WO2018090481A1 - Method and system for verifying digital certificate of mobile terminal application - Google Patents

Method and system for verifying digital certificate of mobile terminal application Download PDF

Info

Publication number
WO2018090481A1
WO2018090481A1 PCT/CN2017/071216 CN2017071216W WO2018090481A1 WO 2018090481 A1 WO2018090481 A1 WO 2018090481A1 CN 2017071216 W CN2017071216 W CN 2017071216W WO 2018090481 A1 WO2018090481 A1 WO 2018090481A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
mobile terminal
terminal application
verification
status information
Prior art date
Application number
PCT/CN2017/071216
Other languages
French (fr)
Chinese (zh)
Inventor
王高华
唐占国
徐裕斌
谭洪涛
Original Assignee
沃通电子认证服务有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 沃通电子认证服务有限公司 filed Critical 沃通电子认证服务有限公司
Publication of WO2018090481A1 publication Critical patent/WO2018090481A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Abstract

A method and a system for verifying a digital certificate of a mobile terminal application are provided. The method comprises the following steps: a mobile terminal application transmitting a connection request to a service terminal to obtain a current certificate of the service terminal (S11); analyzing the certificate to obtain attribute information of the certificate (S12); transmitting the attribute information of the certificate to a verification proxy server (S13); the verification proxy server receiving the attribute information of the certificate, comparing the certificate with multiple certificates stored in the verification proxy server, and determining whether there is a certificate having the same attribute information as that of the certificate (S21); if so, returning state information of the certificate to the mobile terminal application (S211); and if not, obtaining state information of the certificate via a certification authority and returning the same to the mobile terminal application (S212). The method ensures the security of mobile terminal applications, such that verification is convenient and efficient, and mobile communication traffic and power consumption of mobile terminals are reduced.

Description

用于移动终端应用程序的数字证书验证方法及系统  Digital certificate verification method and system for mobile terminal application
技术领域Technical field
本发明涉及计算机网络通信技术领域,特别涉及一种用于移动终端应用程序的数字证书验证方法及系统。The present invention relates to the field of computer network communication technologies, and in particular, to a digital certificate verification method and system for a mobile terminal application.
背景技术Background technique
移动终端应用程序(如浏览器)在访问服务端网站时,通常都不验证该服务端的证书是否被吊销,目的是考虑到查验证书吊销不仅费时和费电,影响用户浏览体验,而且需要消耗用户不少流量费,特别是非WiFi模式下。以此造成服务端的证书如果已经被吊销,通过移动终端进行访问时仍然正常显示安全锁标识,这对用户来讲是极大的安全威胁,可能造成泄漏个人隐私信息或账户密码,及被骗取金钱等。When a mobile terminal application (such as a browser) accesses a server website, it usually does not verify whether the certificate of the server is revoked. The purpose is to consider that the verification of the certificate is not only time-consuming and power-consuming, affecting the user's browsing experience, but also consuming the user. A lot of traffic charges, especially in non-WiFi mode. If the certificate of the server is already revoked, the security lock identifier is still displayed normally when accessed through the mobile terminal, which is a great security threat to the user, which may result in leakage of personal privacy information or account password, and fraudulently obtaining money. Wait.
发明内容Summary of the invention
本发明的主要目的是提供一种用于移动终端应用程序的数字证书验证方法,旨在保证移动终端使用的安全性,验证方便快捷,节省移动流量和移动终端的耗电量,验证效率高。The main object of the present invention is to provide a digital certificate verification method for a mobile terminal application, which aims to ensure the security of the mobile terminal, which is convenient and quick to verify, saves mobile traffic and power consumption of the mobile terminal, and has high verification efficiency.
为实现上述目的,本发明提出一种用于移动终端应用程序的数字证书验证方法,包括以下步骤:To achieve the above object, the present invention provides a digital certificate verification method for a mobile terminal application, comprising the following steps:
向服务端发送连接请求,获取该服务端的当前证书;Send a connection request to the server to obtain the current certificate of the server;
解析所述证书,得到所述证书的属性信息;Parsing the certificate to obtain attribute information of the certificate;
发送所述证书的属性信息到验证代理服务器;Sending attribute information of the certificate to the verification proxy server;
所述验证代理服务器接收所述证书的属性信息,与所述验证代理服务器中存储的多个证书进行比对,判断是否存在与所述证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端应用程序;若否,则通过证书颁发机构获取所述证书的状态信息并返回给移动终端应用程序。The verification proxy server receives the attribute information of the certificate, compares with the plurality of certificates stored in the verification proxy server, determines whether there is a certificate with the same attribute information of the certificate, and if yes, returns the certificate. Status information to the mobile terminal application; if not, the status information of the certificate is obtained by the certificate authority and returned to the mobile terminal application.
优选地,所述验证代理服务器通过证书颁发机构进行获取所述证书的状态信息包括以下步骤:Preferably, the verifying proxy server obtaining status information of the certificate by using a certificate authority comprises the following steps:
所述验证代理服务器接收所述服务端的当前证书及签发者证书;The verification proxy server receives the current certificate and the issuer certificate of the server;
通过所述验证代理服务器发送当前证书及签发者证书到证书颁发机构;Sending the current certificate and the issuer certificate to the certificate authority through the verification proxy server;
所述验证代理服务器从所述证书颁发机构获取该证书的状态信息;The verification proxy server acquires status information of the certificate from the certificate authority;
解析该证书的状态信息;Parsing the status information of the certificate;
存储该证书及该证书的状态信息;Storing the certificate and status information of the certificate;
所述验证代理服务器对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。The verification proxy server signs the status information of the certificate and sends it to the mobile terminal application that connects the request.
优选地,所述返回该相同的证书信息的状态信息包括以下步骤:Preferably, the returning the status information of the same certificate information comprises the following steps:
所述移动终端应用程序接受签名的证书的状态信息;The mobile terminal application accepts status information of the signed certificate;
验证所述签名,获取该证书的状态信息。Verify the signature and obtain status information of the certificate.
优选地,所述返回该相同的证书信息的状态信息还包括以下步骤:Preferably, the returning the status information of the same certificate information further includes the following steps:
所述移动终端应用程序对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,对所述服务端进行危险提示,若为有效状态信息,则移动终端应用程序连接服务端获取应用。The mobile terminal application determines whether the status information of the returned certificate is revocation status information or valid status information, and if the status information is revocation status, the service end is dangerously prompted, and if it is valid status information, the mobile terminal application is The program connects to the server to get the application.
优选地,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。Preferably, the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and an issuer key hash.
本发明还提出一种用于移动终端应用程序的数字证书验证系统,包括移动终端及验证代理服务器,The invention also provides a digital certificate verification system for a mobile terminal application, comprising a mobile terminal and a verification proxy server,
所述移动终端应用程序包括:The mobile terminal application includes:
获取模块,向服务端发送连接请求,获取该服务端的当前证书;Obtaining a module, sending a connection request to the server, and obtaining a current certificate of the server;
解析模块,用于解析所述证书,得到所述证书的属性信息;a parsing module, configured to parse the certificate, and obtain attribute information of the certificate;
发送模块,用于发送所述证书的属性信息到验证代理服务器;a sending module, configured to send attribute information of the certificate to the verification proxy server;
所述验证代理服务器包括:The verification proxy server includes:
判断单元,用于将接收所述证书的属性信息,与所述验证代理服务器中存储的多个证书进行比对,判断是否存在与所述证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端应用程序;若否,则通过查询证书颁发机构获取所述证书的状态信息。a determining unit, configured to compare the attribute information of the received certificate with a plurality of certificates stored in the verification proxy server, determine whether a certificate having the same attribute information as the certificate exists, and if yes, return the certificate Status information to the mobile terminal application; if not, the status information of the certificate is obtained by querying the certificate authority.
优选地,所述验证代理服务器还包括:Preferably, the verification proxy server further includes:
接收单元,用于接收所述服务端的当前证书及签发者证书;a receiving unit, configured to receive a current certificate and a certificate of the issuer of the server;
发送单元,用于通过所述验证代理服务器发送当前证书及签发者证书到证书颁发机构;a sending unit, configured to send the current certificate and the issuer certificate to the certificate authority by using the verification proxy server;
获取单元,用于从所述证书颁发机构获取该证书的状态信息;An obtaining unit, configured to obtain status information of the certificate from the certificate authority;
解析单元,用于解析该证书的状态信息;a parsing unit, configured to parse status information of the certificate;
存储单元,用于存储该证书及该证书的状态信息;a storage unit, configured to store the certificate and status information of the certificate;
签名单元,用于对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。And a signature unit, configured to sign the status information of the certificate and send the connection to the mobile terminal application that requests the connection.
优选地,所述移动终端应用程序还包括:Preferably, the mobile terminal application further includes:
接收模块,接受签名的证书的状态信息;Receiving module, accepting status information of the signed certificate;
验证模块,验证所述签名,获取该证书的状态信息。The verification module verifies the signature and obtains status information of the certificate.
优选地,所述移动终端应用程序还包括:判断模块,用于所述移动终端应用程序对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,对连接所述服务端进行危险提示,若为有效状态信息,则移动终端应用程序连接服务端获取应用。Preferably, the mobile terminal application further includes: a determining module, configured to determine, by the mobile terminal application, whether the status information of the returned certificate is revocation status information or valid status information, and if the status information is revocation status, the connection is The server performs a dangerous prompt. If it is valid status information, the mobile terminal application connects to the server to acquire an application.
优选地,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。Preferably, the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and an issuer key hash.
本发明技术方案通过向服务端发送连接请求时,将该服务端的证书的属性信息到验证代理服务器,验证代理服务器接收证书的属性信息,与验证代理服务器中存储的多个证书进行比对,判断是否存在与证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端,使验证方便快捷,节省移动流量和节省耗电量,效率高,若否,再通过证书颁发机构获取证书的状态信息后返回简单字节的状态给移动终端应用程序,以此保证移动终端应用程序的安全。When the connection request is sent to the server, the technical solution of the server sends the attribute information of the certificate of the server to the verification proxy server, verifies the attribute information of the certificate received by the proxy server, and compares with the plurality of certificates stored in the verification proxy server, and determines Whether there is a certificate with the same attribute information as the certificate. If yes, the status information of the certificate is returned to the mobile terminal, which makes the verification convenient and fast, saves mobile traffic and saves power consumption, and has high efficiency. If not, it is obtained through the certificate authority. After the status information of the certificate, the status of the simple byte is returned to the mobile terminal application, thereby ensuring the security of the mobile terminal application.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图示出的结构获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and those skilled in the art can obtain other drawings according to the structures shown in the drawings without any creative work.
图1为本发明用于移动终端应用程序的数字证书验证方法一实施例的工作原理示意图;1 is a schematic diagram showing the working principle of an embodiment of a digital certificate verification method for a mobile terminal application according to the present invention;
图2为图1中通过证书颁发机构获取证书的状态信息一实施例的工作原理示意图;2 is a schematic diagram showing the working principle of an embodiment of the state information obtained by the certificate authority in FIG. 1;
图3为图1中通过证书颁发机构获取证书的状态信息另一实施例工作原理示意图; 3 is a schematic diagram showing the working principle of another embodiment of status information of obtaining a certificate by a certificate authority in FIG. 1;
图4为用于移动终端应用程序的数字证书验证系统的移动终端功能模块示意图;4 is a schematic diagram of a mobile terminal function module of a digital certificate verification system for a mobile terminal application;
图5为用于移动终端应用程序的数字证书验证系统的验证代理服务器的功能模块示意图。5 is a functional block diagram of a verification proxy server of a digital certificate verification system for a mobile terminal application.
附图标号说明:Description of the reference numerals:
标号Label 名称name 标号Label 名称name
1010 移动终端应用程序Mobile terminal application 21twenty one 判断单元Judging unit
1111 获取模块Acquisition module 22twenty two 接收单元Receiving unit
1212 解析模块Parsing module 23twenty three 发送单元Sending unit
1313 发送模块Sending module 24twenty four 获取单元Acquisition unit
1414 接收模块Receiving module 2525 解析单元Parsing unit
1515 验证模块Verification module 2626 存储单元Storage unit
1616 判断模块Judgment module 2727 签名单元Signature unit
2020 验证代理服务器Authentication proxy server
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
需要说明,本发明实施例中所有方向性指示(诸如上、下、左、右、前、后……)仅用于解释在某一特定姿态(如附图所示)下各部件之间的相对位置关系、运动情况等,如果该特定姿态发生改变时,则该方向性指示也相应地随之改变。It should be noted that all directional indications (such as up, down, left, right, front, back, ...) in the embodiments of the present invention are only used to explain between components in a certain posture (as shown in the drawing). Relative positional relationship, motion situation, etc., if the specific posture changes, the directional indication also changes accordingly.
在本发明中,除非另有明确的规定和限定,术语“连接”、“固定”等应做广义理解,例如,“固定”可以是固定连接,也可以是可拆卸连接,或成一体;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通或两个元件的相互作用关系,除非另有明确的限定。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In the present invention, the terms "connected", "fixed" and the like should be understood broadly, unless otherwise clearly defined and limited. For example, "fixed" may be a fixed connection, or may be a detachable connection, or may be integrated; It may be a mechanical connection or an electrical connection; it may be directly connected or indirectly connected through an intermediate medium, and may be an internal connection of two elements or an interaction relationship of two elements unless explicitly defined otherwise. For those skilled in the art, the specific meanings of the above terms in the present invention can be understood on a case-by-case basis.
另外,在本发明中如涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本发明要求的保护范围之内。In addition, the descriptions of "first", "second", and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. Thus, features defining "first" or "second" may include at least one of the features, either explicitly or implicitly. In addition, the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. It is also within the scope of protection required by the present invention.
本发明提出一种用于移动终端应用程序的数字证书验证方法及系统。The present invention provides a digital certificate verification method and system for a mobile terminal application.
参照图1,在本发明一实施例中,该用于移动终端应用程序的数字证书验证方法包括以下步骤:Referring to FIG. 1, in an embodiment of the present invention, the digital certificate verification method for a mobile terminal application includes the following steps:
S11:向服务端发送连接请求,获取该服务端的当前证书;S11: Send a connection request to the server to obtain a current certificate of the server.
S12:解析证书,得到证书的属性信息;S12: parsing the certificate to obtain attribute information of the certificate;
S13:发送证书的属性信息到验证代理服务器;S13: Send the attribute information of the certificate to the verification proxy server;
S21:验证代理服务器接收证书的属性信息,与验证代理服务器中存储的多个证书进行比对,判断是否存在与证书的属性信息相同的证书,S211:若是,则返回该证书的状态信息至移动终端;S212:若否,则通过证书颁发机构(CA)获取证书的状态信息。S21: The verification proxy server receives the attribute information of the certificate, compares with the plurality of certificates stored in the verification proxy server, and determines whether there is a certificate with the same attribute information as the certificate, and S211: if yes, returns the status information of the certificate to the mobile Terminal; S212: If not, the status information of the certificate is obtained by a certificate authority (CA).
本实施例的用于移动终端应用程序的数字证书验证方法,首先,移动终端应用程序向服务端发送连接请求,如各种移动终端上的浏览器:苹果Safari浏览器、谷歌Chrome浏览器、火狐浏览器、腾讯浏览器、360浏览器或UC浏览器等进行输入服务端的域名或地址等,一实施例为通过在浏览器上以https访问网站;也可是移动终端上的电子邮件客户端应用程序需要验证邮件签名和加密证书的吊销状态;或者是移动终端操作系统需要验证待安装的应用程序的数字签名是否有效等。然后,可通过移动终端应用程序对证书进行解析,仅得到证书的属性信息, 此时只需通过简单字节的证书的属性信息提交给验证代理服务器,优选地,验证代理服务器为云端服务器,使不同地区及多人可更快捷方便的通过云端服务器进行验证证书。验证代理服务器中存储有多个证书及该证书的状态信息,证书包括有证书的属性信息,优选地,证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。可通过证书的属性信息依次分类,如通过证书的序列号进行分类等,使提交给验证代理服务器的证书或证书的属性信息可快速进行存储或比对,通过比对以方便快速找到与证书的属性信息相同的证书,如果存在,则仅返回该证书的状态信息,通过少量字节,查询快速,节省流量和耗电量,高效率。如果不存在,通过证书颁发机构获取证书的状态信息后返回简单字节的状态给移动终端应用程序,保证移动终端使用的安全性。In the digital certificate verification method for the mobile terminal application of the embodiment, first, the mobile terminal application sends a connection request to the server, such as a browser on various mobile terminals: Apple Safari browser, Google Chrome browser, Firefox A browser, a Tencent browser, a 360 browser, or a UC browser, etc., to input a domain name or address of the server, etc., an embodiment is to access the website by https on the browser; or an email client application on the mobile terminal It is necessary to verify the revocation status of the mail signature and the encryption certificate; or the mobile terminal operating system needs to verify whether the digital signature of the application to be installed is valid or the like. Then, the certificate can be parsed by the mobile terminal application, and only the attribute information of the certificate is obtained. At this time, only the attribute information of the certificate of the simple byte is submitted to the verification proxy server. Preferably, the verification proxy server is a cloud server, so that different regions and multiple people can perform the verification certificate through the cloud server more quickly and conveniently. The verification proxy server stores a plurality of certificates and status information of the certificate, and the certificate includes attribute information of the certificate. Preferably, the attribute information of the certificate includes a certificate serial number, an issuer name hash, and an issuer key hash. The attribute information of the certificate can be classified in turn, such as by the serial number of the certificate, so that the attribute information of the certificate or certificate submitted to the verification proxy server can be quickly stored or compared, and the comparison is convenient to quickly find the certificate. A certificate with the same attribute information, if it exists, returns only the status information of the certificate. With a small number of bytes, the query is fast, saving traffic and power consumption, and high efficiency. If it does not exist, the certificate authority obtains the status information of the certificate and returns the status of the simple byte to the mobile terminal application to ensure the security of the mobile terminal.
进一步地,验证代理服务器可自动更新存储的证书的状态信息,并不断增加新签发的证书,当通过证书颁发机构获取证书的状态信息后,验证代理服务器自动保存该证书状态,验证代理服务器还可记录初次进行证书验证的证书,代理查询仍然可以以简单字节返回验证结果而节省无线流量和耗电量,当该移动终端或其他移动终端再次通过移动服务器进行证书验证时,先与记录验证过的证书进行比对,直接反馈该证书的状态信息,以此提高效率,使查询更快速,当验证代理服务器进行证书的数据更新时,也可仅刷新有更新过的记录的证书,使记录的所有证书不一一更新记录,进一步提高查询效率。Further, the verification proxy server can automatically update the status information of the stored certificate, and continuously add the newly issued certificate. After obtaining the status information of the certificate by the certificate authority, the verification proxy server automatically saves the certificate status, and the verification proxy server can also Recording the certificate for initial certificate verification, the proxy query can still return the verification result in a simple byte and save wireless traffic and power consumption. When the mobile terminal or other mobile terminal performs certificate verification again through the mobile server, it first authenticates with the record. The certificate is compared and directly feedbacks the status information of the certificate, thereby improving efficiency and making the query faster. When the verification proxy server performs data update of the certificate, it can also refresh only the certificate with the updated record, so that the record is All certificates are not updated one by one to further improve query efficiency.
本发明技术方案通过向服务端发送连接请求时,将该服务端的证书的属性信息到验证代理服务器,验证代理服务器接收证书的属性信息,与验证代理服务器中存储的多个证书进行比对,判断是否存在与证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端,使验证方便快捷,节省流量和电量,效率高,若否,再通过证书颁发机构获取证书的状态信息后返回简单字节的状态给移动终端应用程序,以此保证移动终端使用的安全性。When the connection request is sent to the server, the technical solution of the server sends the attribute information of the certificate of the server to the verification proxy server, verifies the attribute information of the certificate received by the proxy server, and compares with the plurality of certificates stored in the verification proxy server, and determines Whether there is a certificate with the same attribute information as the certificate. If yes, the status information of the certificate is returned to the mobile terminal, which makes the verification convenient and fast, saves traffic and power, and has high efficiency. If not, the certificate authority obtains the status information of the certificate. After returning the status of the simple byte to the mobile terminal application, the security of the mobile terminal is guaranteed.
参照图2,优选地,验证代理服务器通过证书颁发机构进行获取证书的状态信息包括以下步骤:Referring to FIG. 2, preferably, the verification proxy server obtains status information of the certificate through the certificate authority, including the following steps:
S22:验证代理服务器接收服务端的当前证书及签发者证书;S22: The verification proxy server receives the current certificate and the issuer certificate of the server;
S23:通过验证代理服务器的在线证书状态协议,发送当前证书及签发者证书到证书颁发机构;S23: Send the current certificate and the issuer certificate to the certificate authority by verifying the online certificate status protocol of the proxy server;
S24:验证代理服务器从证书颁发机构获取该证书的状态信息;S24: The verification proxy server obtains status information of the certificate from the certification authority;
S25:解析该证书的状态信息;S25: Parsing status information of the certificate;
S26:存储该证书及该证书的状态信息;S26: storing the certificate and status information of the certificate;
S27:验证代理服务器对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。S27: The verification proxy server signs the status information of the certificate and sends it to the mobile terminal application that connects the request.
本实施例的用于移动终端应用程序的数字证书验证方法,当验证代理服务器通过证书颁发机构进行获取证书的状态信息时,验证代理服务器进行解析该证书的状态信息,并按照顺序存储于验证代理服务器的数据库中,还进行记录,使移动终端下次访问时可直接查询记录即可快速验证证书。通过验证代理服务器对该证书的状态信息进行签名,也可对该证书的状态信息进行数字签名等发送至连接请求的移动终端应用程序,防止被非法篡改等,验证结果的安全性。In the digital certificate verification method for the mobile terminal application of the embodiment, when the verification proxy server obtains the status information of the certificate through the certificate authority, the verification proxy server parses the status information of the certificate, and stores the status information in the verification agent in order. In the database of the server, records are also recorded so that the mobile terminal can directly query the record for the next time to access the certificate to quickly verify the certificate. By verifying the proxy server to sign the status information of the certificate, the status information of the certificate may be digitally signed or the like to be sent to the mobile terminal application of the connection request to prevent illegal tampering, etc., and the security of the verification result.
参照图3,进一步地,用于移动终端应用程序的数字证书验证方法还包括以下步骤:Referring to FIG. 3, further, the digital certificate verification method for the mobile terminal application further includes the following steps:
S14:移动终端应用程序接受签名的证书的状态信息;S14: The mobile terminal application accepts status information of the signed certificate;
S15:验证签名,获取该证书的状态信息。S15: Verify the signature and obtain status information of the certificate.
本实施例的用于移动终端应用程序的数字证书验证方法,通过移动终端所对应的验证信息进行验证是否为有效的信息,以此可选择拒绝或验证获取该证书的状态信息。The digital certificate verification method for the mobile terminal application in this embodiment performs verification whether the verification is valid information through the verification information corresponding to the mobile terminal, thereby selectively refusing or verifying the status information of obtaining the certificate.
参照图1,优选地,用于移动终端应用程序的数字证书验证方法还包括以下步骤:Referring to FIG. 1, preferably, the digital certificate verification method for the mobile terminal application further includes the following steps:
S16:移动终端应用程序对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,S161:对连接服务端进行危险提示;若为有效状态信息,S162:对连接服务端进行安全提示,或直接通过移动终端应用程序的连接请求,移动终端应用程序连接服务端获取应用。S16: The mobile terminal application determines whether the status information of the returned certificate is the revocation status information or the valid status information. If the status information is revocation status, S161: dangerously prompting the connection server; if it is valid status information, S162: Connect the server to the security prompt, or directly through the connection request of the mobile terminal application, and the mobile terminal application connects to the server to obtain the application.
本实施例的用于移动终端应用程序的数字证书验证方法,通过移动终端装载的软件或相关插件进行对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,做出相应的显示提醒,使移动终端应用程序能更方便直接的显示服务端的证书状态。The digital certificate verification method for the mobile terminal application in this embodiment performs the corresponding display by determining whether the status information of the returned certificate is the revocation status information or the valid status information by using the software loaded by the mobile terminal or the related plug-in. Reminder, making it easier for mobile terminal applications to directly display the certificate status of the server.
参照图1及图2,本发明还提出一种用于移动终端应用程序的数字证书验证系统,包括移动终端应用程序10及验证代理服务器20,Referring to FIG. 1 and FIG. 2, the present invention further provides a digital certificate verification system for a mobile terminal application, including a mobile terminal application 10 and a verification proxy server 20.
移动终端应用程序10包括:The mobile terminal application 10 includes:
获取模块11,向服务端发送连接请求,获取该服务端的当前证书;The obtaining module 11 sends a connection request to the server to obtain a current certificate of the server.
解析模块12,用于解析证书,得到证书的属性信息;The parsing module 12 is configured to parse the certificate to obtain attribute information of the certificate;
发送模块13,用于发送证书的属性信息到验证代理服务器20;The sending module 13 is configured to send the attribute information of the certificate to the verification proxy server 20;
验证代理服务器20包括:The verification proxy server 20 includes:
判断单元21,用于将接收证书的属性信息,与验证代理服务器20中存储的多个证书进行比对,判断是否存在与证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端应用程序10;若否,则通过证书颁发机构获取证书的状态信息。The determining unit 21 is configured to compare the attribute information of the received certificate with the plurality of certificates stored in the verification proxy server 20, and determine whether there is a certificate with the same attribute information as the certificate, and if yes, return the status information of the certificate to The mobile terminal application 10; if not, the status information of the certificate is obtained by the certificate authority.
上述的移动终端应用程序10向服务端发送连接请求,如移动终端上的浏览器,苹果Safari浏览器、谷歌浏览器、火狐浏览器、腾讯浏览器、360浏览器或UC浏览器等进行输入服务端的域名或地址等,一实施例为通过在浏览器上以https访问网站,通过获取模块11获取该网站的证书,通过解析模块12进行解析该网站的证书的属性信息;也可是移动终端应用程序10上装有的电子邮件的客户端应用程序需要验证邮件加密证书的吊销状态,则发送邮件方为服务端,获取模块11获取发送邮件方的当前证书及相关信息等;或者是移动终端应用程序10操作系统需要验证待安装的应用程序的数字签名是否有效等,则提供应用程序的开发软件方为服务端,获取模块11进行获取该应用程序开发软件方的当前证书。然后,可通过移动终端应用程序10内置的解析模块12对证书进行解析,仅得到证书的属性信息, 此时通过发送模块13将简单字节的证书的属性信息提交给验证代理服务器20,优选地,验证代理服务器20为云端服务器,使不同地区及多人可更快捷方便的通过云端服务器进行验证证书。验证代理服务器20中存储有多个证书及该证书的状态信息,证书包括有证书的属性信息,优选地,证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。可通过证书的属性信息依次分类,如通过证书的序列号进行分类等,通过判断单元16使提交给验证代理服务器的证书或证书的属性信息可快速进行存储或比对,通过比对以方便快速找到与证书的属性信息相同的证书,如果存在,则仅返回该证书的状态信息,通过少量字节,查询快速,节省流量,高效率。如果不存在,通过证书颁发机构获取证书的状态信息后简单字节返回证书状态给移动端应用程序,保证移动终端应用程序10使用的安全。The mobile terminal application 10 described above sends a connection request to the server, such as a browser on the mobile terminal, an Apple Safari browser, a Google browser, a Firefox browser, a Tencent browser, a 360 browser, or a UC browser. The domain name or the address of the terminal, etc., in one embodiment, the website is accessed by https on the browser, the certificate of the website is obtained by the obtaining module 11, and the attribute information of the certificate of the website is parsed by the parsing module 12; or the mobile terminal application is also used. The client application of the email installed on the 10 needs to verify the revocation status of the mail encryption certificate, and the sending mail party is the server, the obtaining module 11 obtains the current certificate and related information of the sending mail party, or the mobile terminal application 10 The operating system needs to verify whether the digital signature of the application to be installed is valid, etc., and the development software that provides the application is the server, and the obtaining module 11 obtains the current certificate of the application development software. Then, the certificate can be parsed by the parsing module 12 built in the mobile terminal application 10, and only the attribute information of the certificate is obtained. At this time, the attribute information of the certificate of the simple byte is submitted to the verification proxy server 20 through the sending module 13. Preferably, the verification proxy server 20 is a cloud server, so that different regions and multiple people can perform verification certificates through the cloud server more quickly and conveniently. . The verification proxy server 20 stores a plurality of certificates and status information of the certificate, and the certificate includes attribute information of the certificate. Preferably, the attribute information of the certificate includes a certificate serial number, an issuer name hash, and an issuer key hash. . The attribute information of the certificate may be sequentially classified, for example, by the serial number of the certificate, and the attribute information of the certificate or the certificate submitted to the verification proxy server may be quickly stored or compared by the judging unit 16, and the comparison is convenient and fast. Find the certificate with the same attribute information as the certificate. If it exists, return only the status information of the certificate. With a small number of bytes, the query is fast, saves traffic, and is highly efficient. If it does not exist, the certificate authority obtains the status information of the certificate, and the simple byte returns the certificate status to the mobile application to ensure the security of the mobile terminal application 10.
进一步地,验证代理服务器20可自动更新存储的证书的状态信息,并增加新的注册的证书,当通过证书颁发机构获取证书的状态信息后,验证代理服务器20自动保存该证书,验证代理服务器20还可记录初次进行证书验证的证书,当该移动终端应用程序10或其他移动终端再次通过验证代理服务器20进行证书验证时,先与记录验证过的证书进行比对,直接反馈该证书的状态信息,以此提高效率,使查询更快速,当验证代理服务器20进行证书的数据更新时,也可仅刷新有更新过的记录的证书,使记录的所有证书不一一更新记录,进一步提高查询效率。Further, the verification proxy server 20 can automatically update the status information of the stored certificate and add a new registered certificate. After obtaining the status information of the certificate by the certificate authority, the verification proxy server 20 automatically saves the certificate, and the verification proxy server 20 The certificate for initial certificate verification may also be recorded. When the mobile terminal application 10 or other mobile terminal performs certificate verification again through the verification proxy server 20, the certificate is first compared with the record verified certificate, and the status information of the certificate is directly fed back. In order to improve the efficiency and make the query faster, when the verification proxy server 20 performs the data update of the certificate, it is also possible to refresh only the certificate with the updated record, so that all the recorded certificates are not updated one by one, thereby further improving the query efficiency. .
参照图2,优选地,验证代理服务器20还包括:Referring to FIG. 2, preferably, the verification proxy server 20 further includes:
接收单元22,用于接收服务端的当前证书及签发者证书;The receiving unit 22 is configured to receive a current certificate and a certificate of the server of the server;
发送单元23,用于通过验证代理服务器20的在线证书状态协议,发送当前证书及签发者证书到证书颁发机构;The sending unit 23 is configured to send the current certificate and the issuer certificate to the certificate authority by verifying the online certificate status protocol of the proxy server 20;
获取单元24,用于从证书颁发机构获取该证书的状态信息;The obtaining unit 24 is configured to obtain status information of the certificate from a certificate authority;
解析单元25,用于解析该证书的状态信息;The parsing unit 25 is configured to parse status information of the certificate;
存储单元26,用于存储该证书及该的状态信息;a storage unit 26, configured to store the certificate and the status information;
签名单元27,用于对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。The signature unit 27 is configured to sign the status information of the certificate and send it to the mobile terminal application that connects the request.
当验证代理服务器20通过获取单元24从证书颁发机构进行获取证书的状态信息时,验证代理服务器20通过解析单元25进行解析该证书的状态信息,并通过存储单元26按照顺序存储于验证代理服务器20的数据库中,还进行记录,使移动终端应用程序10下次访问时可直接查询记录即可快速验证证书。通过签名单元27对该证书的状态信息进行签名,也可对该证书的状态信息进行签名发送至连接请求的移动终端应用程序10,防止被非法篡改等,保证传输信息的安全性。When the verification proxy server 20 acquires the status information of the certificate from the certificate authority through the obtaining unit 24, the verification proxy server 20 performs the state information for parsing the certificate through the parsing unit 25, and stores it in the verification proxy server 20 in order through the storage unit 26. In the database, records are also recorded so that the mobile terminal application 10 can directly query the record for the next time to access the certificate to quickly verify the certificate. The status information of the certificate is signed by the signature unit 27, and the status information of the certificate can be signed and sent to the mobile terminal application 10 of the connection request to prevent illegal tampering and the like, thereby ensuring the security of the transmitted information.
进一步参照图1,优选地,移动终端应用程序10还包括:With further reference to FIG. 1, preferably, the mobile terminal application 10 further includes:
接收模块14,接受签名的证书的状态信息;Receiving module 14, accepting status information of the signed certificate;
验证模块15,验证签名,获取该证书的状态信息。The verification module 15 verifies the signature and obtains status information of the certificate.
本实施例通过接收模块14接收移动终端应用程序10所对应的验证信息,并通过验证模块15进行验证是否为有效的信息,移动终端可以以此决定是否信任此证书。In this embodiment, the receiving module 14 receives the verification information corresponding to the mobile terminal application 10, and the verification module 15 performs verification whether the information is valid, and the mobile terminal can determine whether to trust the certificate.
优选地,移动终端应用程序10还包括:判断模块16,用于移动终端应用程序10对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,对连接服务端进行危险提示,若为有效状态信息,则直接通过移动终端应用程序10的连接请求,移动终端应用程序10连接服务端获取应用。Preferably, the mobile terminal application 10 further includes: a determining module 16 for the mobile terminal application 10 to determine whether the status information of the returned certificate is revocation status information or valid status information, and if the status information is revocation status, the connection service is The terminal performs a dangerous prompt. If it is the valid status information, the mobile terminal application 10 connects to the server to acquire the application directly through the connection request of the mobile terminal application 10.
上述通过移动终端应用程序10的判断模块16可为移动终端应用程序10装载的软件或相关插件进行,对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,并作出相应的显示提醒,使移动终端应用程序10能更方便直接的显示服务端的证书状态。The determining module 16 of the mobile terminal application 10 may perform the software or related plug-in loaded by the mobile terminal application 10, and determine whether the status information of the returned certificate is the revocation status information or the valid status information, and perform corresponding display. Remind that the mobile terminal application 10 can more conveniently display the certificate status of the server directly.
以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是在本发明的发明构思下,利用本发明说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本发明的专利保护范围内。The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structural transformation, or direct/indirect use, of the present invention and the contents of the drawings are used in the inventive concept of the present invention. It is included in the scope of the patent protection of the present invention in other related technical fields.

Claims (16)

  1. 一种用于移动终端应用程序的数字证书验证方法,其特征在于,该用于移动终端应用程序的数字证书验证方法包括以下步骤: A digital certificate verification method for a mobile terminal application, characterized in that the digital certificate verification method for a mobile terminal application comprises the following steps:
    向服务端发送连接请求,获取该服务端的当前证书;Send a connection request to the server to obtain the current certificate of the server;
    解析所述证书,得到所述证书的属性信息;Parsing the certificate to obtain attribute information of the certificate;
    发送所述证书的属性信息到验证代理服务器;Sending attribute information of the certificate to the verification proxy server;
    所述验证代理服务器接收所述证书的属性信息,与所述验证代理服务器中存储的多个证书进行比对,判断是否存在与所述证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端应用程序;若否,则通过证书颁发机构获取所述证书的状态信息并返回给移动终端应用程序。The verification proxy server receives the attribute information of the certificate, compares with the plurality of certificates stored in the verification proxy server, determines whether there is a certificate with the same attribute information of the certificate, and if yes, returns the certificate. Status information to the mobile terminal application; if not, the status information of the certificate is obtained by the certificate authority and returned to the mobile terminal application.
  2. 如权利要求1所述的用于移动终端应用程序的数字证书验证方法,其特征在于,所述验证代理服务器通过证书颁发机构进行获取所述证书的状态信息包括以下步骤:The digital certificate verification method for a mobile terminal application according to claim 1, wherein the verifying proxy server obtaining status information of the certificate by using a certificate authority comprises the following steps:
    所述验证代理服务器接收所述服务端的当前证书及签发者证书;The verification proxy server receives the current certificate and the issuer certificate of the server;
    通过所述验证代理服务器发送当前证书及签发者证书到证书颁发机构;Sending the current certificate and the issuer certificate to the certificate authority through the verification proxy server;
    所述验证代理服务器从所述证书颁发机构获取该证书的状态信息;The verification proxy server acquires status information of the certificate from the certificate authority;
    解析该证书的状态信息;Parsing the status information of the certificate;
    存储该证书及该证书的状态信息;Storing the certificate and status information of the certificate;
    所述验证代理服务器对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。The verification proxy server signs the status information of the certificate and sends it to the mobile terminal application that connects the request.
  3. 如权利要求2所述的用于移动终端应用程序的数字证书验证方法,其特征在于,该用于移动终端应用程序的数字证书验证方法还包括以下步骤:The digital certificate verification method for a mobile terminal application according to claim 2, wherein the digital certificate verification method for the mobile terminal application further comprises the following steps:
    所述移动终端应用程序接受签名的证书的状态信息;The mobile terminal application accepts status information of the signed certificate;
    验证所述签名,获取该证书的状态信息。Verify the signature and obtain status information of the certificate.
  4. 如权利要求1所述的用于移动终端应用程序的数字证书验证方法,其特征在于,该用于移动终端应用程序的数字证书验证方法还包括以下步骤:The digital certificate verification method for a mobile terminal application according to claim 1, wherein the digital certificate verification method for the mobile terminal application further comprises the following steps:
    所述移动终端应用程序对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,对所述服务端进行危险提示,若为有效状态信息,则移动终端应用程序连接服务端获取应用。The mobile terminal application determines whether the status information of the returned certificate is revocation status information or valid status information, and if the status information is revocation status, the service end is dangerously prompted, and if it is valid status information, the mobile terminal application is The program connects to the server to get the application.
  5. 如权利要求1所述的用于移动终端应用程序的数字证书验证方法,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification method for a mobile terminal application according to claim 1, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  6. 如权利要求2所述的用于移动终端应用程序的数字证书验证方法,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification method for a mobile terminal application according to claim 2, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  7. 如权利要求3所述的用于移动终端应用程序的数字证书验证方法,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification method for a mobile terminal application according to claim 3, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  8. 如权利要求4所述的用于移动终端应用程序的数字证书验证方法,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification method for a mobile terminal application according to claim 4, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  9. 一种用于移动终端应用程序的数字证书验证系统,其特征在于,包括移动终端应用程序及验证代理服务器,A digital certificate verification system for a mobile terminal application, comprising: a mobile terminal application and a verification proxy server,
    所述移动终端应用程序包括:The mobile terminal application includes:
    获取模块,向服务端发送连接请求,获取该服务端的当前证书;Obtaining a module, sending a connection request to the server, and obtaining a current certificate of the server;
    解析模块,用于解析所述证书,得到所述证书的属性信息;a parsing module, configured to parse the certificate, and obtain attribute information of the certificate;
    发送模块,用于发送所述证书的属性信息到验证代理服务器;a sending module, configured to send attribute information of the certificate to the verification proxy server;
    所述验证代理服务器包括:The verification proxy server includes:
    判断单元,用于将接收所述证书的属性信息,与所述验证代理服务器中存储的多个证书进行比对,判断是否存在与所述证书的属性信息相同的证书,若是,则返回该证书的状态信息至移动终端;若否,则通过证书颁发机构获取所述证书的状态信息。a determining unit, configured to compare the attribute information of the received certificate with a plurality of certificates stored in the verification proxy server, determine whether a certificate having the same attribute information as the certificate exists, and if yes, return the certificate Status information to the mobile terminal; if not, the status information of the certificate is obtained by the certificate authority.
  10. 如权利要求9所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述验证代理服务器还包括:The digital certificate verification system for a mobile terminal application according to claim 9, wherein the verification proxy server further comprises:
    接收单元,用于接收所述服务端的当前证书及签发者证书;a receiving unit, configured to receive a current certificate and a certificate of the issuer of the server;
    发送单元,用于通过所述验证代理服务器发送当前证书及签发者证书到证书颁发机构;a sending unit, configured to send the current certificate and the issuer certificate to the certificate authority by using the verification proxy server;
    获取单元,用于从所述证书颁发机构获取该证书的状态信息;An obtaining unit, configured to obtain status information of the certificate from the certificate authority;
    解析单元,用于解析该证书的状态信息;a parsing unit, configured to parse status information of the certificate;
    存储单元,用于存储该证书及该证书的状态信息;a storage unit, configured to store the certificate and status information of the certificate;
    签名单元,用于对该证书的状态信息进行签名,发送至连接请求的移动终端应用程序。And a signature unit, configured to sign the status information of the certificate and send the connection to the mobile terminal application that requests the connection.
  11. 如权利要求10所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述移动终端应用程序包括:The digital certificate verification system for a mobile terminal application according to claim 10, wherein the mobile terminal application comprises:
    接收模块,接受签名的证书的状态信息;Receiving module, accepting status information of the signed certificate;
    验证模块,验证所述签名,获取该证书的状态信息。The verification module verifies the signature and obtains status information of the certificate.
  12. 如权利要求9所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述移动终端应用程序还包括:The digital certificate verification system for a mobile terminal application according to claim 9, wherein the mobile terminal application further comprises:
    判断模块,用于所述移动终端应用程序对返回的证书的状态信息进行判断是否为吊销状态信息或有效状态信息,若为吊销状态信息,对连接所述服务端进行危险提示,若为有效状态信息,则移动终端应用程序连接服务端获取应用。a judging module, configured to determine, by the mobile terminal application, whether the status information of the returned certificate is revocation status information or valid status information, and if the status information is revocation status, performing a dangerous prompt to connect the server, if the status is valid Information, the mobile terminal application connects to the server to obtain the application.
  13. 如权利要求9所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification system for a mobile terminal application according to claim 9, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  14. 如权利要求10所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification system for a mobile terminal application according to claim 10, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  15. 如权利要求11所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification system for a mobile terminal application according to claim 11, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
  16. 如权利要求12所述的用于移动终端应用程序的数字证书验证系统,其特征在于,所述验证代理服务器为云端服务器,所述证书的属性信息包括证书序列号、颁发者名称散列、及颁发者密钥散列。The digital certificate verification system for a mobile terminal application according to claim 12, wherein the verification proxy server is a cloud server, and the attribute information of the certificate includes a certificate serial number, an issuer name hash, and Issuer key hash.
PCT/CN2017/071216 2016-11-15 2017-01-16 Method and system for verifying digital certificate of mobile terminal application WO2018090481A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611033380.4 2016-11-15
CN201611033380.4A CN106789897B (en) 2016-11-15 2016-11-15 Digital certificate authentication method and system for application program for mobile terminal

Publications (1)

Publication Number Publication Date
WO2018090481A1 true WO2018090481A1 (en) 2018-05-24

Family

ID=58970780

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071216 WO2018090481A1 (en) 2016-11-15 2017-01-16 Method and system for verifying digital certificate of mobile terminal application

Country Status (2)

Country Link
CN (1) CN106789897B (en)
WO (1) WO2018090481A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107241341B (en) * 2017-06-29 2020-07-07 北京五八信息技术有限公司 Access control method and device
CN107392589B (en) * 2017-07-01 2023-08-01 武汉天喻信息产业股份有限公司 Android system intelligent POS system, security verification method and storage medium
CN109101813A (en) * 2018-09-03 2018-12-28 郑州云海信息技术有限公司 A kind of application program hold-up interception method and relevant apparatus
CN109379371B (en) * 2018-11-20 2021-11-23 多点生活(成都)科技有限公司 Certificate verification method, device and system
CN111797379B (en) * 2020-07-15 2023-01-06 上海瀚之友信息技术服务有限公司 Processing method and device for improving information security
CN111865992B (en) * 2020-07-23 2021-04-02 亚数信息科技(上海)有限公司 ACME centralized management system and load balancing method thereof
CN114615309B (en) * 2022-01-18 2024-03-15 奇安信科技集团股份有限公司 Client access control method, device, system, electronic equipment and storage medium
CN114154171A (en) * 2022-02-07 2022-03-08 浙江省人力资源和社会保障信息中心 Social security self-service machine program installation method and system, electronic equipment and computer medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217710A1 (en) * 2007-04-06 2010-08-26 Nec Corporation Electronic money system and electronic money transaction method
CN103778367A (en) * 2013-12-30 2014-05-07 网秦(北京)科技有限公司 Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server
CN103905448A (en) * 2014-04-01 2014-07-02 江苏物联网研究发展中心 Video camera equipment entity authentication method for urban security and protection
CN104580172A (en) * 2014-12-24 2015-04-29 北京奇虎科技有限公司 Data communication method and device based on https (hypertext transfer protocol over secure socket layer)
CN105429934A (en) * 2014-09-19 2016-03-23 腾讯科技(深圳)有限公司 HTTPS connection verification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217710A1 (en) * 2007-04-06 2010-08-26 Nec Corporation Electronic money system and electronic money transaction method
CN103778367A (en) * 2013-12-30 2014-05-07 网秦(北京)科技有限公司 Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server
CN103905448A (en) * 2014-04-01 2014-07-02 江苏物联网研究发展中心 Video camera equipment entity authentication method for urban security and protection
CN105429934A (en) * 2014-09-19 2016-03-23 腾讯科技(深圳)有限公司 HTTPS connection verification method and device
CN104580172A (en) * 2014-12-24 2015-04-29 北京奇虎科技有限公司 Data communication method and device based on https (hypertext transfer protocol over secure socket layer)

Also Published As

Publication number Publication date
CN106789897B (en) 2019-08-06
CN106789897A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
WO2018090481A1 (en) Method and system for verifying digital certificate of mobile terminal application
WO2018145357A1 (en) Email encryption method and system
WO2020147383A1 (en) Process examination and approval method, device and system employing blockchain system, and non-volatile storage medium
WO2014008858A1 (en) Method for implementing cross-domain jump, browser, and domain name server
WO2016169410A1 (en) Login method and device, server and login system
WO2020224246A1 (en) Block chain-based data management method and apparatus, device and storage medium
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
WO2020189926A1 (en) Method and server for managing user identity by using blockchain network, and method and terminal for user authentication using blockchain network-based user identity
WO2012005555A2 (en) Method for creating/issuing electronic document distribution certificate, method for verifying electronic document distribution certificate, and system for distributing electronic document
WO2022102930A1 (en) Did system using browser-based security pin authentication and control method thereof
WO2019174090A1 (en) Screenshot file sharing control method, apparatus and device, and computer storage medium
WO2020189927A1 (en) Method and server for managing identity of user by using blockchain network, and method and terminal for authenticating user by using user identity on basis of blockchain network
EP3108613A1 (en) Method and apparatus for authenticating client credentials
WO2020253120A1 (en) Webpage registration method, system and device, and computer storage medium
WO2017071363A1 (en) Password sharing method, password sharing system, and terminal device
WO2017119548A1 (en) Security-reinforced user authentication method
WO2019132272A1 (en) Id as blockchain based service
WO2015020360A1 (en) Method and device for registering and certifying device in wireless communication system
US10826895B1 (en) System and method for secure authenticated user session handoff
WO2018076865A1 (en) Data sharing method, device, storage medium, and electronic device
WO2020141660A1 (en) Electronic apparatus managing data based on block chain and method for managing data
WO2012149717A1 (en) License dynamic management method, device and system based on tcm or tpm
TW201629805A (en) System, method and database proxy server for separating operations of read and write
WO2021072881A1 (en) Object storage-based request processing method, apparatus and device, and storage medium
WO2019161598A1 (en) Method, apparatus and device for interacting instant messaging with mail, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17870713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17870713

Country of ref document: EP

Kind code of ref document: A1