TWI775405B - Credential management system for automatic network domain verification and method thereof - Google Patents

Credential management system for automatic network domain verification and method thereof Download PDF

Info

Publication number
TWI775405B
TWI775405B TW110114696A TW110114696A TWI775405B TW I775405 B TWI775405 B TW I775405B TW 110114696 A TW110114696 A TW 110114696A TW 110114696 A TW110114696 A TW 110114696A TW I775405 B TWI775405 B TW I775405B
Authority
TW
Taiwan
Prior art keywords
certificate
application
domain
server
automated
Prior art date
Application number
TW110114696A
Other languages
Chinese (zh)
Other versions
TW202243438A (en
Inventor
林志能
周彥均
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW110114696A priority Critical patent/TWI775405B/en
Application granted granted Critical
Publication of TWI775405B publication Critical patent/TWI775405B/en
Publication of TW202243438A publication Critical patent/TW202243438A/en

Links

Images

Abstract

A credential management system for automatic network domain verification and a method thereof are provided. Automatic certificate application is downloaded and installed by domain administrator device from certificate server. Automatic certificate management environment application link is provided to automatic certificate application by certificate server when at least one certificate application request is approved. Automatic certificate application is connected to automatic certificate management environment server according to automatic certificate management environment application link. At least one certificate application request is provided to automatic certificate management environment server from automatic certificate application. Random value and set location list are generated correspondence with at least one certificate application request respectively by automatic certificate management environment server. Random value and set location list are feedback to automatic certificate application from automatic certificate management environment server. Random value is set correspondence with domain according to each one of set location in set location list by automatic certificate application. Domain is connected by automatic certificate management environment server according to at least one certificate application request respectively to verify domain. Domain certificate is generated according to at least one certificate application request by certificate server when domain verification succeeded. Domain certificate is downloaded by automatic certificate application when automatic certificate application is connected to certificate server according to certificate download link. Therefore, the efficiency of reducing verification time and improving verification efficiency of domain certificate application may be achieved.

Description

自動化網域驗證的憑證管理系統及其方法Credential management system and method for automated domain verification

一種憑證管理系統及其方法,尤其是指一種透過自動化憑證管理環境服務伺服器進行自動化網域驗證的自動化網域驗證的憑證管理系統及其方法。A certificate management system and method thereof, in particular to a certificate management system and method for automatic domain verification through automated certificate management environment service server for automatic domain verification.

現有對於網域憑證的申請,要先對憑證申請人是否合法擁有該網域進行驗證,而現有對於網域的驗證過程是需要憑證申請人與憑證發行單位進行繁複的網域設定與網域驗證。In the existing application for domain certificate, it is necessary to verify whether the certificate applicant legally owns the domain, and the existing verification process for the domain requires the certificate applicant and certificate issuer to perform complicated domain settings and domain verification. .

現有對於網域的驗證過程是在憑證申請人提出申請後,憑證發行單位會要求憑證申請人在網域的指定路徑、網域名稱系統紀錄…等設置憑證發行單位要求的資訊,在憑證申請人完成憑證發行單位要求資訊於網域的指定路徑、網域名稱系統紀錄…等的設置後,憑證申請人會需要等待憑證發行單位對憑證申請人是否合法擁有該網域進行驗證,在憑證發行單位確認憑證申請人合法擁有該網域後,才對憑證申請人所申請的網域進行網域憑證發行。The existing verification process for the domain is that after the certificate applicant submits an application, the certificate issuing unit will require the certificate applicant to set the information required by the certificate issuing unit, such as the designated path in the domain, the domain name system record, etc., in the certificate applicant. After completing the setting of the specified path, domain name system record, etc. required by the certificate issuing unit in the domain, the certificate applicant will need to wait for the certificate issuing unit to verify whether the certificate applicant legally owns the domain. Only after confirming that the certificate applicant legally owns the domain, the domain certificate is issued for the domain applied by the certificate applicant.

現有對於網域憑證的申請往往需要花費過多的時間進行對憑證申請人是否合法擁有該網域進行驗證,且對於大量的網域憑證申請也會造成對憑證申請人是否合法擁有該網域進行驗證的困擾。Existing applications for domain certificates often take too much time to verify whether the certificate applicant legally owns the domain, and a large number of domain certificate applications will also result in verification of whether the certificate applicant legally owns the domain troubles.

綜上所述,可知先前技術中長期以來一直存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,因此有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a long-standing problem in the prior art that the verification of whether the certificate applicant legally owns the domain is time-consuming and the verification process is inconvenient. Therefore, it is necessary to propose improved technical means to solve the problem. solve this problem.

有鑒於先前技術存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,本發明遂揭露一種自動化網域驗證的憑證管理系統及其方法,其中:In view of the existing problems in the prior art that it takes too much time to verify whether the certificate applicant legally owns the domain, and the verification process is inconvenient, the present invention discloses a certificate management system and method for automatic domain verification, wherein :

本發明所揭露的自動化網域驗證的憑證管理系統,其包含:網域管理者裝置、憑證伺服器以及自動化憑證管理環境服務伺服器,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,自動化憑證申請應用程式更包含:裝置接收模組、裝置生成模組、裝置連線模組、設置模組以及裝置傳送模組;憑證伺服器與自動化憑證申請應用程式建立連線,憑證伺服器更包含:憑證接收模組、審核模組、憑證生成模組以及憑證傳送模組;自動化憑證管理環境服務伺服器更包含:伺服器接收模組、伺服器生成模組、驗證模組以及伺服器傳送模組。The certificate management system for automatic network domain verification disclosed in the present invention includes: a network domain administrator device, a certificate server, and an automated certificate management environment service server. The network domain administrator device downloads and installs the automatic certificate application from the certificate server. Application, the automated certificate application application further includes: a device receiving module, a device generating module, a device connection module, a setting module and a device sending module; the certificate server establishes a connection with the automated certificate application application, and the certificate The server also includes: a certificate receiving module, an auditing module, a certificate generating module and a certificate transmitting module; the automatic certificate management environment service server further includes: a server receiving module, a server generating module, a verification module and Server transfer module.

裝置接收模組是用以接收至少一憑證申請資訊,接收自動化憑證管理環境(Automatic Certificate Management Environment,ACME)申請連結;裝置生成模組是用以依據至少一憑證申請資訊對應生成至少一憑證申請請求;裝置連線模組是用以當自動化憑證管理環境申請連結被觸發時,連結至自動化憑證管理環境服務伺服器,並提供至少一憑證申請請求至自動化憑證管理環境服務伺服器,接收與至少一憑證申請請求對應的隨機值與設置位置列表,接收與至少一憑證申請請求對應的驗證成功回應並傳送與至少一憑證申請請求對應的憑證下載請求,接收與至少一憑證申請請求對應的憑證下載連結,當憑證下載連結被觸發時,連結至憑證伺服器以進行與至少一憑證申請請求對應的網域憑證下載;設置模組是用以依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置;及裝置傳送模組是傳送至少一憑證申請請求,當設置模組對對應的網域完成隨機值的設置後,傳送對應的設置完成回應。The device receiving module is used for receiving at least one certificate application information and receiving the automatic certificate management environment (Automatic Certificate Management Environment, ACME) application link; the device generating module is used for correspondingly generating at least one certificate application request according to the at least one certificate application information ; The device connection module is used to connect to the automated credential management environment service server when the automated credential management environment application link is triggered, and to provide at least one credential application request to the automated credential management environment service server, and to receive and communicate with at least one A list of random values and setting locations corresponding to the credential application request, receiving a successful verification response corresponding to at least one credential application request and transmitting a credential download request corresponding to at least one credential application request, and receiving a credential download link corresponding to at least one credential application request , when the certificate download link is triggered, link to the certificate server to download the domain certificate corresponding to at least one certificate application request; the setting module is used to set the corresponding random value according to each setting position in the setting position list The random value is set in the corresponding network domain; and the device transmission module transmits at least one certificate application request, and when the setting module completes the setting of the random value for the corresponding network domain, it transmits a corresponding setting completion response.

憑證接收模組是用以自裝置傳送模組接收至少一憑證申請請求,接收與至少一憑證申請請求對應的驗證成功回應;審核模組是用以對至少一憑證申請請求進行審核;憑證生成模組是用以當憑證接收模組接收到對應的驗證成功回應時,依據對應的至少一憑證申請請求生成網域憑證;及憑證傳送模組是當至少一憑證申請請求審核通過時,傳送自動化憑證管理環境申請連結至裝置接收模組。The credential receiving module is used to receive at least one credential application request from the device transmission module, and receive a verification success response corresponding to the at least one credential application request; the auditing module is used to examine the at least one credential application request; the credential generating module The group is used to generate a domain certificate according to the corresponding at least one certificate application request when the certificate receiving module receives the corresponding verification success response; and the certificate transmission module is used to transmit the automated certificate when at least one certificate application request is approved. The management environment application is linked to the device receiving module.

伺服器接收模組是用以自裝置連線模組接收至少一憑證申請請求,自裝置傳送模組接收對應的設置完成回應,自裝置連線模組接收與至少一憑證申請請求對應的憑證下載請求;伺服器生成模組是用以分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,依據憑證下載請求生成對應的憑證下載連結;驗證模組是依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確;及伺服器傳送模組是用以傳送對應的隨機值與設置位置列表至裝置連線模組,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,分別傳送對應的驗證成功回應至裝置連線模組以及憑證接收模組,傳送憑證下載連結至裝置連線模組。The server receiving module is used to receive at least one certificate application request from the device connection module, receive a corresponding setup completion response from the device transmission module, and receive a certificate download corresponding to the at least one certificate application request from the device connection module request; the server generation module is used to respectively generate a random value and a setting location list according to at least one certificate application request, and generate a corresponding certificate download link according to the certificate download request; the verification module is used to connect separately according to at least one certificate application request to the corresponding domain, and verify whether there is a random value and whether the random value is correct according to each setting location in the corresponding setting location list; and the server transmission module is used to transmit the corresponding random value and setting location list to The device connection module, when the random value set at each setting location in the corresponding network domain setting location list is successfully verified, it sends the corresponding verification success response to the device connection module and the certificate receiving module, respectively, and sends The certificate download link is linked to the device connection module.

本發明所揭露的自動化網域驗證的憑證管理方法,其包含下列步驟:The credential management method for automatic domain verification disclosed in the present invention includes the following steps:

首先,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式;接著,網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求;接著,網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器;接著,憑證伺服器對至少一憑證申請請求分別進行審核;接著,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式;接著,網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求;接著,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表;接著,自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式;接著,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置;接著,當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器;接著,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確;接著,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器;接著,當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證;接著,自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器;接著,自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式;最後,自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。First, the domain manager device downloads and installs an automated certificate application application program from the certificate server; then, the domain manager device receives at least one certificate application information and generates at least one certificate application request correspondingly according to the at least one certificate application information; then, The domain manager device transmits at least one certificate application request to the certificate server through the automated certificate application application; then, the certificate server separately examines the at least one certificate application request; then, when the at least one certificate application request is approved, the certificate The server provides the automated certificate management environment application link to the automated certificate application application; then, the domain administrator device applies the link through the automated certificate application application according to the automated certificate management environment to link to the automated certificate management environment service server and provides at least one A certificate application request; then, the automated certificate management environment service server respectively generates a random value and a setting location list according to at least one certificate application request; then, the automated certificate management environment service server feeds back the corresponding random value and setting location list to the automated certificate Apply for an application; then, the automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list; After completing the setting of the random value, the feedback corresponding setting is completed and a response is sent to the automatic certificate management environment service server; then, the automatic certificate management environment service server is respectively connected to the corresponding network domain according to at least one certificate application request, and according to the corresponding Each setting location in the setting location list verifies whether it has a random value and whether the random value is correct; then, when the random value set by each setting location in the setting location list in the corresponding domain is verified successfully, the automated credential The management environment service server respectively feeds back the corresponding verification success response to the automated certificate application application and the certificate server; then, when the certificate server receives the verification success response, the certificate server generates a domain according to the corresponding at least one certificate application request certificate; then, the automated certificate application application sends a certificate download request corresponding to at least one certificate application request to the automatic certificate management environment service server; then, the automatic certificate management environment service server generates a corresponding certificate download link according to the certificate download request and Feed back to the automated certificate application application; finally, the automated certificate application application connects to the certificate server through the certificate download link to download the corresponding domain certificate.

本發明所揭露的系統及方法如上,與先前技術之間的差異在於網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式,以依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域以進行網域的驗證,當驗證成功後,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證,自動化憑證申請應用程式再透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。The system and method disclosed in the present invention are as above, and the difference between the system and the prior art is that the domain administrator device downloads and installs the automated certificate application application program from the certificate server. When at least one certificate application request is approved, the certificate server provides The automated credential management environment application is linked to the automated credential application application, so as to connect to the automated credential management environment service server according to the automated credential management environment application and provide at least one credential application request, and the automated credential management environment service server is based on the at least one The certificate application request generates a list of random values and setting locations. The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list. The automatic certificate management environment service server Then, according to the at least one certificate application request, it is respectively connected to the corresponding domain for verification of the domain. When the verification is successful, the certificate server generates a domain certificate according to the corresponding at least one certificate application request, and the automated certificate application application passes the Certificate download link to link to the certificate server for the corresponding domain certificate download.

透過上述的技術手段,本發明可以達成減少網域憑證申請在網域驗證的驗證時間與提高驗證效率的技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of reducing the verification time of the verification of the domain certificate application in the domain and improving the verification efficiency.

以下將配合圖式及實施例來詳細說明本發明的實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.

以下首先要說明本發明所揭露的自動化網域驗證的憑證管理系統,並請參考「第1圖」所示,「第1圖」繪示為本發明自動化網域驗證的憑證管理系統的系統方塊圖。The following first describes the credential management system for automatic domain verification disclosed in the present invention, and please refer to "Fig. 1". "Fig. 1" shows the system blocks of the credential management system for automated domain verification of the present invention. picture.

本發明所揭露的自動化網域驗證的憑證管理系統,其包含:網域管理者裝置10、憑證伺服器20以及自動化憑證管理環境服務伺服器30,網域管理者裝置10自憑證伺服器20下載並安裝自動化憑證申請應用程式11,自動化憑證申請應用程式11更包含:裝置接收模組12、裝置生成模組13、裝置連線模組14、設置模組15以及裝置傳送模組16;憑證伺服器20與自動化憑證申請應用程式11建立連線,憑證伺服器20更包含:憑證接收模組21、審核模組22、憑證生成模組23以及憑證傳送模組24;自動化憑證管理環境服務伺服器30更包含:伺服器接收模組31、伺服器生成模組32、驗證模組33以及伺服器傳送模組34。The certificate management system for automatic domain verification disclosed in the present invention includes: a domain manager device 10 , a certificate server 20 and an automated certificate management environment service server 30 , and the domain manager device 10 downloads the certificate from the certificate server 20 The automated certificate application application 11 is installed, and the automated certificate application application 11 further includes: a device receiving module 12, a device generating module 13, a device connection module 14, a setting module 15 and a device transmission module 16; a certificate server The server 20 establishes a connection with the automated certificate application application 11, and the certificate server 20 further includes: a certificate receiving module 21, an auditing module 22, a certificate generating module 23 and a certificate transmitting module 24; the automatic certificate management environment service server 30 further includes: a server receiving module 31 , a server generating module 32 , a verification module 33 and a server transmitting module 34 .

網域管理者裝置10例如是:一般電腦、筆記型電腦…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇,網域管理者裝置10、憑證伺服器20以及自動化憑證管理環境服務伺服器30彼此之間是透過有線傳輸方式或是無線傳輸方是建立連線,前述的有線傳輸方式例如是:電纜網路、光纖網路…等,前述的無線傳輸方式例如是:Wi-Fi、行動通訊網路(例如是:3G、4G、5G…等)…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The domain manager device 10 is, for example, a general computer, a notebook computer, etc., which are only illustrative and not limited to the scope of application of the present invention. The domain manager device 10 , the certificate server 20 and the automation The certificate management environment service servers 30 are connected to each other through wired transmission or wireless transmission. The aforementioned wired transmission is, for example, a cable network, an optical fiber network, etc. : Wi-Fi, mobile communication network (for example: 3G, 4G, 5G, etc.), etc., which are only illustrative, and do not limit the scope of application of the present invention.

請同時參考「第1圖」以及「第2圖」所示,「第2圖」繪示為本發明自動化網域驗證的憑證管理的資訊流示意圖。Please refer to "Fig. 1" and "Fig. 2" at the same time, "Fig. 2" is a schematic diagram of the information flow of the certificate management for automated domain verification according to the present invention.

在網域管理者需要對網域申請憑證時,即可透過網域管理者裝置10自憑證伺服器20下載並安裝的自動化憑證申請應用程式11進行自動化憑證申請,網域管理者透過自動化憑證申請應用程式11所提供的使用者介面輸入至少一憑證申請資訊,憑證申請資訊包含有基本資訊、聯絡人資訊以及付費資訊…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the domain administrator needs to apply for a certificate for the domain, he can apply for an automated certificate through the automated certificate application application 11 downloaded and installed from the certificate server 20 on the domain administrator device 10 , and the domain administrator can apply for the certificate through the automated certificate. The user interface provided by the application program 11 inputs at least one certificate application information. The certificate application information includes basic information, contact information and payment information, etc., which are only for illustration, and are not intended to limit the application of the present invention. category.

當網域管理者於使用者介面輸入至少一憑證申請資訊完成後,裝置接收模組12即可接收至少一憑證申請資訊,在裝置接收模組12接收至少一憑證申請資訊時,裝置生成模組13即可依據至少一憑證申請資訊對應生成至少一憑證申請請求41,在裝置生成模組13依據至少一憑證申請資訊對應生成至少一憑證申請請求41時,裝置傳送模組16即可傳送至少一憑證申請請求41至憑證接收模組21。After the domain administrator completes inputting at least one certificate application information on the user interface, the device receiving module 12 can receive at least one certificate application information, and when the device receiving module 12 receives at least one certificate application information, the device generating module 13 can generate at least one certificate application request 41 correspondingly according to the at least one certificate application information, and when the device generation module 13 generates at least one certificate application request 41 correspondingly according to the at least one certificate application information, the device transmission module 16 can transmit at least one certificate application request 41. The voucher application request 41 is sent to the voucher receiving module 21 .

憑證接收模組21自裝置傳送模組16接收至少一憑證申請請求41時,審核模組22即可對至少一憑證申請請求41進行審核,審核模組22即是對憑證申請資訊中的基本資訊、聯絡人資訊以及付費資訊…等資訊進行審核,例如是:透過聯絡人資訊中的手機號碼以簡訊提供一次性密碼的方式確認聯絡人、依據付費資訊中匯入帳號、匯出帳號以及匯款金額確認匯款金額的正確性…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the credential receiving module 21 receives at least one credential application request 41 from the device transmission module 16, the auditing module 22 can examine the at least one credential application request 41, and the auditing module 22 is to examine the basic information in the credential application information. , contact information and payment information...etc. for review, for example: confirm the contact person by providing a one-time password via SMS through the mobile phone number in the contact information, import account, export account and remittance amount according to the payment information Confirming the correctness of the remittance amount, etc., are only illustrative here, and are not intended to limit the scope of application of the present invention.

當至少一憑證申請請求41通過審核模組22的審核時,憑證傳送模組24即可傳送自動化憑證管理環境申請連結42至裝置接收模組12,裝置接收模組12即可自憑證傳送模組24接收自動化憑證管理環境申請連結42,當自動化憑證管理環境申請連結42被網域管理者觸發時,裝置連線模組14即可連結至自動化憑證管理環境服務伺服器30,並且裝置連線模組14提供至少一憑證申請請求41至自動化憑證管理環境服務伺服器30。When at least one credential application request 41 passes the verification of the verification module 22, the credential transmission module 24 can transmit the automated credential management environment application link 42 to the device receiving module 12, and the device receiving module 12 can send the certificate from the credential transmitting module 24 receives the automated credential management environment application link 42, when the automated credential management environment application link 42 is triggered by the domain administrator, the device connection module 14 can be connected to the automated credential management environment service server 30, and the device connection module The group 14 provides at least one credential application request 41 to the automated credential management environment service server 30 .

伺服器接收模組31自裝置連線模組14接收至少一憑證申請請求41時,伺服器生成模組32即可分別依據至少一憑證申請請求41對應生成隨機值43與設置位置列表44,設置位置列表44中具有至少一設置位置,設置位置例如是:網域的指定路徑、網域名稱系統紀錄(DNS record)…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。When the server receiving module 31 receives at least one certificate application request 41 from the device connection module 14, the server generating module 32 can respectively generate a random value 43 and a setting location list 44 according to the at least one certificate application request 41, and set the The location list 44 has at least one setting location. The setting location is, for example, a designated path of a network domain, a DNS record, etc., which are only for illustration, and are not intended to limit the application of the present invention. category.

值得注意的是,設置位置列表44中的每一個設置位置可對應設置相同的隨機值43,或是設置位置列表44中的每一個設置位置對應設置不相同的隨機值43,具體而言,在網域的指定路徑設置隨機值43為123456以及在網域名稱系統紀錄設置隨機值43為123456,或是在網域的指定路徑設置隨機值43為123456以及在網域名稱系統紀錄設置隨機值43為654321,在此僅為舉例說明之,並不以此侷限本發明的應用範疇,伺服器生成模組32生成隨機值43可以是直接進行隨機值的計算或是依據對應的憑證申請請求41進行隨機值43的計算,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。It is worth noting that each setting position in the setting position list 44 can be correspondingly set with the same random value 43, or each setting position in the setting position list 44 can be correspondingly set with a different random value 43. Specifically, in Set the random value of 43 to 123456 in the specified path of the domain and set the random value of 43 to 123456 in the domain name system record, or set the random value of 43 to 123456 in the specified path of the domain and set the random value of 43 in the domain name system record It is 654321, which is only for illustration, and does not limit the application scope of the present invention. The random value 43 generated by the server generation module 32 can be calculated directly or according to the corresponding certificate application request 41. The calculation of the random value 43 is only illustrative here, and does not limit the scope of application of the present invention.

在伺服器生成模組32分別依據至少一憑證申請請求41對應生成隨機值43與設置位置列表44時,伺服器傳送模組34即可傳送與至少一憑證申請請求41對應的隨機值43與設置位置列表44至裝置連線模組14,在裝置連線模組14自伺服器傳送模組34接收到與至少一憑證申請請求41對應的隨機值43與設置位置列表44時,設置模組15即可依據設置位置列表44中的每一個設置位置將對應的隨機值43於對應的網域進行隨機值的設置。When the server generation module 32 respectively generates the random value 43 and the setting position list 44 according to the at least one certificate application request 41 , the server transmission module 34 can transmit the random value 43 and the setting corresponding to the at least one certificate application request 41 . The location list 44 is sent to the device connection module 14. When the device connection module 14 receives the random value 43 corresponding to at least one certificate application request 41 and the setting location list 44 from the server transmission module 34, the setting module 15 That is, according to each setting position in the setting position list 44, the corresponding random value 43 is set as a random value in the corresponding network domain.

在設置模組15依據設置位置列表44中的每一個設置位置將對應的隨機值43於對應的網域進行隨機值的設置,即設置模組15對對應的網域完成隨機值43的設置,裝置傳送模組16即會傳送與至少一憑證申請請求41對應的設置完成回應45至伺服器接收模組31。In the setting module 15, according to each setting position in the setting position list 44, the corresponding random value 43 is set to the random value in the corresponding network domain, that is, the setting module 15 completes the setting of the random value 43 for the corresponding network domain, The device transmission module 16 then transmits a setup completion response 45 corresponding to the at least one certificate application request 41 to the server reception module 31 .

在伺服器接收模組31自裝置傳送模組16接收與至少一憑證申請請求41對應的設置完成回應45時,驗證模組33即會依據至少一憑證申請請求41分別連線至對應的網域,並依據與至少一憑證申請請求41對應的設置位置列表44中的每一個設置位置驗證是否具有隨機值43以及驗證隨機值43是否正確。When the server receiving module 31 receives a setup completion response 45 corresponding to the at least one certificate application request 41 from the device transmission module 16 , the verification module 33 will connect to the corresponding network domain according to the at least one certificate application request 41 respectively. , and verify whether each setting position in the setting position list 44 corresponding to the at least one certificate application request 41 has a random value 43 and whether the random value 43 is correct.

當對應的網域中設置位置列表44中的每一個設置位置所設置的隨機值43被驗證模組33驗證成功時,即可藉由伺服器傳送模組34分別傳送與至少一憑證申請請求41對應的驗證成功回應46至裝置連線模組14以及憑證接收模組21。When the random value 43 set at each setting position in the setting position list 44 in the corresponding network domain is successfully verified by the verification module 33 , the server transmission module 34 can respectively transmit at least one certificate application request 41 with The corresponding verification success response 46 is sent to the device connection module 14 and the certificate receiving module 21 .

憑證接收模組21在自伺服器傳送模組34接收到與至少一憑證申請請求41對應的驗證成功回應46時,憑證生成模組23即會依據對應的至少一憑證申請請求41生成網域憑證47。When the certificate receiving module 21 receives a verification success response 46 corresponding to at least one certificate application request 41 from the server transmission module 34 , the certificate generation module 23 will generate a domain certificate according to the corresponding at least one certificate application request 41 47.

裝置連線模組14在自伺服器傳送模組34接收到與至少一憑證申請請求41對應的驗證成功回應46時,裝置連線模組14即可傳送與至少一憑證申請請求41對應的憑證下載請求48至伺服器接收模組31,在伺服器接收模組31自裝置連線模組14接收與至少一憑證申請請求41對應的憑證下載請求48時,伺服器生成模組32即可依據憑證下載請求48生成對應的憑證下載連結49。When the device connection module 14 receives a verification success response 46 corresponding to the at least one certificate application request 41 from the server transmission module 34 , the device connection module 14 can transmit the certificate corresponding to the at least one certificate application request 41 The download request 48 is sent to the server receiving module 31. When the server receiving module 31 receives the certificate downloading request 48 corresponding to at least one certificate application request 41 from the device connection module 14, the server generating module 32 can The credential download request 48 generates a corresponding credential download link 49 .

在伺服器生成模組32依據憑證下載請求48生成對應的憑證下載連結49時,伺服器傳送模組34即可傳送憑證下載連結49至裝置連線模組14,當憑證下載連結49被觸發時,自動化憑證申請應用程式11即可連結至憑證伺服器20以進行與至少一憑證申請請求41對應的網域憑證47下載。When the server generation module 32 generates the corresponding certificate download link 49 according to the certificate download request 48, the server transmission module 34 can transmit the certificate download link 49 to the device connection module 14. When the certificate download link 49 is triggered , the automated certificate application application 11 can be connected to the certificate server 20 to download the domain certificate 47 corresponding to the at least one certificate application request 41 .

接著,以下將說明本發明的運作方法,並請同時參考「第3A圖」至「第3C圖」所示,「第3A圖」至「第3C圖」繪示為本發明自動化網域驗證的憑證管理方法的方法流程圖。Next, the operation method of the present invention will be described below, and please refer to "Fig. 3A" to "Fig. 3C" at the same time. Method flow diagram of the credential management method.

首先,網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式(步驟101);接著,網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求(步驟102);接著,網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器(步驟103);接著,憑證伺服器對至少一憑證申請請求分別進行審核(步驟104);接著,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式(步驟105);接著,網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求(步驟106);接著,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表(步驟107);接著,自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式(步驟108);接著,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置(步驟109);接著,當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器(步驟110);接著,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確(步驟111);接著,當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器(步驟112);接著,當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證(步驟113);接著,自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器(步驟114);接著,自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式(步驟115);最後,自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載(步驟116)。First, the domain administrator device downloads and installs an automated certificate application application from the certificate server (step 101 ); then, the domain administrator device receives at least one certificate application information and generates at least one certificate application correspondingly according to the at least one certificate application information request (step 102 ); then, the domain administrator device transmits at least one certificate application request to the certificate server through the automated certificate application application (step 103 ); then, the certificate server checks the at least one certificate application request respectively (step 103 ) 104); then, when at least one certificate application request is approved, the certificate server provides an automatic certificate management environment application link to the automatic certificate application application (step 105); The automatic certificate management environment application link is connected to the automatic certificate management environment service server and provides at least one certificate application request (step 106 ); then, the automatic certificate management environment service server correspondingly generates random values and settings according to the at least one certificate application request. Location list (step 107 ); then, the automated certificate management environment service server feeds back the corresponding random value and setting location list to the automated certificate application application (step 108 ); A setting location sets the corresponding random value in the corresponding domain (step 109 ); then, after the automated certificate application application completes the setting of the random value for the corresponding domain, the corresponding setting is completed and the response is sent to The automated certificate management environment service server (step 110 ); then, the automated certificate management environment service server is connected to the corresponding network domain according to at least one certificate application request, and is set according to each setting location in the corresponding setting location list Verify whether there is a random value and verify whether the random value is correct (step 111 ); then, when the random value set in each setting location in the setting location list in the corresponding network domain is successfully verified, the automated certificate management environment service server respectively Feedback the corresponding verification success response to the automated certificate application application and the certificate server (step 112 ); then, when the certificate server receives the verification success response, the certificate server generates a domain certificate according to the corresponding at least one certificate application request ( Step 113); then, the automated certificate application application sends a certificate download request corresponding to at least one certificate application request to the automated certificate management environment service server (step 114); then, the automated certificate management environment service server generates a certificate download request according to the certificate download request The corresponding certificate download link is fed back to the automated certificate application application (step 115 ); finally, the automated certificate application application connects to the certificate server through the certificate download link to download the corresponding domain certificate (step 116 ).

綜上所述,可知本發明與先前技術之間的差異在於網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式,當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式,以依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求,自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表,自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置,自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域以進行網域的驗證,當驗證成功後,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證,自動化憑證申請應用程式再透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載。From the above, it can be seen that the difference between the present invention and the prior art is that the domain administrator device downloads and installs the automated certificate application application program from the certificate server. When at least one certificate application request is approved, the certificate server provides the automatic certificate The management environment application is linked to the automated certificate application application, so as to apply for a link according to the automated certificate management environment to link to the automated certificate management environment service server and provide at least one certificate application request, and the automated certificate management environment service server respectively applies according to the at least one certificate The request corresponds to generate a random value and a list of setting locations. The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list. The automated certificate management environment service server then follows At least one certificate application request is respectively connected to the corresponding domain for verification of the domain. When the verification is successful, the certificate server generates a domain certificate according to the corresponding at least one certificate application request, and the automated certificate application application downloads the certificate through the certificate Link to link to the certificate server for the corresponding domain certificate download.

藉由此一技術手段可以來解決先前技術所存在現有對於網域憑證申請在憑證申請人是否合法擁有該網域驗證耗時過多且驗證過程不便的問題,進而達成減少網域憑證申請在網域驗證的驗證時間與提高驗證效率的技術功效。This technical means can solve the existing problems in the prior art that the verification of whether the certificate applicant legally owns the domain takes too much time and the verification process is inconvenient, thereby reducing the need for domain certificate applications in the domain. Verification time for verification and technical efficacy to improve verification efficiency.

雖然本發明所揭露的實施方式如上,惟所述的內容並非用以直接限定本發明的專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露的精神和範圍的前提下,可以在實施的形式上及細節上作些許的更動。本發明的專利保護範圍,仍須以所附的申請專利範圍所界定者為準。Although the embodiments disclosed in the present invention are as above, the above-mentioned contents are not used to directly limit the scope of the patent protection of the present invention. Anyone with ordinary knowledge in the technical field to which the present invention pertains can make some changes in the form and details of the implementation without departing from the spirit and scope of the present invention. The scope of patent protection of the present invention shall still be defined by the scope of the appended patent application.

10:網域管理者裝置 11:自動化憑證申請應用程式 12:裝置接收模組 13:裝置生成模組 14:裝置連線模組 15:設置模組 16:裝置傳送模組 20:憑證伺服器 21:憑證接收模組 22:審核模組 23:憑證生成模組 24:憑證傳送模組 30:自動化憑證管理環境服務伺服器 31:伺服器接收模組 32:伺服器生成模組 33:驗證模組 34:伺服器傳送模組 41:憑證申請請求 42:自動化憑證管理環境申請連結 43:隨機值 44:設置位置列表 45:設置完成回應 46:驗證成功回應 47:網域憑證 48:憑證下載請求 49:憑證下載連結 步驟 101:網域管理者裝置自憑證伺服器下載並安裝自動化憑證申請應用程式 步驟 102:網域管理者裝置接收至少一憑證申請資訊並依據至少一憑證申請資訊對應生成至少一憑證申請請求 步驟 103:網域管理者裝置透過自動化憑證申請應用程式傳送至少一憑證申請請求至憑證伺服器 步驟 104:憑證伺服器對至少一憑證申請請求分別進行審核 步驟 105:當至少一憑證申請請求審核通過時,憑證伺服器提供自動化憑證管理環境申請連結至自動化憑證申請應用程式 步驟 106:網域管理者裝置透過自動化憑證申請應用程式依據自動化憑證管理環境申請連結以連結至自動化憑證管理環境服務伺服器並提供至少一憑證申請請求 步驟 107:自動化憑證管理環境服務伺服器分別依據至少一憑證申請請求對應生成隨機值與設置位置列表 步驟 108:自動化憑證管理環境服務伺服器反饋對應的隨機值與設置位置列表至自動化憑證申請應用程式 步驟 109:自動化憑證申請應用程式依據設置位置列表中的每一個設置位置將對應的隨機值於對應的網域進行隨機值的設置 步驟 110:當自動化憑證申請應用程式對對應的網域完成隨機值的設置後,反饋對應的設置完成回應至自動化憑證管理環境服務伺服器 步驟 111:自動化憑證管理環境服務伺服器再依據至少一憑證申請請求分別連線至對應的網域,並依據對應的設置位置列表中的每一個設置位置驗證是否具有隨機值以及驗證隨機值是否正確 步驟 112:當對應的網域中設置位置列表中的每一個設置位置所設置的隨機值驗證成功時,自動化憑證管理環境服務伺服器分別反饋對應的驗證成功回應至自動化憑證申請應用程式以及憑證伺服器 步驟 113:當憑證伺服器接收到驗證成功回應時,憑證伺服器依據對應的至少一憑證申請請求生成網域憑證 步驟 114:自動化憑證申請應用程式傳送與至少一憑證申請請求對應的憑證下載請求至自動化憑證管理環境服務伺服器 步驟 115:自動化憑證管理環境服務伺服器依據憑證下載請求生成對應的憑證下載連結並反饋回自動化憑證申請應用程式 步驟 116:自動化憑證申請應用程式透過憑證下載連結以連結至憑證伺服器以進行對應的網域憑證下載 10: Domain Manager Device 11: Automated Credential Request App 12: Device receiving module 13: Device generation module 14: Device connection module 15: Set up the module 16: Device transfer module 20: Certificate Server 21: Credential receiving module 22: Audit Module 23: Credential Generation Module 24: Credential transfer module 30: Automated Credential Management Environment Service Server 31: Server receiving module 32: Server Generation Module 33: Verification Module 34: Server Transmission Module 41: Credential Application Request 42: Application link for automated credential management environment 43: random value 44: Set the location list 45: Setup complete response 46: Verification successful response 47: Domain Credentials 48: Credential download request 49: Certificate download link Step 101: The domain administrator device downloads and installs the automated certificate request application from the certificate server Step 102: The domain manager device receives at least one certificate application information and generates at least one certificate application request correspondingly according to the at least one certificate application information Step 103: The domain administrator device sends at least one certificate application request to the certificate server through the automated certificate application application Step 104: The certificate server checks the at least one certificate application request respectively Step 105: When at least one certificate application request is approved, the certificate server provides the automatic certificate management environment application link to the automatic certificate application application Step 106: The domain administrator device connects to the automated certificate management environment service server through the automated certificate application application according to the automated certificate management environment application link and provides at least one certificate application request Step 107: The automated certificate management environment service server correspondingly generates a random value and a setting location list according to at least one certificate application request. Step 108: The automatic certificate management environment service server feeds back the corresponding random value and setting location list to the automatic certificate application application Step 109: The automated certificate application application sets the corresponding random value to the corresponding domain according to each setting location in the setting location list Step 110: After the automated certificate application application completes the setting of the random value for the corresponding domain, the corresponding setting is completed and a response is sent to the automated certificate management environment service server Step 111: The automated certificate management environment service server is then connected to the corresponding domain according to the at least one certificate application request, and verifies whether the random value has a random value and whether the random value is correct according to each setting location in the corresponding setting location list. Step 112: When the random value set at each setting location in the setting location list in the corresponding network domain is successfully verified, the automated certificate management environment service server respectively feeds back the corresponding verification success response to the automated certificate application application and the certificate server. device Step 113: When the certificate server receives the verification success response, the certificate server generates a domain certificate according to the corresponding at least one certificate application request Step 114: The automated certificate application application sends a certificate download request corresponding to the at least one certificate application request to the automated certificate management environment service server Step 115: The automatic certificate management environment service server generates a corresponding certificate download link according to the certificate download request and feeds it back to the automatic certificate application application Step 116: The automated certificate application application connects to the certificate server through the certificate download link for the corresponding domain certificate download

第1圖繪示為本發明自動化網域驗證的憑證管理系統的系統方塊圖。 第2圖繪示為本發明自動化網域驗證的憑證管理的資訊流示意圖。 第3A圖至第3C圖繪示為本發明自動化網域驗證的憑證管理方法的方法流程圖。 FIG. 1 is a system block diagram of the credential management system for automatic domain verification according to the present invention. FIG. 2 is a schematic diagram of the information flow of the certificate management of automated domain verification according to the present invention. FIG. 3A to FIG. 3C are method flowcharts of the credential management method for automated domain verification according to the present invention.

10:網域管理者裝置 10: Domain Manager Device

11:自動化憑證申請應用程式 11: Automated Credential Request App

12:裝置接收模組 12: Device receiving module

13:裝置生成模組 13: Device generation module

14:裝置連線模組 14: Device connection module

15:設置模組 15: Set up the module

16:裝置傳送模組 16: Device transfer module

20:憑證伺服器 20: Certificate Server

21:憑證接收模組 21: Credential receiving module

22:審核模組 22: Audit Module

23:憑證生成模組 23: Credential Generation Module

24:憑證傳送模組 24: Credential transfer module

30:自動化憑證管理環境服務伺服器 30: Automated Credential Management Environment Service Server

31:伺服器接收模組 31: Server receiving module

32:伺服器生成模組 32: Server Generation Module

33:驗證模組 33: Verification Module

34:伺服器傳送模組 34: Server Transmission Module

Claims (10)

一種自動化網域驗證的憑證管理系統,其包含:一網域管理者裝置自一憑證伺服器下載並安裝一自動化憑證申請應用程式,所述自動化憑證申請應用程式更包含:一裝置接收模組,用以接收至少一憑證申請資訊,接收一自動化憑證管理環境(Automatic Certificate Management Environment,ACME)申請連結;一裝置生成模組,與所述裝置接收模組相連,用以依據所述至少一憑證申請資訊對應生成至少一憑證申請請求;一裝置連線模組,用以當所述自動化憑證管理環境申請連結被觸發時,連結至一自動化憑證管理環境服務伺服器,並提供所述至少一憑證申請請求至所述自動化憑證管理環境服務伺服器,接收與所述至少一憑證申請請求對應的一隨機值與一設置位置列表,接收與所述至少一憑證申請請求對應的一驗證成功回應並傳送與所述至少一憑證申請請求對應的一憑證下載請求,接收與所述至少一憑證申請請求對應的一憑證下載連結,當所述憑證下載連結被觸發時,連結至所述憑證伺服器以進行與所述至少一憑證申請請求對應的一網域憑證下載;一設置模組,與所述裝置連線模組相連,用以依據所述設置位置列表中的每一個設置位置將對應的所述隨機值於對應的網域進行所述隨機值的設置;及 一裝置傳送模組,傳送所述至少一憑證申請請求,當所述設置模組對對應的網域完成所述隨機值的設置後,傳送對應的一設置完成回應;所述憑證伺服器與所述自動化憑證申請應用程式建立連線,所述憑證伺服器更包含:一憑證接收模組,用以自所述裝置傳送模組接收所述至少一憑證申請請求,接收與所述至少一憑證申請請求對應的所述驗證成功回應;一審核模組,與所述憑證接收模組相連,用以對所述至少一憑證申請請求進行審核;一憑證生成模組,用以當所述憑證接收模組接收到對應的所述驗證成功回應時,依據對應的所述至少一憑證申請請求生成所述網域憑證;及一憑證傳送模組,當所述至少一憑證申請請求審核通過時,傳送所述自動化憑證管理環境申請連結至所述裝置接收模組;及所述自動化憑證管理環境服務伺服器更包含:一伺服器接收模組,用以自所述裝置連線模組接收所述至少一憑證申請請求,自所述裝置傳送模組接收對應的所述設置完成回應,自所述裝置連線模組接收與所述至少一憑證申請請求對應的所述憑證下載請求; 一伺服器生成模組,與所述伺服器接收模組相連,用以分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表,依據所述憑證下載請求生成對應的所述憑證下載連結;一驗證模組,與所述伺服器接收模組相連,以依據所述至少一憑證申請請求分別連線至對應的網域,並依據對應的所述設置位置列表中的每一個設置位置驗證是否具有所述隨機值以及驗證所述隨機值是否正確;及一伺服器傳送模組,用以傳送對應的所述隨機值與所述設置位置列表至所述裝置連線模組,當對應的網域中所述設置位置列表中的每一個設置位置所設置的所述隨機值驗證成功時,分別傳送對應的所述驗證成功回應至所述裝置連線模組以及所述憑證接收模組,傳送所述憑證下載連結至所述裝置連線模組。 A certificate management system for automated domain verification, comprising: a domain administrator device downloading and installing an automated certificate application application program from a certificate server, the automatic certificate application application program further comprising: a device receiving module, is used for receiving at least one certificate application information, and receiving an automatic certificate management environment (Automatic Certificate Management Environment, ACME) application link; a device generating module, connected with the device receiving module, for applying according to the at least one certificate Generate at least one certificate application request corresponding to the information; a device connection module is used to link to an automatic certificate management environment service server when the automatic certificate management environment application link is triggered, and provide the at least one certificate application request to the automated certificate management environment service server, receive a random value and a set location list corresponding to the at least one certificate application request, receive a verification success response corresponding to the at least one certificate application request, and transmit and A certificate download request corresponding to the at least one certificate application request, receiving a certificate download link corresponding to the at least one certificate application request, and when the certificate download link is triggered, linking to the certificate server for performing and A network domain certificate corresponding to the at least one certificate application request is downloaded; a setting module is connected to the device connection module, and is used for setting the corresponding random location according to each setting location in the setting location list. The random value is set for the corresponding domain; and A device transmission module transmits the at least one certificate application request, and after the setting module completes the setting of the random value for the corresponding network domain, transmits a corresponding setting completion response; the certificate server communicates with the corresponding network domain. The automated certificate application application establishes a connection, and the certificate server further includes: a certificate receiving module for receiving the at least one certificate application request from the device transmission module, and receiving and communicating with the at least one certificate application The verification response corresponding to the request is successful; an auditing module is connected to the credential receiving module, and is used for auditing the at least one credential application request; a credential generating module is used when the credential receiving module is used. When the group receives the corresponding verification success response, generate the domain certificate according to the corresponding at least one certificate application request; and a certificate transmission module, when the at least one certificate application request is approved, transmit the certificate The automated credential management environment application is linked to the device receiving module; and the automated credential management environment service server further includes: a server receiving module for receiving the at least one from the device connecting module For a certificate application request, the corresponding setup completion response is received from the device transmission module, and the certificate download request corresponding to the at least one certificate application request is received from the device connection module; a server generating module, connected to the server receiving module, and used for correspondingly generating the random value and the setting location list according to the at least one certificate application request, and generating corresponding The certificate download link; a verification module, connected with the server receiving module, so as to connect to the corresponding network domain according to the at least one certificate application request, and according to the corresponding settings in the location list. Each setting position verifies whether the random value has the random value and whether the random value is correct; and a server sending module for sending the corresponding random value and the setting position list to the device connection module group, when the random value set at each setting location in the setting location list in the corresponding network domain is successfully verified, send the corresponding verification success response to the device connection module and the device connection module respectively. The certificate receiving module transmits the certificate download link to the device connection module. 如請求項1所述的自動化網域驗證的憑證管理系統,其中所述伺服器生成模組分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表,所述設置位置列表具有至少一設置位置,所述設置位置列表中的每一個設置位置對應設置相同的所述隨機值。 The certificate management system for automated domain verification according to claim 1, wherein the server generation module generates the random value and the setting location list correspondingly according to the at least one certificate application request, and the setting location The list has at least one setting position, and each setting position in the setting position list correspondingly sets the same random value. 如請求項1所述的自動化網域驗證的憑證管理系統,其中所述伺服器生成模組分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表,所述設置位置列表具有至少一設置位置,所述設置位置列表中的每一個設置位置對應設置不相同的所述隨機值。 The certificate management system for automated domain verification according to claim 1, wherein the server generation module generates the random value and the setting location list correspondingly according to the at least one certificate application request, and the setting location The list has at least one setting position, and each setting position in the setting position list corresponds to the random value with different settings. 如請求項1所述的自動化網域驗證的憑證管理系統,其中所述伺服器生成模組分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表,所述設置位置列表具有至少一設置位置,所述至少一設置位置包含網域的指定路徑以及網域名稱系統紀錄(DNS record)。 The certificate management system for automated domain verification according to claim 1, wherein the server generation module generates the random value and the setting location list correspondingly according to the at least one certificate application request, and the setting location The list has at least one setting location, and the at least one setting location includes a designated path of the network domain and a DNS record. 如請求項1所述的自動化網域驗證的憑證管理系統,其中所述審核模組對所述至少一憑證申請請求進行審核是對所述憑證申請資訊中的基本資訊、聯絡人資訊以及付費資訊進行審核。 The credential management system for automatic domain verification according to claim 1, wherein the auditing module audits the at least one credential application request by examining basic information, contact information and payment information in the credential application information audit. 一種自動化網域驗證的憑證管理方法,其包含下列步驟:一網域管理者裝置自一憑證伺服器下載並安裝一自動化憑證申請應用程式;所述網域管理者裝置接收至少一憑證申請資訊並依據所述至少一憑證申請資訊對應生成至少一憑證申請請求;所述網域管理者裝置透過所述自動化憑證申請應用程式傳送所述至少一憑證申請請求至所述憑證伺服器;所述憑證伺服器對所述至少一憑證申請請求分別進行審核;當所述至少一憑證申請請求審核通過時,所述憑證伺服器提供一自動化憑證管理環境(Automatic Certificate Management Environment,ACME)申請連結至所述自動化憑證申請應用程式;所述網域管理者裝置透過所述自動化憑證申請應用程式依據所述自動化憑證管理環境申請連結以連結至一自動化憑證管理環境服務伺服器並提供所述至少一憑證申請請求; 所述自動化憑證管理環境服務伺服器分別依據所述至少一憑證申請請求對應生成一隨機值與一設置位置列表;所述自動化憑證管理環境服務伺服器反饋對應的所述隨機值與所述設置位置列表至所述自動化憑證申請應用程式;所述自動化憑證申請應用程式依據所述設置位置列表中的每一個設置位置將對應的所述隨機值於對應的網域進行所述隨機值的設置;當所述自動化憑證申請應用程式對對應的網域完成所述隨機值的設置後,反饋對應的一設置完成回應至所述自動化憑證管理環境服務伺服器;所述自動化憑證管理環境服務伺服器再依據所述至少一憑證申請請求分別連線至對應的網域,並依據對應的所述設置位置列表中的每一個設置位置驗證是否具有所述隨機值以及驗證所述隨機值是否正確;當對應的網域中所述設置位置列表中的每一個設置位置所設置的所述隨機值驗證成功時,所述自動化憑證管理環境服務伺服器分別反饋對應的一驗證成功回應至所述自動化憑證申請應用程式以及所述憑證伺服器;當所述憑證伺服器接收到所述驗證成功回應時,所述憑證伺服器依據對應的所述至少一憑證申請請求生成一網域憑證; 所述自動化憑證申請應用程式傳送與所述至少一憑證申請請求對應的一憑證下載請求至所述自動化憑證管理環境服務伺服器;所述自動化憑證管理環境服務伺服器依據所述憑證下載請求生成對應的一憑證下載連結並反饋回所述自動化憑證申請應用程式;及所述自動化憑證申請應用程式透過所述憑證下載連結以連結至所述憑證伺服器以進行對應的一網域憑證下載。 A certificate management method for automated domain verification, comprising the following steps: a domain administrator device downloads and installs an automated certificate application application program from a certificate server; the domain administrator device receives at least one certificate application information and at least one certificate application request is correspondingly generated according to the at least one certificate application information; the domain manager device transmits the at least one certificate application request to the certificate server through the automatic certificate application application; the certificate server The certificate server checks the at least one certificate application request respectively; when the at least one certificate application request is approved, the certificate server provides an automatic certificate management environment (Automatic Certificate Management Environment, ACME) application link to the automation a certificate application application; the domain administrator device connects to an automatic certificate management environment service server and provides the at least one certificate application request through the automatic certificate application application according to the automatic certificate management environment application link; The automated credential management environment service server respectively generates a random value and a setting location list according to the at least one credential application request; the automated credential management environment service server feeds back the corresponding random value and the setting location list to the automatic certificate application application; the automatic certificate application application sets the corresponding random value in the corresponding network domain according to each setting position in the setting position list; when After the automatic certificate application application completes the setting of the random value for the corresponding network domain, it feeds back a corresponding setting completion response to the automatic certificate management environment service server; the automatic certificate management environment service server then responds according to The at least one certificate application request is respectively connected to the corresponding network domain, and it is verified whether the random value has the random value and whether the random value is correct according to each setting location in the corresponding setting location list; When the random value set at each setting location in the setting location list in the network domain is successfully verified, the automated certificate management environment service server respectively feeds back a corresponding verification success response to the automated certificate application application and the certificate server; when the certificate server receives the verification success response, the certificate server generates a domain certificate according to the corresponding at least one certificate application request; The automated credential application application program transmits a credential download request corresponding to the at least one credential application request to the automated credential management environment service server; the automated credential management environment service server generates a corresponding credential download request according to the credential download request and the automated certificate application application connects to the certificate server through the certificate download link to download a corresponding domain certificate. 如請求項6所述的自動化網域驗證的憑證管理方法,其中所述自動化憑證管理環境服務伺服器分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表的步驟中,所述設置位置列表具有至少一設置位置,所述設置位置列表中的每一個設置位置對應設置相同的所述隨機值。 The credential management method for automated domain verification according to claim 6, wherein the automated credential management environment service server corresponds to the step of generating the random value and the setting location list according to the at least one credential application request. , the setting position list has at least one setting position, and each setting position in the setting position list correspondingly sets the same random value. 如請求項6所述的自動化網域驗證的憑證管理方法,其中所述自動化憑證管理環境服務伺服器分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表的步驟中,所述設置位置列表具有至少一設置位置,所述設置位置列表中的每一個設置位置對應設置不相同的所述隨機值。 The credential management method for automated domain verification according to claim 6, wherein the automated credential management environment service server corresponds to the step of generating the random value and the setting location list according to the at least one credential application request. , the setting location list has at least one setting location, and each setting location in the setting location list corresponds to the random value with different settings. 如請求項6所述的自動化網域驗證的憑證管理方法,其中所述自動化憑證管理環境服務伺服器分別依據所述至少一憑證申請請求對應生成所述隨機值與所述設置位置列表的步驟中,所述設置位置列表具有至少一設置位置,所述至少一設置位置包含網域的指定路徑以及網域名稱系統紀錄(DNS record)。 The credential management method for automated domain verification according to claim 6, wherein the automated credential management environment service server corresponds to the step of generating the random value and the setting location list according to the at least one credential application request. , the setting location list has at least one setting location, and the at least one setting location includes the designated path of the network domain and the DNS record of the network domain. 如請求項6所述的自動化網域驗證的憑證管理方法,其中所述憑證伺服器對所述至少一憑證申請請求分別進行審核的步驟是對所述憑證申請資訊中的基本資訊、聯絡人資訊以及付費資訊進行審核。 The credential management method for automated domain verification according to claim 6, wherein the step of the credential server separately auditing the at least one credential application request is to check basic information and contact information in the credential application information. and paid information for review.
TW110114696A 2021-04-23 2021-04-23 Credential management system for automatic network domain verification and method thereof TWI775405B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110114696A TWI775405B (en) 2021-04-23 2021-04-23 Credential management system for automatic network domain verification and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110114696A TWI775405B (en) 2021-04-23 2021-04-23 Credential management system for automatic network domain verification and method thereof

Publications (2)

Publication Number Publication Date
TWI775405B true TWI775405B (en) 2022-08-21
TW202243438A TW202243438A (en) 2022-11-01

Family

ID=83807488

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110114696A TWI775405B (en) 2021-04-23 2021-04-23 Credential management system for automatic network domain verification and method thereof

Country Status (1)

Country Link
TW (1) TWI775405B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130111609A1 (en) * 2011-11-01 2013-05-02 Cleversafe, Inc. Highly secure method for accessing a dispersed storage network
TW201605219A (en) * 2014-07-29 2016-02-01 臺灣網路認證股份有限公司 Network device, register gateway and method for finishing applying certificate automatically
TW201836322A (en) * 2017-07-10 2018-10-01 大陸商騰訊科技(深圳)有限公司 Certificate management method and system
US20200213272A1 (en) * 2017-10-17 2020-07-02 Servicenow, Inc. Deployment of a Custom Address to a Remotely Managed Computational Instance
US10805312B1 (en) * 2018-03-21 2020-10-13 Amazon Technologies, Inc. Programmatically verifying electronic domains
TWM618092U (en) * 2021-04-23 2021-10-11 臺灣網路認證股份有限公司 Certificate management system for automated domain verification

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130111609A1 (en) * 2011-11-01 2013-05-02 Cleversafe, Inc. Highly secure method for accessing a dispersed storage network
TW201605219A (en) * 2014-07-29 2016-02-01 臺灣網路認證股份有限公司 Network device, register gateway and method for finishing applying certificate automatically
TW201836322A (en) * 2017-07-10 2018-10-01 大陸商騰訊科技(深圳)有限公司 Certificate management method and system
US20200213272A1 (en) * 2017-10-17 2020-07-02 Servicenow, Inc. Deployment of a Custom Address to a Remotely Managed Computational Instance
US10805312B1 (en) * 2018-03-21 2020-10-13 Amazon Technologies, Inc. Programmatically verifying electronic domains
TWM618092U (en) * 2021-04-23 2021-10-11 臺灣網路認證股份有限公司 Certificate management system for automated domain verification

Also Published As

Publication number Publication date
TW202243438A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
US8261080B2 (en) System and method for managing digital certificates on a remote device
CN103428696B (en) Virtual SIM card achieving method and system and relevant device
CN101940016B (en) Method and system for mobile device credentialing
JP4644738B2 (en) Device management method using broadcast channel
US20090228966A1 (en) Authentication Method for Wireless Transactions
TWI382724B (en) Automated supply system and method
WO2018166359A1 (en) Mobile payment sublicensing method and payment system implemented by using same
US20140082695A1 (en) Secure account creation
WO2014000623A1 (en) Security information interaction system, device and method
WO2009094949A1 (en) Creditable remote service method and system
CN103200176A (en) Identification method, identification device and identification system based on bank independent communication channel
RU2007138849A (en) NETWORK COMMERCIAL TRANSACTIONS
WO2023087423A1 (en) In-vehicle network ota security communication method and apparatus, vehicle-mounted system, and storage medium
CN103186721B (en) Digital copyright service control, Apparatus and system
JP6571890B1 (en) Electronic signature system, certificate issuing system, certificate issuing method and program
JP2023505471A (en) Provisioning method and terminal equipment
CN103179176A (en) Call method, device and system for web application in cloud/cluster environment
CN108200055A (en) A kind of software approach of embedded product intellectual property protection
CN113051539A (en) Method and device for calling digital certificate
TWI775405B (en) Credential management system for automatic network domain verification and method thereof
CN101373499A (en) Method for integrating single point login page
KR20140089730A (en) Method and System for Registering Payment Means by using Alliance Application
CN115134154A (en) Authentication method and device, and method and system for remotely controlling vehicle
KR20170021813A (en) Method for Processing Payment based on Application Program by using One Time Password
TWI831515B (en) Automated credential application and domain verification system and method thereof

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent