WO2017067490A1 - Digital certificate subsystem - Google Patents
Digital certificate subsystem Download PDFInfo
- Publication number
- WO2017067490A1 WO2017067490A1 PCT/CN2016/102781 CN2016102781W WO2017067490A1 WO 2017067490 A1 WO2017067490 A1 WO 2017067490A1 CN 2016102781 W CN2016102781 W CN 2016102781W WO 2017067490 A1 WO2017067490 A1 WO 2017067490A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- digital certificate
- subsystem
- digital
- establishment
- certificate subsystem
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
Description
Claims (10)
- 本发明提供的一种数字证书子系统,是包括有:处理器、存储器及软件系统、及加密解密模块、及密钥生成模块的计算机子系统,其特征在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的认证数据的验证密钥”及“数字证书认证方的认证数据的验证密钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和数字证书认证方双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和数字证书认证方的双重认证”,就不能在该数字证书子系统中建立数字证书应用;A digital certificate subsystem provided by the present invention includes a processor, a memory and software system, and an encryption and decryption module, and a computer subsystem of a key generation module, which is characterized in that it includes "digital certificate establishment management". "module" and "authentication key of the authentication data of the digital certificate subsystem management party" and "authentication key of the authentication data of the digital certificate authenticator" for managing the establishment of the "digital certificate required" in the digital certificate subsystem Digital certificate application can be established only by system administrator and digital certificate authenticator; if there is no "dual certificate subsystem management and digital certificate authenticator's two-factor authentication", digital certificate application cannot be established in the digital certificate subsystem. ;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的认证密钥的认证数据、及数字证书认证方的认证密钥的认证数据”;(1) The "Digital Certificate Subsystem" receives the "Request to establish a digital certificate in the digital certificate subsystem", the "information data to be authenticated by the protocol", and the authentication key of the digital certificate subsystem management party. Data, and authentication data of the authentication key of the digital certificate authenticator";其中,数字证书认证方或数字证书子系统管理方的认证数据,是指:用数字证书认证方或数字证书子系统管理方的认证密钥,对“‘要认证的信息数据’的Hash摘要”进行加密后的加密数据;The authentication data of the digital certificate authenticator or the digital certificate subsystem management party refers to: the authentication key of the digital certificate authenticator or the digital certificate subsystem administrator, and the "Hash summary of the information data to be authenticated" Encrypted encrypted data;(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书子系统管理方的认证数据的验证密钥”对“数字证书子系统管理方的认证密钥的认证数据”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem applies the "authentication key of the authentication data of the digital certificate subsystem management party" stored in the digital certificate subsystem to the "digital certificate" according to the protocol. The authentication data of the authentication key of the system administrator is verified;其中,“验证密钥”对“认证密钥的认证数据”的验证方法是:The verification method of "authentication key" to "authentication data of authentication key" is:a)按协议,应用“验证密钥”对“认证密钥的认证数据”进行解密,得到“‘要认证的信息数据’的Hash摘要”,简记用A表示;a) According to the protocol, the "authentication key" is used to decrypt the "authentication data of the authentication key", and the "hash summary of the information data to be authenticated" is obtained, which is denoted by A;b)按协议,对“接收到的‘按协议要认证的信息数据’”应用Hash算法进行运算,得到该‘按协议要认证的信息数据’的Hash摘要,简记用B表示;b) applying the Hash algorithm to the received "information data to be authenticated by protocol" according to the protocol, and obtaining a Hash summary of the "information data to be authenticated by protocol", which is denoted by B;c)比较数据A和B;若A等于B,则判定“‘验证密钥’对‘认证密钥的认证数据’的验证”通过;若A不等于B,则判定“‘验证密钥’对‘认证密钥的认证数据’的验证”不通过;c) comparing the data A and B; if A is equal to B, it is determined that "the verification of the 'authentication key' for the authentication data of the authentication key' is passed"; if A is not equal to B, the "authentication key" pair is determined 'Verification of authentication data for authentication key' does not pass;(3)若上述对“数字证书子系统管理方的认证密钥的认证数据”的验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”; (3) If the above verification of the "authentication data of the authentication key of the digital certificate subsystem management party" fails, the "digital certificate establishment management module" does not allow establishment in the "digital certificate subsystem". Requested digital certificate";其中,数字证书认证方,可以是CA,也可以是“与CA具有同等认证效力的CA计算机认证管理系统”;The digital certificate authenticator may be a CA or a CA computer authentication management system having the same certification effect as the CA;CA是负责认证、签发和管理数字证书的第三方权威机构;CA是通过CA计算机认证管理系统管理签发用户数字证书;CA is the third-party authority responsible for the certification, issuance and management of digital certificates; CA is the management of the issuance of user digital certificates through the CA computer certification management system;其中,数字证书子系统管理方,可以是数字证书子系统管理机构,也可以是“与‘数字证书子系统管理机构’具有同等管理效力的‘数字证书子系统管理机构’的计算机管理系统”;The digital certificate subsystem management party may be a digital certificate subsystem management organization, or may be a computer management system of a 'digital certificate subsystem management institution' having the same management effect as the 'digital certificate subsystem management institution';“数字证书子系统管理机构”是管理“在数字证书子系统中建立数字证书应用的管理机构;其可以是CA,也可以不是CA;其特征是:其是和“与其不同的CA”共同管理“在数字证书子系统中建立数字证书应用”的管理机构;The "Digital Certificate Subsystem Authority" is the management organization that manages the establishment of a digital certificate application in the digital certificate subsystem; it may or may not be a CA; it is characterized in that it is managed jointly with "a different CA" The governing body for “establishing a digital certificate application in the digital certificate subsystem”;“数字证书子系统管理机构”是通过“数字证书子系统管理机构的计算机管理系统”管理“在数字证书子系统中建立数字证书应用”;该“数字证书子系统管理机构的计算机管理系统”,简称为:数字证书子系统管理平台;The “Digital Certificate Subsystem Management Organization” manages “Building a Digital Certificate Application in the Digital Certificate Subsystem” through the “Computer Management System of the Digital Certificate Subsystem Authority”; the “Computer Management System of the Digital Certificate Subsystem Management Organization”, Referred to as: digital certificate subsystem management platform;其中,数字证书认证方或数字证书子系统管理方的认证密钥和验证密钥,是一对可相互唯一验证的密钥,其可以是对称密钥,也可以是非对称密钥。The authentication key and the verification key of the digital certificate authenticator or the digital certificate subsystem administrator are a pair of mutually uniquely authenticated keys, which may be symmetric keys or asymmetric keys.
- 如权利要求1所述的数字证书子系统,其包括有“数字证书建立管理模块”和“数字证书子系统管理方的认证数据的验证密钥”及“数字证书认证方的认证数据的验证密钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和数字证书认证方双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和数字证书认证方的双重认证”,就不能在该数字证书子系统中建立数字证书应用;The digital certificate subsystem according to claim 1, comprising: a "digital certificate establishment management module" and a "authentication key of the authentication data of the digital certificate subsystem management party" and a verification key of the authentication data of the digital certificate authenticator Key" is used to manage the establishment of a digital certificate application that can be established by dual authentication of the digital certificate subsystem administrator and the digital certificate authenticator in the digital certificate subsystem; if there is no "digital certificate subsystem administrator and digital certificate" The two-factor authentication of the authenticator cannot establish a digital certificate application in the digital certificate subsystem;其特征是还包括下面步骤:It is also characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的认证密钥的认证数据、及数字证书认证方的认证密钥的认证数据’”;(1) The "Digital Certificate Subsystem" receives the "Request to establish a digital certificate in the digital certificate subsystem", the "information data to be authenticated by the protocol", and the authentication key of the digital certificate subsystem management party. Data, and authentication data of the authentication key of the digital certificate authenticator'";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书认证方的认证数据的验证密钥”对“数字 证书认证方的认证密钥的认证数据”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem applies the "authentication key of the authentication data of the digital certificate authenticator" stored in the digital certificate subsystem to the "digital" according to the protocol. The authentication data of the certificate authenticator's authentication key is verified;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";其中,数字证书认证方或数字证书子系统管理方的认证密钥和验证密钥,是一对可相互唯一验证的密钥,其可以是对称密钥,也可以是非对称密钥。The authentication key and the verification key of the digital certificate authenticator or the digital certificate subsystem administrator are a pair of mutually uniquely authenticated keys, which may be symmetric keys or asymmetric keys.
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及“国家根CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和CA双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和CA的双重认证”,就不能在该数字证书子系统中建立数字证书应用;The digital certificate subsystem of claim 2, further comprising: a "digital certificate establishment management module" and a "public key of a digital certificate subsystem digital certificate" and a "national root CA digital certificate" Public key" is used to manage the establishment of a digital certificate application that requires the digital certificate subsystem management and CA dual authentication to be established in the digital certificate subsystem; if there is no "digital certificate subsystem management party and CA's dual authentication" ", you cannot establish a digital certificate application in the digital certificate subsystem;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的数字签名、及运营CA的数字签名、和运营CA的数字证书”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a digital signature of the digital certificate subsystem management party, and operation CA's digital signature, and the digital certificate of the operating CA";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“国家根CA数字证书的公钥”,对接收到的“运营CA的数字证书”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem applies the "public key of the national root CA digital certificate" stored in the digital certificate subsystem according to the protocol, and the received "operating CA number" Certificate" for verification;其验证方法是:The verification method is:a)按协议,应用“国家根CA数字证书的公钥”对“‘运营CA的数字证书’中的国家根CA的数字签名”进行解密,得到“‘运营CA的数字证书’中的‘要认证的信息数据’的Hash摘要”,简记用A表示;a) According to the agreement, use the “public key of the national root CA digital certificate” to decrypt the “digital signature of the national root CA in the 'digital certificate of the operating CA'”, and obtain the “in the digital certificate of the operating CA”. The Hash summary of the authenticated information data, abbreviated as A;b)按协议,对接收到的“‘运营CA的数字证书’中的‘按协议要认证的信息数据’”应用Hash算法进行运算,得到该‘按协议要认证的信息数据’的Hash摘要,简记用B表示;b) Apply the Hash algorithm to the received "information data to be authenticated by the protocol" in the received "digital certificate of the operating CA" according to the protocol, and obtain the Hash summary of the 'information data to be authenticated by protocol'. A shorthand is indicated by B;c)比较数据A和B;若A等于B,则判定“‘国家根CA数字证书的公钥’对该‘运营CA的数字证书’的验证”通过;若A不等于B,则判定“‘国家根 CA数字证书的公钥’对该‘运营CA的数字证书’的验证”不通过;c) Comparing data A and B; if A is equal to B, it is determined that "the public key of the 'national root CA digital certificate' passes the verification of the 'digital certificate of the operating CA'"; if A is not equal to B, the decision is made " National root The public key of the CA digital certificate 'verification of the 'digital certificate of the operating CA' does not pass;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";其中,国家根CA,是向运营CA签发数字证书的国家权威认证机构;国家根CA的数字证书是根数字证书,是国家根CA给自己颁发的数字证书;国家根CA和国家根CA的数字证书,是以数字证书为基础的国家级信任链的起始点;Among them, the national root CA is the national authoritative certification body that issues digital certificates to the operating CA; the digital certificate of the national root CA is the root digital certificate, which is the digital certificate issued by the national root CA to itself; the number of the national root CA and the national root CA Certificate, the starting point of a national trust chain based on digital certificates;其中,运营CA,是由国家根CA认证、可向CA外的具体个人及法人签发并管理数字证书的第三方权威认证机构。Among them, the operation CA is a third-party authoritative certification body that is certified by the national root CA and can issue and manage digital certificates to specific individuals and legal persons outside the CA.
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及“国家根CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和CA双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和CA的双重认证”,就不能在该数字证书子系统中建立数字证书应用;The digital certificate subsystem of claim 2, further comprising: a "digital certificate establishment management module" and a "public key of a digital certificate subsystem digital certificate" and a "national root CA digital certificate" Public key" is used to manage the establishment of a digital certificate application that requires the digital certificate subsystem management and CA dual authentication to be established in the digital certificate subsystem; if there is no "digital certificate subsystem management party and CA's dual authentication" ", you cannot establish a digital certificate application in the digital certificate subsystem;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的数字签名、及运营CA的数字签名、和运营CA的数字证书”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a digital signature of the digital certificate subsystem management party, and operation CA's digital signature, and the digital certificate of the operating CA";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“国家根CA数字证书的公钥”,对接收到的“运营CA的数字证书”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem applies the "public key of the national root CA digital certificate" stored in the digital certificate subsystem according to the protocol, and the received "operating CA number" Certificate" for verification;其验证方法是:The verification method is:a)按协议,应用“国家根CA数字证书的公钥”对“‘运营CA的数字证书’中的国家根CA的数字签名”进行解密,得到“‘运营CA的数字证书’中的‘要认证的信息数据’的Hash摘要”,简记用A表示;a) According to the agreement, use the “public key of the national root CA digital certificate” to decrypt the “digital signature of the national root CA in the 'digital certificate of the operating CA'”, and obtain the “in the digital certificate of the operating CA”. The Hash summary of the authenticated information data, abbreviated as A;b)按协议,对接收到的“‘运营CA的数字证书’中的‘按协议要认证的信息数据’”应用Hash算法进行运算,得到该‘按协议要认证的信息数据’的 Hash摘要,简记用B表示;b) applying the Hash algorithm to the received "information data to be authenticated by the protocol" in the received "digital certificate of the operating CA" according to the protocol, and obtaining the information data to be authenticated by the protocol. Hash summary, shorthand with B;c)比较数据A和B;若A等于B,则判定“‘国家根CA数字证书的公钥’对该‘运营CA的数字证书’的验证”通过;若A不等于B,则判定“‘国家根CA数字证书的公钥’对该‘运营CA的数字证书’的验证”不通过;c) Comparing data A and B; if A is equal to B, it is determined that "the public key of the 'national root CA digital certificate' passes the verification of the 'digital certificate of the operating CA'"; if A is not equal to B, the decision is made " The public key of the national root CA digital certificate 'verification of the 'digital certificate' of the operating CA is not passed;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(4)若验证通过,则该“数字证书建立管理模块”,按协议,再应用该“运营CA的数字证书的公钥”对接收到的“运营CA的数字签名”进行验证;(4) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the "public key of the digital certificate of the operating CA" to verify the received "digital signature of the operating CA";(5)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(5) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";其中,国家根CA,是向运营CA签发数字证书的国家权威认证机构;国家根CA的数字证书是根数字证书,是国家根CA给自己颁发的数字证书;国家根CA和国家根CA的数字证书,是以数字证书为基础的国家级信任链的起始点;Among them, the national root CA is the national authoritative certification body that issues digital certificates to the operating CA; the digital certificate of the national root CA is the root digital certificate, which is the digital certificate issued by the national root CA to itself; the number of the national root CA and the national root CA Certificate, the starting point of a national trust chain based on digital certificates;其中,运营CA,是由国家根CA认证、可向CA外的具体个人及法人签发并管理数字证书的第三方权威认证机构。Among them, the operation CA is a third-party authoritative certification body that is certified by the national root CA and can issue and manage digital certificates to specific individuals and legal persons outside the CA.
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及多个不同的“运营CA的数字证书的公钥”;其中,每个“运营CA的数字证书的公钥”按其唯一ID数据被检索调用;The digital certificate subsystem of claim 2, further comprising: a "digital certificate establishment management module" and a "public key of a digital certificate subsystem digital certificate" and a plurality of different "operational CAs" Public key of the digital certificate"; wherein each "public key of the digital certificate of the operating CA" is retrieved and retrieved according to its unique ID data;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的数字签名、及运营CA的数字签名、及该运营CA在该数字证书子系统中的唯一ID数据”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a digital signature of the digital certificate subsystem management party, and operation The digital signature of the CA and the unique ID data of the operational CA in the digital certificate subsystem";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,按接收到的“该运营CA在该数字证书子系统中的唯一ID数据”,在该数字证书子系统中检索调用该“运营CA数字证书中的公钥”;并应用该“运营CA数字证书中的公钥”,对接收到的“运营CA的数字签名”进行验证; (2) The "digital certificate establishment management module" of the digital certificate subsystem retrieves the call in the digital certificate subsystem according to the received "unique ID data of the operating CA in the digital certificate subsystem" according to the protocol. The "public key in the operation CA digital certificate"; and applying the "public key in the operation CA digital certificate" to verify the received "digital signature of the operating CA";(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”。(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem".
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及“运营CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和运营CA双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和运营CA的双重认证”,就不能在该数字证书子系统中建立数字证书应用;The digital certificate subsystem according to claim 2, further comprising: a "digital certificate establishment management module" and a "public key of a digital certificate of the digital certificate subsystem management party" and "a public operation of the digital certificate of the CA" Key" is used to manage the establishment of a digital certificate application that can be established by the digital certificate subsystem management and the operational CA dual authentication in the digital certificate subsystem; if there is no "digital certificate subsystem management party and operation CA" "Authentication", it is impossible to establish a digital certificate application in the digital certificate subsystem;其中,运营CA是通过“该运营CA的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;The operating CA is a registered authentication service that establishes a user digital certificate in the digital certificate subsystem through the "Registration Center (RA) of the operating CA";其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的数字签名、及‘运营CA的RA的数字签名’、和‘该运营CA签发的该RA的数字证书’”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a digital signature of the digital certificate subsystem management party, and ' The digital signature 'of the RA of the operating CA', and 'the digital certificate of the RA issued by the operational CA'";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“运营CA数字证书的公钥”,对接收到的“该运营CA签发的RA数字证书”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem, according to the protocol, applies the "public key of the operating CA digital certificate" stored in the digital certificate subsystem, and the received "issued by the operational CA" RA digital certificate" for verification;其验证方法是:The verification method is:a)按协议,应用“运营CA数字证书的公钥”对“‘RA数字证书’中的运营CA的数字签名”进行解密,得到“‘RA数字证书’中的‘要认证的信息数据’的Hash摘要”,简记用A表示;a) Decrypt the "digital signature of the operating CA in the 'RA digital certificate" by applying the "public key of the operating CA digital certificate" according to the agreement, and obtain the "information data to be authenticated" in the 'RA digital certificate'. Hash summary", abbreviated as A;b)按协议,对接收到的“‘RA数字证书’中的‘要认证的信息数据’”应用Hash算法进行运算,得到该‘要认证的信息数据’的Hash摘要,简记用B表示;b) applying a Hash algorithm to the received "information data to be authenticated" in the "RA digital certificate" according to the protocol, and obtaining a Hash summary of the information data to be authenticated, which is denoted by B;c)比较数据A和B;若A等于B,则判定“‘运营CA数字证书的公钥’对该‘RA数字证书’的验证”通过;若A不等于B,则判定“‘运营CA数字证书的公钥’对该‘RA数字证书’的验证”不通过; c) comparing data A and B; if A is equal to B, it is determined that "the public key of the operational CA digital certificate 'passes the verification of the 'RA digital certificate'"; if A is not equal to B, then the judgment "the operational CA number The public key of the certificate 'verification of the 'RA digital certificate' does not pass;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(4)若验证通过,则该“数字证书建立管理模块”,按协议,再应用该“RA数字证书中的公钥”对接收到的“RA数字签名”进行验证;(4) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the "public key in the RA digital certificate" to verify the received "RA digital signature";(5)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(5) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";其中,RA是Registration Authority的缩写,是运营CA的注册服务中心(机构),是CA总体系统的一部分;其用于办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;The RA is an abbreviation of the Registration Authority, is a registered service center (institution) of the operating CA, and is a part of the overall system of the CA; it is used to handle the registration authentication service in the "establishing a digital certificate of the user in the digital certificate subsystem";运营CA的RA的数字证书,由该运营CA签发认证和管理。The digital certificate of the RA that operates the CA is issued and certified by the operating CA.
- 如权利要求2、3、4、5、6之一的所述数字证书子系统,其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及“CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和CA双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和CA的双重认证”,就不能在该数字证书子系统中建立数字证书应用;A digital certificate subsystem according to any one of claims 2, 3, 4, 5, 6 including a "digital certificate establishment management module" and a "public key of a digital certificate subsystem digital certificate" and "CA" The public key of the digital certificate is used to manage the establishment of a digital certificate application that requires the digital certificate subsystem management and CA dual authentication to be established in the digital certificate subsystem; if there is no "digital certificate subsystem administrator and CA" Double authentication", it is impossible to establish a digital certificate application in the digital certificate subsystem;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及数字证书子系统管理方的数字签名、及CA的数字签名”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a digital signature of the digital certificate subsystem management party, and CA Digital signature";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书子系统管理方的数字证书的公钥”,对接收到的“数字证书子系统管理方的数字签名”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem, according to the protocol, applies the "public key of the digital certificate subsystem management party's digital certificate" stored in the digital certificate subsystem, to the received " The digital signature of the digital certificate subsystem management party is verified;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”。(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem".
- 如权利要求2、3、4、5、6之一的所述数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及“CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有 数字证书子系统管理方和CA双重认证才能建立的数字证书应用”;若没有“数字证书子系统管理方和CA的双重认证”,就不能在该数字证书子系统中建立数字证书应用;The digital certificate subsystem of any one of claims 2, 3, 4, 5, 6 further characterized in that it comprises a "digital certificate establishment management module" and a "digital certificate subsystem management party digital certificate" "key" and "public key of CA digital certificate" for managing the establishment of "required" in the digital certificate subsystem Digital certificate application can be established by the digital certificate subsystem management and CA dual authentication; if there is no "dual certificate subsystem management and CA dual authentication", digital certificate application cannot be established in the digital certificate subsystem;其中,“数字证书子系统管理方”是通过“该数字证书子系统管理方的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;The “digital certificate subsystem management party” is a registration authentication service for “establishing a user digital certificate in the digital certificate subsystem” through “the registration center (RA) of the digital certificate subsystem management party”;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及运营CA的数字签名、及数字证书子系统管理方的RA的数字签名、及‘数字证书子系统管理方的RA的数字证书和其数字证书子系统管理方的数字签名’”;(1) The "Digital Certificate Subsystem" receives the "Request to establish a digital certificate in the digital certificate subsystem", the "information data to be authenticated by the protocol" and the digital signature of the operating CA, and the management of the digital certificate subsystem. The digital signature of the party's RA, and the digital certificate of the RA of the digital certificate subsystem management party and the digital signature of its digital certificate subsystem administrator's;(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书子系统管理方数字证书的公钥”,对接收到的“数字证书子系统管理方的数字签名”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem applies the "public key of the digital certificate subsystem management party digital certificate" stored in the digital certificate subsystem according to the protocol, and the received "digital" The digital signature of the certificate subsystem administrator is verified;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(4)若验证通过,则该“数字证书建立管理模块”,按协议,再应用该“数字证书子系统管理方的RA的数字证书中的公钥”对接收到的“数字证书子系统管理方的RA的数字签名”进行验证;(4) If the verification is passed, the "digital certificate establishment management module", according to the agreement, applies the "public key in the digital certificate of the RA of the digital certificate subsystem management party" to the received "digital certificate subsystem management". The digital signature of the party RA is verified;(5)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(5) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";其中,RA是Registration Authority的缩写,是“数字证书子系统管理方”的注册服务中心,是“数字证书子系统管理方”总体系统的一部分;其用于办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;Among them, RA is the abbreviation of Registration Authority, is the registration service center of “digital certificate subsystem management party”, and is part of the overall system of “digital certificate subsystem management party”; it is used to establish in the “digital certificate subsystem” User digital certificate" registration certification business;“数字证书子系统管理方的RA的数字证书”,需经“数字证书子系统管理方的签名认证,才能应用于“在该数字证书子系统中建立用户数字证书”的注册认证业务。The digital certificate of the RA of the digital certificate subsystem management party needs to be signed and authenticated by the digital certificate subsystem management party before it can be applied to the registration authentication service of “establishing a user digital certificate in the digital certificate subsystem”.
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字 证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及国家根CA数字证书的公钥,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和运营CA双重认证才能建立的数字证书”;若没有“数字证书子系统管理方和运营CA的双重认证”,就不能在该数字证书子系统中建立数字证书;The digital certificate subsystem of claim 2 further characterized in that it comprises "digital The certificate establishment management module and the public key of the digital certificate subsystem management digital certificate and the public key of the national root CA digital certificate are used to manage the establishment of the digital certificate subsystem management party in the digital certificate subsystem. A digital certificate that can be established by operating a CA with dual authentication"; if there is no "dual certification of the digital certificate subsystem management party and the operational CA", a digital certificate cannot be established in the digital certificate subsystem;其中,运营CA是通过“该运营CA的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;为区别,下面将“该运营CA的注册中心(RA)”,简称为CRA;Among them, the operation CA is through the "Registration Center (RA) of the operation CA", and the registration authentication service of "establishing the user digital certificate in the digital certificate subsystem" is handled; for the difference, the following is the registration center of the operation CA ( RA)", abbreviated as CRA;其中,“数字证书子系统管理方”是通过“该数字证书子系统管理方的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;为区别,下面将“该数字证书子系统管理方的注册中心(RA)”,简称为MRA;Among them, the "digital certificate subsystem management party" is through the "registration center (RA) of the digital certificate subsystem management party", and the registration authentication service of "establishing a user digital certificate in the digital certificate subsystem" is handled; The following is the "Registration Center (RA) of the digital certificate subsystem management party", referred to as MRA;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及‘运营CA的CRA的数字签名’、及‘运营CA的数字证书’、及‘该运营CA签发的该CRA的数字证书’、及‘数字证书子系统管理方的MRA的数字签名’、及‘该MRA的数字证书和其数字证书子系统管理方的数字签名’”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a "digital signature of the CRA of the operating CA", and ' The digital certificate of the operating CA', and the digital certificate of the CRA issued by the operating CA, and the digital signature of the MRA of the digital certificate subsystem management, and the digital certificate of the MRA and its digital certificate subsystem management Party digital signature '";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书子系统管理方的数字证书的公钥”对接收到的“该MRA数字证书的数字证书子系统管理方的数字签名”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem, according to the protocol, applies the "public key of the digital certificate subsystem management party's digital certificate" stored in the digital certificate subsystem to the received The digital signature of the digital certificate subsystem management party of the MRA digital certificate is verified;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(4)若验证通过,则该“数字证书建立管理模块”,按协议,应用“该MRA的数字证书”中的公钥,对接收到的“该MRA的数字签名”进行验证;(4) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the public key in the "digital certificate of the MRA" to verify the received "digital signature of the MRA";(5)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(5) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(6)若验证通过,则该“数字证书建立管理模块”,按协议,继续应用存储在该数字证书子系统中的“国家根CA数字证书的公钥”,对接收到的“运营CA的数字证书”进行验证; (6) If the verification is passed, the "digital certificate establishment management module" continues to apply the "public key of the national root CA digital certificate" stored in the digital certificate subsystem according to the protocol, and the received "operating CA" Digital certificate" for verification;(7)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(7) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(8)若验证通过,则该“数字证书建立管理模块”,按协议,应用“该接收到的运营CA数字证书中的公钥”,对接收到的“该运营CA签发的CRA数字证书”进行验证;(8) If the verification is passed, the "digital certificate establishment management module" applies the "public key in the received operational CA digital certificate" according to the protocol, and receives the received "CRA digital certificate issued by the operational CA". authenticating;(9)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(9) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(10)若验证通过,则该“数字证书建立管理模块”,按协议,应用“该运营CA签发的CRA数字证书”中的公钥,对接收到的“该CRA的数字签名”进行验证;(10) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the public key in the "CRA digital certificate issued by the operation CA" to verify the received "digital signature of the CRA";(11)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(11) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(12)若验证通过,则该“数字证书建立管理模块”,按协议,启动在该数字证书子系统中建立数字证书的流程;该流程包括:(12) If the verification is passed, the “digital certificate establishment management module” starts a process of establishing a digital certificate in the digital certificate subsystem according to the protocol; the process includes:a)该“数字证书建立管理模块”,启动该数字证书子系统中的“非对称密钥生成模块”,生成该数字证书子系统的非对称密钥对(公钥和私钥);a) the "digital certificate establishment management module", starting the "asymmetric key generation module" in the digital certificate subsystem, generating an asymmetric key pair (public key and private key) of the digital certificate subsystem;b)该“数字证书建立管理模块”,按协议,在该数字证书子系统中保存该密钥对的私钥;b) the "digital certificate establishment management module", in which the private key of the key pair is stored in the digital certificate subsystem;c)该“数字证书建立管理模块”,按协议,将该密钥对的公钥输出给CA,用于CA签发基于该公钥的数字证书。c) The "digital certificate establishment management module" outputs the public key of the key pair to the CA according to the protocol for the CA to issue a digital certificate based on the public key.
- 如权利要求2所述的数字证书子系统,其特征还在于:其包括有“数字证书建立管理模块”和“数字证书子系统管理方的数字证书的公钥”及国家根CA数字证书的公钥、及“运营CA数字证书的公钥”,用于管理在该数字证书子系统中建立“需有数字证书子系统管理方和运营CA双重认证才能下载建立的数字证书”;若没有“数字证书子系统管理方和运营CA的双重认证”,就不能在该数字证书子系统中建立数字证书;The digital certificate subsystem of claim 2, further comprising: a "digital certificate establishment management module" and a "public key of a digital certificate subsystem digital certificate" and a national root CA digital certificate The key, and the “public key of the operation CA digital certificate”, are used to manage the establishment of a digital certificate in the digital certificate subsystem that requires the digital certificate subsystem management and the operational CA to be dual-certified to be downloaded and established; The certificate system subsystem and the operating CA's two-factor authentication cannot establish a digital certificate in the digital certificate subsystem;其中,运营CA是通过“该运营CA的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;为区别,下面将“该运营 CA的注册中心(RA)”,简称为CRA;Among them, the operating CA is through the "Registration Center (RA) of the operating CA", and the registration authentication service of "establishing a user digital certificate in the digital certificate subsystem" is handled; for the difference, the following will be "the operation" CA's Registration Center (RA), referred to as CRA;其中,“数字证书子系统管理方”是通过“该数字证书子系统管理方的注册中心(RA)”,办理在“该数字证书子系统中建立用户数字证书”的注册认证业务;为区别,下面将“该数字证书子系统管理方的注册中心(RA)”,简称为MRA;Among them, the "digital certificate subsystem management party" is through the "registration center (RA) of the digital certificate subsystem management party", and the registration authentication service of "establishing a user digital certificate in the digital certificate subsystem" is handled; The following is the "Registration Center (RA) of the digital certificate subsystem management party", referred to as MRA;其特征是包括下面步骤:It is characterized by the following steps:(1)该“数字证书子系统”接收到“‘在该数字证书子系统中建立数字证书的请求’、‘按协议要认证的信息数据’及‘运营CA的CRA的数字签名’、及‘该运营CA签发的该CRA的数字证书’、及‘数字证书子系统管理方的MRA的数字签名’、及‘该MRA的数字证书和其数字证书子系统管理方的数字签名’”;(1) The "Digital Certificate Subsystem" receives "a request to establish a digital certificate in the digital certificate subsystem", "information data to be authenticated by the protocol", and a "digital signature of the CRA of the operating CA", and ' The digital certificate of the CRA issued by the operating CA, and the digital signature of the MRA of the digital certificate subsystem manager, and the digital certificate of the MRA and the digital signature of its digital certificate subsystem management party";(2)该数字证书子系统的“数字证书建立管理模块”,按协议,应用存储在该数字证书子系统中的“数字证书子系统管理方的数字证书的公钥”对接收到的“该MRA数字证书的数字证书子系统管理方的数字签名”进行验证;(2) The "digital certificate establishment management module" of the digital certificate subsystem, according to the protocol, applies the "public key of the digital certificate subsystem management party's digital certificate" stored in the digital certificate subsystem to the received The digital signature of the digital certificate subsystem management party of the MRA digital certificate is verified;(3)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(3) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(4)若验证通过,则该“数字证书建立管理模块”,按协议,应用“该MRA的数字证书”中的公钥,对接收到的“该MRA的数字签名”进行验证;(4) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the public key in the "digital certificate of the MRA" to verify the received "digital signature of the MRA";(5)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(5) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(6)若验证通过,则该“数字证书建立管理模块”,按协议,继续应用存储在该数字证书子系统中的“运营CA数字证书中的公钥”,对接收到的“该运营CA签发的CRA数字证书”进行验证;(6) If the verification is passed, the "digital certificate establishment management module" continues to apply the "public key in the operational CA digital certificate" stored in the digital certificate subsystem according to the protocol, and the received "the operation CA" The issued CRA digital certificate is verified;(7)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”;(7) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(8)若验证通过,则该“数字证书建立管理模块”,按协议,应用“该运营CA签发的CRA数字证书”中的公钥,对接收到的“该CRA的数字签名”进行验证;(8) If the verification is passed, the "digital certificate establishment management module", according to the protocol, applies the public key in the "CRA digital certificate issued by the operating CA" to verify the received "digital signature of the CRA";(9)若验证不通过,则该“数字证书建立管理模块”,不允许在该“数字证书子系统”中建立“该请求的数字证书”; (9) If the verification fails, the "digital certificate establishment management module" does not allow the establishment of "the requested digital certificate" in the "digital certificate subsystem";(10)若验证通过,则该“数字证书建立管理模块”,按协议,启动在该数字证书子系统中建立数字证书的流程;该流程包括:(10) If the verification is passed, the “digital certificate establishment management module” initiates a process of establishing a digital certificate in the digital certificate subsystem according to the protocol; the process includes:a)该“数字证书建立管理模块”,启动该数字证书子系统中的“非对称密钥生成模块”,生成该数字证书子系统的非对称密钥对(公钥和私钥);a) the "digital certificate establishment management module", starting the "asymmetric key generation module" in the digital certificate subsystem, generating an asymmetric key pair (public key and private key) of the digital certificate subsystem;b)该“数字证书建立管理模块”,按协议,在该数字证书子系统中保存该密钥对的私钥;b) the "digital certificate establishment management module", in which the private key of the key pair is stored in the digital certificate subsystem;c)该“数字证书建立管理模块”,按协议,将该密钥对的公钥输出给CA,用于CA签发基于该公钥的数字证书。 c) The "digital certificate establishment management module" outputs the public key of the key pair to the CA according to the protocol for the CA to issue a digital certificate based on the public key.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201520818176 | 2015-10-22 | ||
CN201520818176.8 | 2015-10-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017067490A1 true WO2017067490A1 (en) | 2017-04-27 |
Family
ID=58556715
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/102781 WO2017067490A1 (en) | 2015-10-22 | 2016-10-20 | Digital certificate subsystem |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2017067490A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050149733A1 (en) * | 2003-12-31 | 2005-07-07 | International Business Machines Corporation | Method for securely creating an endorsement certificate utilizing signing key pairs |
CN101521883A (en) * | 2009-03-23 | 2009-09-02 | 中兴通讯股份有限公司 | Method and system for renewing and using digital certificate |
CN101651540A (en) * | 2008-08-12 | 2010-02-17 | 中国移动通信集团公司 | Method, device and system for updating digital certificate |
CN104462965A (en) * | 2014-11-14 | 2015-03-25 | 华为技术有限公司 | Method for verifying integrity of application program and network device |
-
2016
- 2016-10-20 WO PCT/CN2016/102781 patent/WO2017067490A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050149733A1 (en) * | 2003-12-31 | 2005-07-07 | International Business Machines Corporation | Method for securely creating an endorsement certificate utilizing signing key pairs |
CN101651540A (en) * | 2008-08-12 | 2010-02-17 | 中国移动通信集团公司 | Method, device and system for updating digital certificate |
CN101521883A (en) * | 2009-03-23 | 2009-09-02 | 中兴通讯股份有限公司 | Method and system for renewing and using digital certificate |
CN104462965A (en) * | 2014-11-14 | 2015-03-25 | 华为技术有限公司 | Method for verifying integrity of application program and network device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020192773A1 (en) | Digital identity authentication method, device, apparatus and system, and storage medium | |
US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
US11356280B2 (en) | Personal device security using cryptocurrency wallets | |
US20210367795A1 (en) | Identity-Linked Authentication Through A User Certificate System | |
CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
CN110537346B (en) | Safe decentralized domain name system | |
US20190173873A1 (en) | Identity verification document request handling utilizing a user certificate system and user identity document repository | |
US8185938B2 (en) | Method and system for network single-sign-on using a public key certificate and an associated attribute certificate | |
US8438385B2 (en) | Method and apparatus for identity verification | |
US10567370B2 (en) | Certificate authority | |
WO2020073513A1 (en) | Blockchain-based user authentication method and terminal device | |
WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
US8397281B2 (en) | Service assisted secret provisioning | |
WO2016054990A1 (en) | Security check method, device, terminal and server | |
WO2016173211A1 (en) | Application identifier management method and device | |
WO2016165662A1 (en) | Mobile phone quasi-digital certificate subsystem, and system and method thereof | |
TW202304172A (en) | Location-key encryption system | |
WO2017067490A1 (en) | Digital certificate subsystem | |
WO2023077280A1 (en) | Certificate-less authentication and secure communication | |
TW201103297A (en) | Application and verification method of electronic seal software system | |
WO2023027730A1 (en) | Authentication | |
GB2621504A (en) | Authenticating a device | |
CN116886357A (en) | Distributed digital identity authentication method, device and medium for mobile platform | |
CN116388979A (en) | Key escrow method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16856921 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WPC | Withdrawal of priority claims after completion of the technical preparations for international publication |
Ref document number: 201520818176.8 Country of ref document: CN Date of ref document: 20180703 Free format text: WITHDRAWN AFTER TECHNICAL PREPARATION FINISHED |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16856921 Country of ref document: EP Kind code of ref document: A1 |