CN100563151C - A kind of digital certificate updating method and system - Google Patents
A kind of digital certificate updating method and system Download PDFInfo
- Publication number
- CN100563151C CN100563151C CNB2006101123517A CN200610112351A CN100563151C CN 100563151 C CN100563151 C CN 100563151C CN B2006101123517 A CNB2006101123517 A CN B2006101123517A CN 200610112351 A CN200610112351 A CN 200610112351A CN 100563151 C CN100563151 C CN 100563151C
- Authority
- CN
- China
- Prior art keywords
- memory apparatus
- portable memory
- digital certificate
- private key
- update request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000012545 processing Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Abstract
The invention discloses a kind of digital certificate updating method, this method may further comprise the steps: A, portable memory apparatus send update request by terminal to the digital certificate authentication center CA; After B, CA receive the update request that portable memory apparatus sends,, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again for portable memory apparatus is signed and issued digital certificate and private key again; After C, portable memory apparatus are received the digital certificate of signing and issuing again and private key that CA returns, replace digital certificate and the private key that lost efficacy with digital certificate of receiving and private key.The invention also discloses a kind of updating digital certificate system, comprising: portable memory apparatus, terminal and CA.The present invention can make the updating digital certificate process of portable memory apparatus be simplified, and the user need not regularly to the place of CA appointment the portable memory apparatus digital certificate to be upgraded, and has made things convenient for the user to a great extent.
Description
Technical field
The present invention relates to information security technology, relate in particular to a kind of digital certificate updating method and system.
Background technology
PKIX (Public Key Infrastructure, PKI) system is that an establishment stands in the hardware on the open code algorithm basis, software, the set of personnel and application program, it adopts the certificate management PKI, by digital certificate authentication center (the Certificate Authority of third party's trusted mechanism, CA) other identification informations of user's PKI and user (as title, identification card number etc.) bind together, in order to verify user's identity on the internet, the PKI system combines public key cryptography and symmetric cryptography, realize the automatic management of key, guarantee the confidentiality and integrity of data.
CA is a credible third party that is independent of outside all users, is the core of whole PKI system.CA is responsible for entity all in the PKI system (as user, software, machine etc.) and provides digital certificate, upgrades digital certificate and abrogates expired digital certificate.
Digital certificate is the electronic document of being signed and issued by CA that is used to indicate user identity, wherein comprise the user PKI, can the unique identification user identity essential information (as user ID) and CA to signature of above-mentioned information etc., CA sends to the end user with the digital certificate of signing and issuing, and this digital certificate is announced away.
Adopt the PKI technology to realize digital copyright protecting (DRM) function the portable memory apparatus (as mobile memory card), it has the digital certificate of oneself, and general digital certificate was write in this equipment by CA before the portable memory apparatus distribution.In order to improve portable memory apparatus fail safe in use, CA can be provided with the term of validity to this digital certificate when giving portable memory apparatus distribute digital certificate, in case crossed the term of validity, it is invalid that this digital certificate will become, and portable memory apparatus can't pass through when carrying out authentication with terminal (as mobile phone, PC).Therefore, in order to guarantee the normal use of portable memory apparatus, CA need upgrade the digital certificate of portable memory apparatus.
Because portable memory apparatus can't be directly be communicated by letter with CA foundation, and portable memory apparatus mostly is in off-line state, thereby makes updating digital certificate relatively more difficult.A kind of possible method is regularly to the place of CA appointment the portable memory apparatus digital certificate is upgraded by the user, but this updating digital certificate process to be comparatively loaded down with trivial details, and can to bring inconvenience to the user.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of digital certificate updating method and system, simplify the updating digital certificate process of portable memory apparatus.
For achieving the above object, digital certificate updating method provided by the invention may further comprise the steps:
A, portable memory apparatus send update request by terminal to the digital certificate authentication center CA;
After B, CA receive the update request that portable memory apparatus sends,, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again for portable memory apparatus is signed and issued digital certificate and private key again;
After C, portable memory apparatus are received the digital certificate of signing and issuing again and private key that CA returns, replace digital certificate and the private key that lost efficacy with digital certificate of receiving and private key.
Wherein, comprise solicited message in the described update request: portable memory apparatus sign and the digital certificate that lost efficacy;
Described the signing and issuing again of step B further comprises before:
B1, CA are with the signature of CA in self PKI deciphering portable memory apparatus digital certificate, recover the plaintext of portable memory apparatus sign, and judge that the portable memory apparatus sign recover is whether identical with the portable memory apparatus sign of carrying in the described update request, if identical, then sign and issue digital certificate and private key again for portable memory apparatus; Otherwise, the processing of process ends.
Described request information CA public key encryption;
Further comprise before the described step B1:
B0, CA are decrypted the solicited message of receiving with self private key, recover solicited message expressly.
Further comprise solicited message in the described update request: the CA digital signature;
Described the signing and issuing again of step B further comprises before:
B2, CA judge according to the CA digital signature of carrying in the update request whether this update request is that portable memory apparatus sends, if then sign and issue digital certificate and private key again for portable memory apparatus; Otherwise, the processing of process ends.
When described CA digital signature is CA to the signature of portable memory apparatus sign,
The described judgement of step B2 comprises: CA is with self PKI deciphering CA digital signature, recover the plaintext of portable memory apparatus sign, and judge that the portable memory apparatus sign recover is whether identical with the portable memory apparatus sign of carrying in the described update request, if identical, determine that then this update request is that portable memory apparatus sends; If different, determine that then this update request is not that portable memory apparatus sends.
When described CA digital signature is CA to the signature of portable memory apparatus certificate serial number,
The described judgement of step B2 comprises: CA is with self PKI deciphering CA digital signature, recover the plaintext of portable memory apparatus certificate serial number, and judge that the portable memory apparatus certificate serial number recover is whether identical with sequence number in the portable memory apparatus digital certificate that carries in the described update request, if identical, determine that then this update request is that portable memory apparatus sends; If different, determine that then this update request is not that portable memory apparatus sends.
Further comprise solicited message in the described update request: session key;
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: digital certificate and the encrypted private key of session key that CA sends with portable memory apparatus to signing and issuing again, and encrypted digital certificate and private key are sent to portable memory apparatus by terminal;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with session key, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: CA is with digital certificate and the encrypted private key of self private key to signing and issuing again, and by terminal encrypted digital certificate and private key sent to portable memory apparatus;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with the CA PKI, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
The present invention also provides a kind of updating digital certificate system, and this system comprises: portable memory apparatus, terminal and digital certificate authentication center CA, wherein,
Portable memory apparatus is used for sending update request by terminal to CA, and after receiving the digital certificate of signing and issuing again and private key that CA returns, replaces digital certificate and the private key that lost efficacy with digital certificate of receiving and private key;
CA, be used for after receiving the update request that portable memory apparatus sends, CA is with the signature of CA in self PKI deciphering portable memory apparatus digital certificate, recover the plaintext of portable memory apparatus sign, and judge that the portable memory apparatus that carries in the portable memory apparatus sign recover and the described update request identifies identical, for portable memory apparatus is signed and issued digital certificate and private key again, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again.
This shows, portable memory apparatus among the present invention can be initiated the updating digital certificate request with online mode to CA by terminal, after CA receives update request, again sign and issue digital certificate and private key for portable memory apparatus, afterwards, portable memory apparatus is replaced digital certificate and the private key that lost efficacy with digital certificate of signing and issuing again and private key, finishes whole renewal process.Method and system provided by the present invention can make the updating digital certificate process of portable memory apparatus be simplified, and the user need not regularly to the place of CA appointment the portable memory apparatus digital certificate to be upgraded, and has made things convenient for the user to a great extent.
Description of drawings
Fig. 1 is the updating digital certificate system schematic among the present invention.
Fig. 2 is the updating digital certificate process schematic diagram among the present invention.
Fig. 3 is the updating digital certificate process schematic diagram in the embodiment of the invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, the embodiment that develops simultaneously with reference to the accompanying drawings is described in further detail the present invention.
Referring to shown in Figure 1, updating digital certificate provided by the invention system mainly comprises: portable memory apparatus, terminal and CA.
Wherein, portable memory apparatus is used for sending update request by terminal to CA, and after receiving the digital certificate of signing and issuing again and private key that CA returns, replaces digital certificate and the private key that lost efficacy with digital certificate of receiving and private key;
CA is used for after receiving the update request that portable memory apparatus sends, and for portable memory apparatus is signed and issued digital certificate and private key again, and sends to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again.
Below in conjunction with system shown in Figure 1, digital certificate updating method provided by the invention is described in detail, referring to shown in Figure 2, this method mainly may further comprise the steps:
Step 201: portable memory apparatus sends update request by terminal to CA.
After step 202:CA receives the update request that portable memory apparatus sends,, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again for portable memory apparatus is signed and issued digital certificate and private key again.
Step 203: after portable memory apparatus is received the digital certificate of signing and issuing again and private key that CA returns, replace digital certificate and the private key that lost efficacy with digital certificate of receiving and private key.
In the updating digital certificate process, the safe transmission of information is most important between portable memory apparatus and the CA, will prevent that especially terminal or other assailant from implementing man-in-the-middle attack in renewal process.So-called man-in-the-middle attack be meant that the assailant intercepts session both sides' proper communication data in the dark and data are made amendment, and this modification is fully transparent to the session both sides.
A necessary condition implementing man-in-the-middle attack is exactly the communication data that the assailant must successfully be truncated to the session both sides, because portable memory apparatus must be transmitted data by terminal in the updating digital certificate process, so just created convenience, comprised following 2 points specifically for the disabled user implements man-in-the-middle attack by terminal:
One, when portable memory apparatus by terminal when CA sends update request, terminal cuts down the solicited message that portable memory apparatus sends, forge a solicited message simultaneously and issue CA, and allow CA believe that the solicited message of forgery sent by portable memory apparatus;
Two, after CA receives solicited message, the solicited message of receiving is handled, and to portable memory apparatus transmission request-reply, at this moment terminal intercepts the response message that CA sends again, simultaneously forge a response message again and send to portable memory apparatus, and allow portable memory apparatus believe that the response message of forgery is sended over by CA.Like this, terminal has just successfully been implemented one time man-in-the-middle attack between portable memory apparatus and CA.
In order to prevent that the disabled user from implementing man-in-the-middle attack by terminal, must accomplish: 1) portable memory apparatus forged of the terminal solicited message that mails to CA can't successfully be cheated CA; 2) CA that forges of the terminal response message that returns to portable memory apparatus can't successfully be cheated portable memory apparatus.
Here, can as the digital signature of CA, avoid terminal deception CA by adding the information that terminal can't be forged in the solicited message that sends to CA at portable memory apparatus; Perhaps, in sending to the solicited message of CA, portable memory apparatus adds session key, this session key is used to encrypt the response message that CA returns to portable memory apparatus, because terminal do not know session key, so terminal also just can't be forged response message and cheated portable memory apparatus.
Be example with this portable memory apparatus of mobile memory card (hereinafter to be referred as card) below, and in conjunction with system shown in Figure 1, to how preventing in the renewal process that man-in-the-middle attack is elaborated.
At first briefly introduce card and terminal, the card internal memory contain can unique identification card identity card sign, card digital certificate and CA digital certificate etc.; The terminal internal memory contain can the unique identification terminal identity terminal iidentification, terminal digital certificate and CA digital certificate etc.Wherein, the PKI that includes CA in the CA digital certificate.
Referring to shown in Figure 3, the updating digital certificate process in the present embodiment may further comprise the steps:
Step 301: when terminal when sticking into capable authentication, lost efficacy if find the card digital certificate, then to the card return authentication by information, afterwards, the card start-up updating digital certificate sends update request by terminal to CA.
Wherein, terminal can judge whether the card digital certificate is effective by the term of validity of checking the card digital certificate, if crossed the term of validity, then the instruction card digital certificate lost efficacy; If the card digital certificate still before the deadline, terminal also can further be carried out alternately with CA, checks whether this card has been canceled etc., thereby determines further whether this card digital certificate is effective.
Can carry following solicited message in the described update request: card sign, the card digital certificate, CA digital signature and the session key that lost efficacy, and for the purpose of the safe transmission of information, these solicited messages can be encrypted with the PKI of CA.
Wherein, the CA digital signature is meant with the CA private key and some information is encrypted and the data that obtain, such as, be CA to the signature of card sign or CA to the signature of card certificate serial number etc., CA can send to card with CA digital signature and card private key together when signing and issuing digital certificate for card, but, the CA digital signature can not be placed in the card digital certificate and send, and that is to say, the CA digital signature can not disclose.The CA digital signature is provided with for preventing terminal deception CA, is kept in the card, and terminal can't obtain, and, because terminal does not have the private key of CA, can't forge the CA digital signature, so terminal also just can't be forged card and cheated CA to the update request of CA transmission; Session key is for preventing that terminal deception card is provided with.
In the updating digital certificate process, CA digital signature and session key can use simultaneously, that is to say, carry CA digital signature and session key in update request simultaneously; Also can separately use; Certainly, if less demanding to man-in-the-middle attack can not use yet.Below at using CA digital signature and session key simultaneously and being described in detail with the situation of CA public key encryption solicited message.
After step 302:CA receives the update request that card sends, judge that whether card is the validated user in the CA territory, be that CA at first is decrypted receiving solicited message with the private key of oneself, recover solicited message expressly, then, signature with CA in the CA PKI deciphering card digital certificate, recover the plaintext of card release sign, and judge that the card sign that recovers is whether identical with the card sign of carrying in the update request that card sends, if identical, illustrate that then this card is the validated user in the CA territory, execution in step 303; If different, illustrate that then this card is not the validated user in the CA territory, the CA termination is communicated by letter the i.e. processing of process ends with this card.
For ease of mapping, the card that only drawn among Fig. 3 is the branch of validated user in the CA territory.
Step 303:CA judges this update request according to the CA digital signature of carrying in the update request, and whether card sends, if then execution in step 304; Otherwise CA stops session, the i.e. processing of process ends.
For ease of mapping, the update request of only having drawn among Fig. 3 be card send branch.
When described CA digital signature when being CA to the signature of card sign, CA deciphers the CA digital signature with the PKI of self, recover the plaintext of card release sign, and judge that the card sign recover is whether identical with the card sign of carrying in the update request that card sends, if it is identical, illustrate that then this update request card sends, because have only card just to have the signature of CA to the card sign, execution in step 304 then; If different, illustrate then that this update request is not blocked to send that CA stops session.
When described CA digital signature when being CA to the signature of card certificate serial number, CA deciphers the CA digital signature with the PKI of self, recover the plaintext of card release certificate serial number, and judge that the card certificate serial number recover is whether identical with sequence number in the card digital certificate that carries in the update request that card sends, if it is identical, illustrate that then this update request card sends, because have only card just to have the signature of CA to the card certificate serial number, execution in step 304 then; If different, illustrate then that this update request is not blocked to send that CA stops session.
If do not carry the CA digital signature in the update request, so, in step 302, judge this card and be the validated user in the CA territory after, directly execution in step 304 need not execution in step 303.
Step 304:CA signs and issues new digital certificate and private key again for card, and digital certificate and the private key signed and issued are again encrypted with the session key that sends of card, then, return the renewal response by terminal to card, the response message of carrying in this renewal response comprises encrypted digital certificate and private key.
Because terminal is not known the session key of CA and card, therefore, terminal can't be deciphered response message, also can't forge response message and cheat storage card.
Step 305: card is deciphered response message with session key after receiving the renewal response that CA returns, and recovers the new digital certificate and the private key of card, and with new digital certificate and private key replace block in original failed digital certificate and private key.
If do not carry session key in the update request, so, in step 304, CA can directly send to card with digital certificate and the private key of signing and issuing again; Perhaps, digital certificate and the private key signed and issued are again encrypted, then information encrypted is sent to card, after card is received, be decrypted, recover the digital certificate that CA signs and issues again and the plaintext of private key with the PKI of CA with the private key of CA.
So far, whole updating digital certificate process finishes.
As seen, the present invention can carry out updating digital certificate in online mode by terminal, the updating digital certificate process of portable memory apparatus is simplified, the user need not regularly to the place of CA appointment the portable memory apparatus digital certificate to be upgraded, and has made things convenient for the user to a great extent.
The above has carried out further detailed description to purpose of the present invention, technical scheme and beneficial effect; institute is understood that; the above is not in order to restriction the present invention; within the spirit and principles in the present invention all; any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1, a kind of digital certificate updating method is characterized in that, this method may further comprise the steps:
A, portable memory apparatus send update request by terminal to the digital certificate authentication center CA, comprise solicited message in the described update request: portable memory apparatus sign and the digital certificate that lost efficacy;
After B, CA receive the update request that portable memory apparatus sends, CA is with the signature of CA in self PKI deciphering portable memory apparatus digital certificate, recover the plaintext of portable memory apparatus sign, and judge whether identical the portable memory apparatus that carries in the portable memory apparatus sign recover and the described update request identifies, if identical then sign and issue digital certificate and private key again, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again for portable memory apparatus; Otherwise, the processing of process ends;
After C, portable memory apparatus are received the digital certificate of signing and issuing again and private key that CA returns, replace digital certificate and the private key that lost efficacy with digital certificate of receiving and private key.
2, method according to claim 1 is characterized in that, described request information CA public key encryption;
Further comprise before the signature of described CA with CA in self PKI deciphering portable memory apparatus digital certificate:
B0, CA are decrypted the solicited message of receiving with self private key, recover solicited message expressly.
3, method according to claim 2 is characterized in that, further comprises solicited message in the described update request: the CA digital signature;
Described the signing and issuing again of step B further comprises before:
B2, CA judge according to the CA digital signature of carrying in the update request whether this update request is that portable memory apparatus sends, if then sign and issue digital certificate and private key again for portable memory apparatus; Otherwise, the processing of process ends.
4, method according to claim 3 is characterized in that, when described CA digital signature is CA to the signature of portable memory apparatus sign,
The described judgement of step B2 comprises: CA is with self PKI deciphering CA digital signature, recover the plaintext of portable memory apparatus sign, and judge that the portable memory apparatus sign recover is whether identical with the portable memory apparatus sign of carrying in the described update request, if identical, determine that then this update request is that portable memory apparatus sends; If different, determine that then this update request is not that portable memory apparatus sends;
When described CA digital signature is CA to the signature of portable memory apparatus certificate serial number,
The described judgement of step B2 comprises: CA is with self PKI deciphering CA digital signature, recover the plaintext of portable memory apparatus certificate serial number, and judge that the portable memory apparatus certificate serial number recover is whether identical with sequence number in the portable memory apparatus digital certificate that carries in the described update request, if identical, determine that then this update request is that portable memory apparatus sends; If different, determine that then this update request is not that portable memory apparatus sends.
5, according to claim 1,2 or 4 described methods, it is characterized in that, further comprise solicited message in the described update request: session key;
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: digital certificate and the encrypted private key of session key that CA sends with portable memory apparatus to signing and issuing again, and encrypted digital certificate and private key are sent to portable memory apparatus by terminal;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with session key, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
6, method according to claim 3 is characterized in that, further comprises solicited message in the described update request: session key;
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: digital certificate and the encrypted private key of session key that CA sends with portable memory apparatus to signing and issuing again, and encrypted digital certificate and private key are sent to portable memory apparatus by terminal;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with session key, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
7, according to claim 1,2 or 4 described methods, it is characterized in that,
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: CA is with digital certificate and the encrypted private key of self private key to signing and issuing again, and by terminal encrypted digital certificate and private key sent to portable memory apparatus;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with the CA PKI, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
8, method according to claim 3 is characterized in that,
The described digital certificate that will sign and issue again by terminal of step B and private key send to portable memory apparatus and comprise: CA is with digital certificate and the encrypted private key of self private key to signing and issuing again, and by terminal encrypted digital certificate and private key sent to portable memory apparatus;
Step C is described to be replaced it to take a step forward and comprise: portable memory apparatus is decrypted encrypted digital certificate and private key with the CA PKI, recovers the digital certificate that CA signs and issues again and the plaintext of private key.
9, a kind of updating digital certificate system is characterized in that this system comprises: portable memory apparatus, terminal and digital certificate authentication center CA, wherein,
Portable memory apparatus, be used for sending update request to CA by terminal, comprise solicited message in the described update request: portable memory apparatus sign and the digital certificate that lost efficacy, and after receiving the digital certificate of signing and issuing again and private key that CA returns, replace digital certificate and the private key that lost efficacy with digital certificate of receiving and private key;
CA, be used for after receiving the update request that portable memory apparatus sends, CA is with the signature of CA in self PKI deciphering portable memory apparatus digital certificate, recover the plaintext of portable memory apparatus sign, and judge that the portable memory apparatus that carries in the portable memory apparatus sign recover and the described update request identifies identical, for portable memory apparatus is signed and issued digital certificate and private key again, and send to portable memory apparatus by digital certificate and the private key that terminal will be signed and issued again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101123517A CN100563151C (en) | 2006-08-31 | 2006-08-31 | A kind of digital certificate updating method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101123517A CN100563151C (en) | 2006-08-31 | 2006-08-31 | A kind of digital certificate updating method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101136743A CN101136743A (en) | 2008-03-05 |
| CN100563151C true CN100563151C (en) | 2009-11-25 |
Family
ID=39160601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101123517A Expired - Fee Related CN100563151C (en) | 2006-08-31 | 2006-08-31 | A kind of digital certificate updating method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100563151C (en) |
Families Citing this family (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101404575B (en) * | 2008-11-06 | 2011-09-28 | 阿里巴巴集团控股有限公司 | Method and system for updating indorsement algorithm |
| CN101777978B (en) * | 2008-11-24 | 2012-05-30 | 华为终端有限公司 | Method and system based on wireless terminal for applying digital certificate and wireless terminal |
| CN101521883B (en) * | 2009-03-23 | 2011-01-19 | 中兴通讯股份有限公司 | Method and system for renewing and using digital certificate |
| CN101645889B (en) * | 2009-06-26 | 2012-09-05 | 飞天诚信科技股份有限公司 | Method for issuing digital certificate |
| CN101765105B (en) * | 2009-12-17 | 2013-04-24 | 北京握奇数据系统有限公司 | Method for realizing communication encryption as well as system and mobile terminal therefor |
| CN101741848B (en) * | 2009-12-22 | 2012-10-24 | 北京九恒星科技股份有限公司 | Method and system for binding digital certificate of system users and digital certificate authentication center |
| CN102118374A (en) * | 2009-12-30 | 2011-07-06 | 鸿富锦精密工业(深圳)有限公司 | System and method for automatically updating digital certificates |
| TWI479874B (en) * | 2010-08-25 | 2015-04-01 | Hon Hai Prec Ind Co Ltd | Communication terminal device and method for updating certification of the device |
| CN103117987B (en) * | 2011-11-17 | 2016-08-03 | 航天信息股份有限公司 | digital certificate updating method |
| CN102523095B (en) * | 2012-01-12 | 2015-04-15 | 公安部第三研究所 | User digital certificate remote update method with intelligent card protection function |
| US8856514B2 (en) * | 2012-03-12 | 2014-10-07 | International Business Machines Corporation | Renewal processing of digital certificates in an asynchronous messaging environment |
| CN102693478A (en) * | 2012-05-02 | 2012-09-26 | 四川建设网有限责任公司 | Trading method of bid security during bidding procedure and system thereof |
| CN102663640A (en) * | 2012-05-02 | 2012-09-12 | 四川建设网有限责任公司 | Remote bidding method and system |
| WO2014071569A1 (en) * | 2012-11-07 | 2014-05-15 | 华为技术有限公司 | Method, apparatus, ue and ca for updating ca public key |
| CN103036682A (en) * | 2012-12-19 | 2013-04-10 | 国网信息通信有限公司 | Digital certificate system supporting SM2 algorithm |
| CN103067173B (en) * | 2012-12-26 | 2015-02-25 | 武汉天喻信息产业股份有限公司 | Method and system used for dynamic key network issue and interface control and based on script |
| CN104683107B (en) * | 2015-02-28 | 2019-01-22 | 深圳市思迪信息技术股份有限公司 | Digital certificate keeping method and device, digital signature method and device |
| CN104766396A (en) * | 2015-03-23 | 2015-07-08 | 王涛 | A sound wave lock having a temporary user mode and a using method thereof |
| CN104836671B (en) * | 2015-05-15 | 2018-05-22 | 安一恒通(北京)科技有限公司 | The inspection method and check device of the addition of digital certificate |
| CN107026738B (en) * | 2016-02-01 | 2020-05-19 | 阿里巴巴集团控股有限公司 | Digital certificate updating method, digital signature verification method and digital authentication device |
| CN106850226B (en) * | 2016-04-18 | 2019-11-05 | 中国科学院信息工程研究所 | It is a kind of for encrypting the certificate update method of instant messaging |
| CN107529167A (en) * | 2016-06-21 | 2017-12-29 | 普天信息技术有限公司 | A kind of authentication method |
| CN110050437B (en) * | 2016-09-06 | 2020-10-23 | 华为技术有限公司 | Apparatus and method for distributed certificate registration |
| CN106921499B (en) * | 2016-11-01 | 2020-02-14 | 阿里巴巴集团控股有限公司 | Method and apparatus for managing digital certificates using state machines |
| DE102017214359A1 (en) * | 2017-08-17 | 2019-02-21 | Siemens Aktiengesellschaft | A method for safely replacing a first manufacturer's certificate already placed in a device |
| CN108683506B (en) * | 2018-05-02 | 2021-01-01 | 浪潮集团有限公司 | Digital certificate application method, system, fog node and certificate authority |
| CN110247884B (en) * | 2018-11-21 | 2023-05-19 | 浙江大华技术股份有限公司 | Method, device and system for updating certificate and computer readable storage medium |
| CN110008682B (en) * | 2019-03-31 | 2020-12-29 | 西安邮电大学 | Method for updating data in different types of storage media based on PKI |
| CN112312395B (en) * | 2019-07-17 | 2023-03-31 | 中国电信股份有限公司 | WAPI certificate centralized distribution method and system |
| CN111641615A (en) * | 2020-05-20 | 2020-09-08 | 深圳市今天国际物流技术股份有限公司 | Distributed identity authentication method and system based on certificate |
| CN113239410B (en) * | 2021-07-12 | 2021-12-03 | 中关村芯海择优科技有限公司 | Terminal certificate updating method, terminal and computer readable storage medium |
| CN114449521B (en) * | 2021-12-29 | 2024-01-02 | 华为技术有限公司 | Communication method and communication device |
-
2006
- 2006-08-31 CN CNB2006101123517A patent/CN100563151C/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 智能卡在PKI中的应用. 罗旭斌.中国优秀硕士学位论文全文数据库. 2002 |
| 智能卡在PKI中的应用. 罗旭斌.中国优秀硕士学位论文全文数据库. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101136743A (en) | 2008-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100563151C (en) | A kind of digital certificate updating method and system | |
| CN101136748B (en) | Identification authentication method and system | |
| US7366905B2 (en) | Method and system for user generated keys and certificates | |
| EP1455503B1 (en) | Data certification method and apparatus | |
| CN101090316B (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
| CN108924147B (en) | Communication terminal digital certificate issuing method, server and communication terminal | |
| CN101212293B (en) | Identity authentication method and system | |
| EP2095288B1 (en) | Method for the secure storing of program state data in an electronic device | |
| EP1643403A1 (en) | Encryption system using device authentication keys | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| CN101464932B (en) | Cooperation method and system for hardware security units, and its application apparatus | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CA2355928C (en) | Method and system for implementing a digital signature | |
| CN101610150A (en) | Third party's digital signature method and data transmission system | |
| CN112187466B (en) | Identity management method, device, equipment and storage medium | |
| CN101895847A (en) | Short message service authenticated encryption system and method based on digital certificate | |
| JP2002237812A (en) | Method of communicating secret data | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| CN112396421A (en) | Identity authentication system and method based on block chaining-through card | |
| CN110634072A (en) | Block chain transaction system based on multiple tags and hardware encryption and operation mechanism thereof | |
| CN100499453C (en) | Method of the authentication at client end | |
| CN112822021B (en) | Key management method and related device | |
| CN106027254A (en) | Secret key use method for identity card reading terminal in identity card authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA POTEVIO CO., LTD. Free format text: FORMER OWNER: PUTIAN IT TECH INST CO., LTD. Effective date: 20130927 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C56 | Change in the name or address of the patentee |
Owner name: PUTIAN IT TECH INST CO., LTD. Free format text: FORMER NAME: PUTIAN INST. OF INFORMATION TECHNOLOGY |
|
| CP03 | Change of name, title or address |
Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No. Patentee after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd. Address before: 100085, No. two, 2 street, base of information industry, Beijing Patentee before: POTEVIO Institute of Information Technology |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130927 Address after: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District Patentee after: CHINA POTEVIO CO.,LTD. Address before: 100080 Beijing, Haidian, North Street, No. two, No. 6, No. Patentee before: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: PUTIAN IT TECH INST CO., LTD. Free format text: FORMER OWNER: CHINA POTEVIO CO., LTD. Effective date: 20131211 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20131211 Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No. Patentee after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd. Address before: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District Patentee before: CHINA POTEVIO CO.,LTD. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091125 Termination date: 20210831 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |