, so as to apply for a link according to the automated certificate management environment to link to the automated certificate management environment service server and provide at least one certificate application request, and the automated certificate management environment service server respectively applies according to the at least one certificate The request corresponds to generate a random value and a list of setting locations. The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list. The automated certificate management environment service server then follows At least one certificate application request is respectively connected to the corresponding domain for verification of the domain. When the verification is successful, the certificate server generates a domain certificate according to the corresponding at least one certificate application request, and the automated certificate application application downloads the certificate through the certificate Link to link to the certificate server for the corresponding domain certificate download.
藉由此一技術手段可以來解決先前技術所存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,進而達成減少網域憑證申請在網域驗證的驗證時間與提高驗證效率的技術功效。This technical means can solve the existing problems in the prior art that the verification of whether the certificate applicant legally owns the domain takes too much time and the verification process is inconvenient, thereby reducing the need for domain certificate applications in the domain. Verification time for verification and technical efficacy to improve verification efficiency.
雖然本發明所揭露的實施方式如上,惟所述的內容並非用以直接限定本發明的專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露的精神和範圍的前提下,可以在實施的形式上及細節上作些許的更動。本發明的專利保護範圍,仍須以所附的申請專利範圍所界定者為準。Although the embodiments disclosed in the present invention are as above, the above-mentioned contents are not used to directly limit the scope of the patent protection of the present invention. Anyone with ordinary knowledge in the technical field to which the present invention pertains can make some changes in the form and details of the implementation without departing from the spirit and scope of the present invention. The scope of patent protection of the present invention shall still be defined by the scope of the appended patent application.
10:網域管理者裝置 11:自動化憑證申請應用程式 12:裝置接收模組 13:裝置生成模組 14:裝置連線模組 15:設置模組 16:裝置傳送模組 20:憑證伺服器 21:憑證接收模組 22:審核模組 23:憑證生成模組 24:憑證傳送模組 30:自動化憑證管理環境服務伺服器 31:伺服器接收模組 32:伺服器生成模組 33:驗證模組 34:伺服器傳送模組 41:憑證申請請求 42:自動化憑證管理環境申請連結 43:隨機值 44:設置位置列表 45:設置完成回應 46:驗證成功回應 47:網域憑證 48:憑證下載請求 49:憑證下載連結 步驟 101:網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式 步驟 102:網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求 步驟 103:網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器 步驟 104:憑證伺服器對至少一憑證申請請求分別進行審核 步驟 105:當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式 步驟 106:網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求 步驟 107:自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表 步驟 108:自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式 步驟 109:自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置 步驟 110:當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器 步驟 111:自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確 步驟 112:當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器 步驟 113:當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證 步驟 114:自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器 步驟 115:自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式 步驟 116:自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載 10: Domain Manager Device 11: Automated Credential Request App 12: Device receiving module 13: Device generation module 14: Device connection module 15: Set up the module 16: Device transfer module 20: Certificate Server 21: Credential receiving module 22: Audit Module 23: Credential Generation Module 24: Credential transfer module 30: Automated Credential Management Environment Service Server 31: Server receiving module 32: Server Generation Module 33: Verification Module 34: Server Transmission Module 41: Credential Application Request 42: Application link for automated credential management environment 43: random value 44: Set the location list 45: Setup complete response 46: Verification successful response 47: Domain Credentials 48: Credential download request 49: Certificate download link Step 101: The domain administrator device downloads and installs the automated certificate request application from the certificate server Step 102: The domain manager device receives at least one certificate application information and generates at least one certificate application request correspondingly according to the at least one certificate application information Step 103: The domain administrator device sends at least one certificate application request to the certificate server through the automated certificate application application Step 104: The certificate server checks the at least one certificate application request respectively Step 105: When at least one certificate application request is approved, the certificate server provides the automatic certificate management environment application link to the automatic certificate application application Step 106: The domain administrator device connects to the automated certificate management environment service server through the automated certificate application application according to the automated certificate management environment application link and provides at least one certificate application request Step 107: The automated certificate management environment service server correspondingly generates a random value and a setting location list according to at least one certificate application request. Step 108: The automatic certificate management environment service server feeds back the corresponding random value and setting location list to the automatic certificate application application Step 109: The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list Step 110: After the automated certificate application application completes the setting of the random value for the corresponding domain, the corresponding setting is completed and a response is sent to the automated certificate management environment service server Step 111: The automated certificate management environment service server is then connected to the corresponding domain according to the at least one certificate application request, and verifies whether the random value has a random value and whether the random value is correct according to each setting location in the corresponding setting location list. Step 112: When the random value set at each setting location in the setting location list in the corresponding network domain is successfully verified, the automated certificate management environment service server respectively feeds back the corresponding verification success response to the automated certificate application application and the certificate server. device Step 113: When the certificate server receives the verification success response, the certificate server generates a domain certificate according to the corresponding at least one certificate application request Step 114: The automated certificate application application sends a certificate download request corresponding to the at least one certificate application request to the automated certificate management environment service server Step 115: The automatic certificate management environment service server generates a corresponding certificate download link according to the certificate download request and feeds it back to the automatic certificate application application Step 116: The automated certificate application application connects to the certificate server through the certificate download link for the corresponding domain certificate download
第1圖繪示為本發明自動化網域驗證的憑證管理系統的系統方塊圖。 第2圖繪示為本發明自動化網域驗證的憑證管理的資訊流示意圖。 第3A圖至第3C圖繪示為本發明自動化網域驗證的憑證管理方法的方法流程圖。 FIG. 1 is a system block diagram of the credential management system for automatic domain verification according to the present invention. FIG. 2 is a schematic diagram of the information flow of the certificate management of automated domain verification according to the present invention. FIG. 3A to FIG. 3C are method flowcharts of the credential management method for automated domain verification according to the present invention.
10:網域管理者裝置 10: Domain Manager Device
11:自動化憑證申請應用程式 11: Automated Credential Request App
12:裝置接收模組 12: Device receiving module
13:裝置生成模組 13: Device generation module
14:裝置連線模組 14: Device connection module
15:設置模組 15: Set up the module
16:裝置傳送模組 16: Device transfer module
20:憑證伺服器 20: Certificate Server
21:憑證接收模組 21: Credential receiving module
22:審核模組 22: Audit Module
23:憑證生成模組 23: Credential Generation Module
24:憑證傳送模組 24: Credential transfer module
30:自動化憑證管理環境服務伺服器 30: Automated Credential Management Environment Service Server
31:伺服器接收模組 31: Server receiving module
32:伺服器生成模組 32: Server Generation Module
33:驗證模組 33: Verification Module
34:伺服器傳送模組 34: Server Transmission Module
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110114696A TWI775405B (en) | 2021-04-23 | 2021-04-23 | Credential management system for automatic network domain verification and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110114696A TWI775405B (en) | 2021-04-23 | 2021-04-23 | Credential management system for automatic network domain verification and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI775405B true TWI775405B (en) | 2022-08-21 |
TW202243438A TW202243438A (en) | 2022-11-01 |
Family
ID=83807488
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110114696A TWI775405B (en) | 2021-04-23 | 2021-04-23 | Credential management system for automatic network domain verification and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI775405B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130111609A1 (en) * | 2011-11-01 | 2013-05-02 | Cleversafe, Inc. | Highly secure method for accessing a dispersed storage network |
TW201605219A (en) * | 2014-07-29 | 2016-02-01 | 臺灣網路認證股份有限公司 | Network device, register gateway and method for finishing applying certificate automatically |
TW201836322A (en) * | 2017-07-10 | 2018-10-01 | 大陸商騰訊科技(深圳)有限公司 | Certificate management method and system |
US20200213272A1 (en) * | 2017-10-17 | 2020-07-02 | Servicenow, Inc. | Deployment of a Custom Address to a Remotely Managed Computational Instance |
US10805312B1 (en) * | 2018-03-21 | 2020-10-13 | Amazon Technologies, Inc. | Programmatically verifying electronic domains |
TWM618092U (en) * | 2021-04-23 | 2021-10-11 | 臺灣網路認證股份有限公司 | Certificate management system for automated domain verification |
-
2021
- 2021-04-23 TW TW110114696A patent/TWI775405B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130111609A1 (en) * | 2011-11-01 | 2013-05-02 | Cleversafe, Inc. | Highly secure method for accessing a dispersed storage network |
TW201605219A (en) * | 2014-07-29 | 2016-02-01 | 臺灣網路認證股份有限公司 | Network device, register gateway and method for finishing applying certificate automatically |
TW201836322A (en) * | 2017-07-10 | 2018-10-01 | 大陸商騰訊科技(深圳)有限公司 | Certificate management method and system |
US20200213272A1 (en) * | 2017-10-17 | 2020-07-02 | Servicenow, Inc. | Deployment of a Custom Address to a Remotely Managed Computational Instance |
US10805312B1 (en) * | 2018-03-21 | 2020-10-13 | Amazon Technologies, Inc. | Programmatically verifying electronic domains |
TWM618092U (en) * | 2021-04-23 | 2021-10-11 | 臺灣網路認證股份有限公司 | Certificate management system for automated domain verification |
Also Published As
Publication number | Publication date |
---|---|
TW202243438A (en) | 2022-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8261080B2 (en) | System and method for managing digital certificates on a remote device | |
CN103428696B (en) | Virtual SIM card achieving method and system and relevant device | |
CN101940016B (en) | Method and system for mobile device credentialing | |
JP4644738B2 (en) | Device management method using broadcast channel | |
US20090228966A1 (en) | Authentication Method for Wireless Transactions | |
TWI382724B (en) | Automated supply system and method | |
WO2018166359A1 (en) | Mobile payment sublicensing method and payment system implemented by using same | |
US20140082695A1 (en) | Secure account creation | |
WO2014000623A1 (en) | Security information interaction system, device and method | |
WO2009094949A1 (en) | Creditable remote service method and system | |
CN103200176A (en) | Identification method, identification device and identification system based on bank independent communication channel | |
RU2007138849A (en) | NETWORK COMMERCIAL TRANSACTIONS | |
WO2023087423A1 (en) | In-vehicle network ota security communication method and apparatus, vehicle-mounted system, and storage medium | |
CN103186721B (en) | Digital copyright service control, Apparatus and system | |
JP6571890B1 (en) | Electronic signature system, certificate issuing system, certificate issuing method and program | |
JP2023505471A (en) | Provisioning method and terminal equipment | |
CN103179176A (en) | Call method, device and system for web application in cloud/cluster environment | |
CN108200055A (en) | A kind of software approach of embedded product intellectual property protection | |
CN113051539A (en) | Method and device for calling digital certificate | |
TWI775405B (en) | Credential management system for automatic network domain verification and method thereof | |
CN101373499A (en) | Method for integrating single point login page | |
KR20140089730A (en) | Method and System for Registering Payment Means by using Alliance Application | |
CN115134154A (en) | Authentication method and device, and method and system for remotely controlling vehicle | |
KR20170021813A (en) | Method for Processing Payment based on Application Program by using One Time Password | |
TWI831515B (en) | Automated credential application and domain verification system and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent |