WO2009074053A1 - Certificat numerique, acquisition de cle privee de certificat, procede, dispositif et systeme de distribution associes - Google Patents

Certificat numerique, acquisition de cle privee de certificat, procede, dispositif et systeme de distribution associes Download PDF

Info

Publication number
WO2009074053A1
WO2009074053A1 PCT/CN2008/073151 CN2008073151W WO2009074053A1 WO 2009074053 A1 WO2009074053 A1 WO 2009074053A1 CN 2008073151 W CN2008073151 W CN 2008073151W WO 2009074053 A1 WO2009074053 A1 WO 2009074053A1
Authority
WO
WIPO (PCT)
Prior art keywords
private key
digital certificate
download
network device
file name
Prior art date
Application number
PCT/CN2008/073151
Other languages
English (en)
Chinese (zh)
Inventor
Xiaochun Xiong
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009074053A1 publication Critical patent/WO2009074053A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Definitions

  • the invention relates to a method for obtaining and distributing a digital certificate and a private key thereof.
  • the application is submitted to the Chinese Patent Office on December 6, 2007, and the application number is 200710195569. 8 , and the invention name is "a digital certificate and its private certificate.”
  • the priority of the Chinese Patent Application the entire disclosure of which is incorporated herein by reference.
  • the present invention relates to an identification technology in a communication network, and more particularly to a method, device and system for obtaining and distributing a digital certificate and its private key.
  • a digital certificate is an authoritative electronic document. It provides a way to verify identity on the Internet, which is similar to a driver's driver's license or an ID card in daily life. It is issued by a CA (Certificate of Authorization) Center, which can be used in Internet communications to identify the identity of the other party.
  • CA Certificate of Authorization
  • Digital certificates must be unique and reliable. In order to achieve this, many technologies need to be implemented. Usually, digital certificates use a public key system, that is, encrypt and decrypt using a pair of matching keys. Each user sets a specific private key (private key) that is only owned by himself, and uses it to decrypt and sign; at the same time, set a public key (public key) and make it public by the group. Shared by users, used to encrypt and verify signatures. When sending a confidential file, the sender encrypts the data using the recipient's public key, and the recipient decrypts it with its own private key, so that the information can reach its destination safely and without error. Digital means to ensure that the encryption process is an irreversible process, that is, only with a private key can be decrypted. Public key technology addresses the management of key publishing, where users can expose their public keys while retaining their private keys.
  • Digital signature (Dig i ta l sig ture ) technology is a typical application of asymmetric encryption algorithms.
  • the application process of digital signature is that the data source sender uses its own private key to verify the data or encrypt other variables related to the data content, complete the legal "signature" of the data, and receive the data.
  • the party uses the other party's public key to interpret the received "digital signature” and uses the interpretation results to verify the integrity of the data to confirm the legitimacy of the signature.
  • Digital signature technology is an important technology for confirming identity in the virtual environment of network systems. It can completely replace the "autograph" in the real process, which is technically and legally guaranteed.
  • digital signature applications are the opposite of PGP (Pret ty Good Pr ivacy) technology. In digital signature applications, the sender's public key can be easily obtained, but its private key needs to be kept strictly confidential.
  • a mobile communication network there are generally network devices, such as a base transceiver station on the access side, a base station controller, a mobile switching center on the core network side, a GGSN (Ga teway GPRS Suppor t Node, a GPRS gateway support node), and the like.
  • the centralized management of these network devices is performed by the network management system, which can perform centralized data configuration, performance monitoring, alarm management, log collection and analysis, and fault management on these network devices.
  • the network management system is generally a server, that is, a network management server, which can be directly connected to all network devices.
  • the network management server has a management and management relationship with the network device. To prevent malicious users from performing malicious operations on network devices, you need to ensure that the network device and the network management server authenticate the identity of the other party's identity.
  • digital certificates can be used for identity authentication. Before the network device is installed and configured, the operator issues a trusted digital certificate and its public key to the network management server, and issues a trusted digital certificate and its private key to the network device.
  • the distribution of certificates and private keys is a key process that must protect the security of digital certificates and private keys. In order to avoid the private key being stolen during the distribution process, the private key is generally encrypted with a password, and the private key password is also distributed to the network device, and then the private key is used to decrypt the private key to obtain the available Private key.
  • the network management server Since the network management server has network connection relationship with all network devices, it is a convenient choice to send certificates to all network devices through the network.
  • certificates, private keys, and private certificates must be secured only after a secure channel is established between the network management system and the network device. The key password will not be intercepted during the issuance.
  • the secure transmission technology before establishing a secure transmission channel between two nodes, it must have certain preconditions that the two nodes have been configured with mutually trusted credentials, that is, digital certificates. And the certificate private key. It can be seen from this that there is a contradiction between the two. Without the distribution of digital certificates and private keys, a secure connection cannot be established. Without a secure connection, digital certificates and private keys cannot be issued securely.
  • command channel is used to transmit operation commands or response responses to operation commands
  • file transfer channel is used for file upload and download.
  • the file transfer channel uses the FTP (Fyle Transfer Protocol) protocol, and the FTP protocol supports data transfer from the server to one or more network devices through a network connection in the form of a packet.
  • FTP Flexible Transfer Protocol
  • the FTP protocol also supports FTPS (FTP OVER SSL, Secure Extension) protocol.
  • the FTPS protocol supports encrypted transmission of SSL (Secure Socket Layer) and also supports digital certificate authentication.
  • SSL security protocol connection in FTPS ensures the security of data transmission between the two parties communicating on the network. This approach greatly improves security over plaintext transmission.
  • the embodiment of the invention provides a method for obtaining and distributing a digital certificate and a private key thereof, so as to implement efficient distribution of a digital certificate private key.
  • the embodiments of the present invention provide a method and device for obtaining and distributing a digital certificate, so as to implement efficient distribution of a digital certificate and a private key thereof.
  • a method for obtaining a digital certificate private key includes the following steps:
  • the download information includes: a digital certificate private key file name and a digital certificate private key download path;
  • a method for distributing a digital certificate private key includes the following steps:
  • the download information includes: a digital certificate private key file name and a digital certificate private key download path;
  • a network device including:
  • the command parsing module is configured to parse the digital certificate private key file name and the digital certificate private key download path in the download information after receiving the download information sent by the network management server through the command channel;
  • a downloading module configured to establish an anonymous secure socket layer connection with the network management server on the file transmission channel, and download the digital certificate according to the digital certificate private key file name and the digital certificate private key download path through the anonymous secure socket layer connection Private key.
  • a network management server includes:
  • the instruction release module is configured to send the download information to the network device by using the command channel, where the download information includes: a digital certificate private key file name and a download path of the digital certificate private key; a download response module, configured to establish an anonymous secure socket layer connection with the network device on the file transmission channel, and respond to the network device by using the anonymous secure socket layer connection, according to the digital certificate private key file name and the digital certificate A request to download the digital certificate private key issued by the download path of the private key.
  • Embodiments of the present invention provide a digital certificate distribution and acquisition system for implementing efficient distribution of digital certificates and their private keys.
  • a system for distributing and obtaining digital certificates including:
  • the network management server is configured to send, by using a command channel, download information to the network device, where the download information includes: a digital certificate private key file name and a digital certificate private key download path; and receiving an anonymous secure socket layer connection sent by the network device After the request, establishing an anonymous secure socket layer connection with the network device on the file transmission channel; after receiving the download request issued by the network device according to the private key file name of the digital certificate and the digital certificate private key download path, Distributing the digital certificate private key to the network device through the anonymous secure socket layer connection;
  • a network device configured to receive download information sent by the network management server through the command channel, where the download information includes: a digital certificate private key file name and a digital certificate private key download path; and an anonymous condom is established on the file transmission channel with the network management server
  • the layer is connected, and the digital certificate private key is downloaded through the anonymous secure socket layer connection according to the digital certificate private key file name and the digital certificate private key download path in the download information.
  • the network management server sends the download command and the encrypted key password through the command channel, and the network device downloads the digital certificate and the private certificate through the anonymous SSL (Secure Socke Layer) encrypted connection method of the file transmission channel.
  • the key is more efficient than manually distributing the digital certificate and its private key, and transmitting the digital certificate and the digital certificate private key in an anonymous SSL encrypted connection mode ensures the security of the distribution process; and since the network device is obtained through different channels
  • the key password and digital certificate and private key can better prevent the key password and digital certificate and private key transmitted during the distribution process from being intercepted.
  • Figure la is a schematic diagram of a digital certificate and private key distribution system according to an embodiment of the present invention
  • Figure lb is a flowchart of a digital certificate and private key distribution method according to Embodiment 1 of the present invention
  • FIG. 2 is a structural block diagram of a digital certificate and private key distribution system according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of a method for distributing a digital certificate and a private key according to Embodiment 2 of the present invention
  • FIG. 4 is a structural block diagram of a digital certificate and private key distribution system according to Embodiment 2 of the present invention.
  • the embodiment of the present invention transmits an instruction for downloading a digital certificate and a private key through a plaintext command channel between a network management server and a network device, and an SSL encrypted connection through a file transmission channel between the network management server and the network device.
  • the digital certificate and the private key are transmitted, so as to efficiently and securely distribute the digital certificate and the private key to each network device.
  • the first embodiment of the present invention provides a technical solution for the network management server to notify the network device to download the digital certificate and the private key by using the SSL encryption method.
  • the second embodiment of the present invention provides the network management server to notify the network device to download the number by using the SSL encryption method.
  • the certificate and the private key, and the activation scheme causes the network device to obtain the key password to activate the downloaded digital certificate and the private key.
  • a first embodiment of the present invention provides a digital certificate and a private key distribution method.
  • the flowchart is as shown in FIG. 1b, and includes the following specific steps:
  • Step S101 The network management server sends a download instruction to the network device through the command channel.
  • the network management server sends a download instruction to the network device through the command channel, and the download instruction includes the following download information:
  • the digital certificate file name and the download path of the digital certificate are used to enable the network device to know the name of the digital certificate file to be downloaded and the download path of the digital certificate.
  • the private key file name and the download path of the private key are used to enable the network device to know the name of the private key file to be downloaded and the download path of the private key.
  • the encrypted private key password which is symmetrically encrypted using the private key password.
  • the above download instruction is used to notify the network device to download the corresponding digital certificate, private key and private key password to the network management server.
  • Step S1 02 After receiving the download instruction, the network device establishes an anonymous SSL connection with the network management server in the file transmission channel.
  • the network device After receiving the download instruction, the network device sends a connection request to the network management server to establish an anonymous SSL, and the network management server responds to the request to establish an anonymous SSL connection.
  • Step S 1 03 After the SSL connection is established, the network device downloads the digital certificate and the private key through the file transmission channel.
  • the network device downloads the corresponding digital certificate according to the digital certificate file name in the download instruction and the download path of the digital certificate, and downloads the corresponding private key according to the private key file name and the download path of the private key.
  • the private key has been previously encrypted with the private key password on the network management server.
  • the security of the private key determines the security of the digital certificate. Therefore, in order to ensure the security of the private key, the download information must include the private key file name and the private key.
  • the download path, and the download of the private key must be secured via SSL to ensure its security. For digital certificates, you can obtain other ways, such as downloading through the plaintext file transmission channel.
  • the private key password is to further ensure the security of the private key, so the private key password can be downloaded either through an SSL connection or through other means.
  • Step S1 04 The network device decrypts the encrypted private key password included in the received download instruction by using a symmetric encryption algorithm.
  • the embodiment of the present invention encrypts the private key password on the network server by using a symmetric encryption algorithm, and decrypts using a symmetric encryption algorithm on the network device side.
  • the symmetric encryption key is preset in the network server and the network device.
  • unencrypted private key passwords can also be transmitted in practice, but this will reduce security during digital certificate distribution.
  • the embodiment of the present invention provides a digital certificate and a private key distribution system.
  • the structural block diagram thereof is as shown in FIG. 2, and includes: a network management server 201 and at least one network device 202.
  • the network management server 201 includes: an instruction release module 203, a download response module 204, and an encryption module.
  • the network device 202 includes: a command parsing module 205, a download module 206, and a decryption module 207.
  • the instruction release module 203 sends a download instruction to the network device 202 via the command channel.
  • the download instruction includes the following download information:
  • the digital certificate file name and the download path of the digital certificate are used to enable the network device to know the file name of the digital certificate that needs to be downloaded and the download path of the digital certificate.
  • the private key file name and the download path of the private key are used to enable the network device to know the file name of the private key that needs to be downloaded and the download path of the private key.
  • the encrypted private key password which is symmetrically encrypted using the private key password.
  • the encryption module 208 of the network management server 201 is configured to encrypt the private key password of the digital certificate private key using a symmetric encryption algorithm.
  • the command parsing module 205 of the network device 202 is configured to receive a command sent by the network management server 201 through the command channel, and parse the received command. After receiving the download instruction, the command parsing module 205 parses the digital certificate file name in the download instruction and the download path of the digital certificate, the private key file name, and the private key download path and the encrypted private key password, and sends the encrypted key to the download module 206. The download notification is sent, and a decryption notification is sent to the decryption module 207.
  • the download module 206 After receiving the download notification sent by the command parsing module 205, the download module 206 sends a request to the network management server 201 to establish an anonymous SSL connection.
  • the download module 206 is a client module that supports the FTPS protocol.
  • the download response module 204 of the network management server 201 establishes an anonymous SSL connection with the network device 202 in the file transfer channel in response to the request for the anonymous SSL connection.
  • the download module 206 of the network device 202 passes the SSL connection, according to the command parsing module 205.
  • the digital certificate file name in the parsed download command, the download path of the digital certificate, the private key file name, and the download path of the private key are downloaded, and the corresponding digital certificate and private key are downloaded from the network management server 201.
  • the download response module 204 of the network management server 201 transmits the digital certificate and the private key to the network device 202 via the SSL connection in response to the download request of the download module 206.
  • the download response module 204 is a server-side module that supports the FTPS protocol.
  • the decryption module 207 After receiving the decryption notification, the decryption module 207 decrypts the encrypted private key password parsed by the command parsing module 205 by a symmetric encryption algorithm to obtain a private key password in an unencrypted state.
  • the network device 202 securely obtains the digital certificate, the private key, and the decrypted private key password, and activates the private key with the private key password.
  • the network management server sends the download command and the private key password through the command channel, and the network device downloads the digital certificate and the private key through the SSL encrypted connection mode of the file transmission channel, thereby ensuring the security of the digital certificate and the private key distribution;
  • the network device obtains the private key password and the digital certificate through different channels, and can better prevent the private key password and the digital certificate transmitted during the distribution process from being intercepted.
  • a second embodiment of the present invention provides a digital certificate and a private key distribution method.
  • the flowchart is as shown in FIG. 3, and includes the following specific steps:
  • Step S301 The network management server sends a download instruction to the network device through the command channel.
  • the network management server sends a download command to the network device through the command channel, and the download command includes the following information:
  • the digital certificate file name and the download path of the digital certificate are used to enable the network device to know the name of the digital certificate file to be downloaded and the download path of the digital certificate.
  • the private key file name and the download path of the private key are used to enable the network device to know the file name of the private key that needs to be downloaded and the download path of the private key.
  • Step S302 After receiving the download instruction, the network device establishes an anonymous SSL connection with the network management server in the file transmission channel. After receiving the download instruction, the network device sends a connection request for establishing an anonymous SSL to the network management server, and the network management server responds to the request to establish an anonymous SSL connection.
  • Step S303 After the SSL connection is established, the network device downloads the digital certificate and the private key through the file transmission channel.
  • the network device downloads the corresponding digital certificate according to the digital certificate file name in the download instruction and the download path of the digital certificate, and downloads the corresponding private key according to the private key file name and the download path of the private key.
  • the private key has been previously encrypted with the private key password on the network management server.
  • the security of the private key determines the security of the digital certificate. Therefore, in order to ensure the security of the private key, the download information must include the private key file name and the private key.
  • the download path, and the download of the private key must be secured via SSL to ensure its security. For digital certificates, you can obtain other ways, such as downloading through the plaintext file transmission channel.
  • Step S304 After the download is completed, the network management server sends an activation instruction to the network device through the command channel.
  • the network management server After the download is completed, the network management server sends an activation command to the network device through the command channel, and the activation command includes the encrypted private key password.
  • the private key password is encrypted using a symmetric method.
  • the embodiment of the present invention encrypts the private key password of the network server by using the symmetric encryption key of the symmetric encryption algorithm, and decrypts with the symmetric encryption key at the network device end.
  • the symmetric encryption key is preset in the network server and the network device.
  • unencrypted private key passwords can also be transmitted in the implementation, but this will reduce security during digital certificate distribution.
  • Step S305 After receiving the activation instruction, the network device decrypts the encrypted private key password in the activation instruction by using a symmetric method.
  • the network management server notifies the network device to receive the digital certificate and the private key to perform an activation operation by sending an activation instruction to the network device.
  • the activation command there is an encrypted private key password
  • the network device decrypts the encrypted private key password in the activation instruction by a symmetric method. In this way, the network device securely obtains the digital certificate and private key, and the private key password of the private key.
  • the embodiment of the present invention provides a digital certificate and a private key distribution system. As shown in FIG. 4, the system includes: a network management server 401 and at least one network device 402.
  • the network management server 401 includes: an instruction release module 403, a download response module 404, and an encryption module.
  • the network device 402 includes: a command parsing module 405, a download module 406, and a decryption module 407.
  • the encryption module 408 of the network management server 401 is used to encrypt the private key password of the digital certificate private key with a symmetric encryption algorithm.
  • the instruction release module 403 of the network management server 401 sends a download command to the network device 402 through the command channel.
  • the download instruction includes the following information:
  • the digital certificate file name and the download path of the digital certificate are used to enable the network device to know the file name of the digital certificate that needs to be downloaded and the download path of the digital certificate.
  • the private key file name and the download path of the private key are used to enable the network device to know the file name of the private key that needs to be downloaded and the download path of the private key.
  • the command parsing module 405 of the network device 402 is configured to receive a command sent by the network management server 401 through the command channel, and parse the received command. After receiving the download instruction, the command parsing module 405 parses the digital certificate file name in the download command and the download path of the digital certificate, the private key file name, and the download path of the private key, and sends a download notification to the download module 406.
  • the download module 406 After receiving the download notification sent by the command parsing module 405, the download module 406 sends a request to the network management server 401 to establish an anonymous SSL connection.
  • the download module 406 is a client module that supports the FTPS protocol.
  • the download response module 404 of the network management server 401 establishes an anonymous SSL connection with the network device 402 in the file transfer channel in response to the request for the anonymous SSL connection.
  • the download module 406 of the network device 402 passes the SSL connection, according to the digital certificate file name in the download command parsed by the command parsing module 405, and the download path and private key file of the digital certificate.
  • the name and the download path of the private key are downloaded from the network management server 401 to download the corresponding digital certificate and private key.
  • the download response module 404 of the network management server 401 in response to the download request of the download module 406, transmits the digital certificate and the private key to the network device 402 over the SSL connection.
  • the download response module 406 is a server-side module that supports the FTPS protocol.
  • the instruction release module 403 sends an activation command to the network device 402 through the command channel.
  • the activation command includes a private key password encrypted with a symmetric encryption algorithm.
  • the command parsing module 405 parses the encrypted private key password in the activation command and sends a decryption notification to the decryption module 407.
  • the decryption module 407 After receiving the decryption notification, the decryption module 407 decrypts the encrypted private key password parsed by the command parsing module 405 by a symmetric encryption algorithm to obtain a private key password in an unencrypted state.
  • the network device 402 securely obtains the digital certificate, the private key, and the decrypted private key password.
  • the network management server sends the download command and the private key password through the command channel, and the network device downloads the digital certificate and the private key through the SSL encrypted connection mode of the file transmission channel, thereby ensuring the security of the digital certificate and the private key distribution;
  • the network device obtains the private key password and the digital certificate through different channels, and can better prevent the private key password and the digital certificate transmitted during the distribution process from being intercepted.
  • the process of downloading and activating the digital certificate and the private key is more flexible.
  • the network management server can pre-empt each network device to download the digital certificate and the private key, and then, when the activation is required, send the private key password through the activation command, so that the network device can decrypt the private key through the private key password, thereby activating the digital certificate. With the private key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne une technologie d'identification mise en œuvre dans un réseau de communication, et en particulier une technologie de certificat numérique et de distribution de clé privée permettant l'identification. Un procédé d'acquisition de clé privée de certificat numérique consiste : à recevoir des informations de téléchargement envoyées par serveur de gestion de réseau par un canal d'ordres, ces informations contenant un nom de fichier de clé privée de certificat numérique et un chemin de téléchargement de clé privée de certificat numérique ; à établir une connexion de couche d'échange de sécurité anonyme sur le canal de transmission de fichiers avec le serveur de gestion de réseau ; à télécharger la clé de certificat numérique par l'intermédiaire de la connexion de couche d'échange de sécurité anonyme en fonction du nom de fichier de la clé privée et du chemin de téléchargement de la clé privée contenus dans les informations de téléchargement. L'invention concerne également un procédé de distribution de clé privée de certificat numérique, un dispositif de réseau et un serveur de gestion de réseau. Comme le serveur de gestion de réseau envoie les instructions de téléchargement par le canal d'ordres, le dispositif de réseau télécharge le certificat numérique et sa clé privée au moyen de la connexion cryptée de couche d'échange de sécurité anonyme, ce qui est plus efficace qu'un procédé de distribution manuelle, et assure la sécurité du processus de distribution.
PCT/CN2008/073151 2007-12-06 2008-11-21 Certificat numerique, acquisition de cle privee de certificat, procede, dispositif et systeme de distribution associes WO2009074053A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2007101955698A CN101170413B (zh) 2007-12-06 2007-12-06 一种数字证书及其私钥的获得、分发方法及设备
CN200710195569.8 2007-12-06

Publications (1)

Publication Number Publication Date
WO2009074053A1 true WO2009074053A1 (fr) 2009-06-18

Family

ID=39390894

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073151 WO2009074053A1 (fr) 2007-12-06 2008-11-21 Certificat numerique, acquisition de cle privee de certificat, procede, dispositif et systeme de distribution associes

Country Status (2)

Country Link
CN (1) CN101170413B (fr)
WO (1) WO2009074053A1 (fr)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170413B (zh) * 2007-12-06 2011-01-05 华为技术有限公司 一种数字证书及其私钥的获得、分发方法及设备
JP4252620B1 (ja) * 2008-08-27 2009-04-08 グローバルサイン株式会社 サーバ証明書発行システム
CN101938490B (zh) * 2010-09-17 2013-01-09 浙江大学 一种移动互联网设备上的远程控制验证方法
CN102624740B (zh) * 2012-03-30 2016-05-11 北京奇虎科技有限公司 一种数据交互方法及客户端、服务器
CN102970582A (zh) * 2012-11-23 2013-03-13 四川长虹电器股份有限公司 数字证书的传输方法
CN105337977B (zh) * 2015-11-16 2019-01-25 江苏通付盾科技有限公司 一种动态双向认证的安全移动通讯系统及其实现方法
US10142323B2 (en) * 2016-04-11 2018-11-27 Huawei Technologies Co., Ltd. Activation of mobile devices in enterprise mobile management
US10419421B2 (en) * 2016-08-11 2019-09-17 Big Switch Networks, Inc. Systems and methods to securely construct a network fabric
CN111149324B (zh) * 2017-09-21 2023-12-29 Lg电子株式会社 用于管理具有链接值的数字证书的密码学方法和系统
CN110071940A (zh) * 2019-05-06 2019-07-30 深圳市网心科技有限公司 软件包加解密方法、服务器、用户设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2385683A (en) * 2002-02-22 2003-08-27 Thirdspace Living Ltd Distribution system with content replication
CN1672380A (zh) * 2002-03-20 2005-09-21 捷讯研究有限公司 用于检验数字证书状态的系统和方法
CN101170413A (zh) * 2007-12-06 2008-04-30 华为技术有限公司 一种数字证书及其私钥的获得、分发方法及设备

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7948977B2 (en) * 2006-05-05 2011-05-24 Broadcom Corporation Packet routing with payload analysis, encapsulation and service module vectoring
CN100574191C (zh) * 2006-06-14 2009-12-23 北京飞天诚信科技有限公司 局域网内Direct Client系统认证的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2385683A (en) * 2002-02-22 2003-08-27 Thirdspace Living Ltd Distribution system with content replication
CN1672380A (zh) * 2002-03-20 2005-09-21 捷讯研究有限公司 用于检验数字证书状态的系统和方法
CN101170413A (zh) * 2007-12-06 2008-04-30 华为技术有限公司 一种数字证书及其私钥的获得、分发方法及设备

Also Published As

Publication number Publication date
CN101170413B (zh) 2011-01-05
CN101170413A (zh) 2008-04-30

Similar Documents

Publication Publication Date Title
WO2009074053A1 (fr) Certificat numerique, acquisition de cle privee de certificat, procede, dispositif et systeme de distribution associes
US7366905B2 (en) Method and system for user generated keys and certificates
KR102134302B1 (ko) 무선 네트워크 접속 방법 및 장치, 및 저장 매체
EP2351316B1 (fr) Procédé et système d'authentification à base de jeton
EP2820792B1 (fr) Procédé de fonctionnement d'un dispositif informatique, dispositif informatique et programme informatique
US7584505B2 (en) Inspected secure communication protocol
EP2820793B1 (fr) Procédé de fonctionnement d'un dispositif informatique, dispositif informatique et programme informatique
US9319219B2 (en) Method of operating a computing device, computing device and computer program
WO2003088571A1 (fr) Systeme et procede pour communications sans fil securisees au moyen d'une infrastructure a cles publiques
EP1714422A1 (fr) Etablissement d'un contexte securise pour des messages de communication entre des systemes informatiques
Lam et al. Securing SDN southbound and data plane communication with IBC
CN110808834B (zh) 量子密钥分发方法和量子密钥分发系统
CN110493272B (zh) 使用多重密钥的通信方法和通信系统
CN103716280B (zh) 数据传输方法、服务器及系统
CN106713338A (zh) 一种基于服务器硬件信息的长连接隧道建立方法
WO2016134631A1 (fr) Procédé de traitement pour un message openflow, et élément de réseau
JPH10242957A (ja) ユーザ認証方法およびシステムおよびユーザ認証用記憶媒体
CN109194650B (zh) 基于文件远距离加密传输系统的加密传输方法
Cisco Configuring Certification Authority Interoperability
US11528132B2 (en) Transmission of secure information in a content distribution network
US20230297708A1 (en) System and method for managing data-file transmission and access right to data files
KR20230152584A (ko) 개인 키의 안전한 복구
WO2013189083A1 (fr) Procédé, dispositif et système d'authentification de sécurité
GB2612499A (en) Peer-to-peer secure communication, apparatus, and method
LIN et al. SECURE INTERNET ACCESSIBLE MATHEMATICAL COMPUTATION FRAMEWORK

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08859920

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08859920

Country of ref document: EP

Kind code of ref document: A1