CN106789897A - For the digital certificate authentication method and system of application program for mobile terminal - Google Patents
For the digital certificate authentication method and system of application program for mobile terminal Download PDFInfo
- Publication number
- CN106789897A CN106789897A CN201611033380.4A CN201611033380A CN106789897A CN 106789897 A CN106789897 A CN 106789897A CN 201611033380 A CN201611033380 A CN 201611033380A CN 106789897 A CN106789897 A CN 106789897A
- Authority
- CN
- China
- Prior art keywords
- certificate
- mobile terminal
- application program
- status information
- proxy server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000012790 confirmation Methods 0.000 claims description 9
- 238000010295 mobile communication Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 241000282485 Vulpes vulpes Species 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 235000008954 quail grass Nutrition 0.000 description 2
- 241000251730 Chondrichthyes Species 0.000 description 1
- VYZAMTAEIAYCRO-UHFFFAOYSA-N Chromium Chemical compound [Cr] VYZAMTAEIAYCRO-UHFFFAOYSA-N 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention discloses a kind of digital certificate authentication method and system for application program for mobile terminal, comprises the following steps:Mobile terminal application program sends connection request to service end, obtain the current certificates of the service end, parse the certificate, obtain the attribute information of the certificate, send the attribute information of the certificate to checking proxy server, the checking proxy server receives the attribute information of the certificate, compare with the multiple certificates stored in the checking proxy server, judge whether the attribute information identical certificate with the certificate, if, then return to the status information of the certificate to application program for mobile terminal, if not, the status information of the certificate is then obtained by certification authority and application program for mobile terminal is returned to.The present invention is easy to verify quick for ensureing the security that application program for mobile terminal is used, efficiency high, and saves mobile communication flow, saves the power consumption of mobile terminal.
Description
Technical field
The present invention relates to computer network communication technology field, more particularly to a kind of number for application program for mobile terminal
Word certification authentication method and system.
Background technology
Application program for mobile terminal (such as browser) does not verify the card of the service end generally at access service end website
Whether book is revoked, it is therefore an objective to not only time-consuming and power-consuming in view of examination certificate revocation, influences user's viewing experience, and need
The consumption many traffic fee of user, under being especially non-WiFi patterns.If be revoked with the certificate that this causes service end, pass through
Still normally show that safety lock is identified when mobile terminal conducts interviews, this is great security threat, Ke Nengzao for user
Into leakage individual privacy information or account password, and by shark up money etc..
The content of the invention
The main object of the present invention is to provide a kind of digital certificate authentication method for application program for mobile terminal, it is intended to
Ensure the security that mobile terminal is used, it is easy to verify quick, save the power consumption of mobile flow and mobile terminal, verification efficiency
It is high.
To achieve the above object, the present invention proposes a kind of digital certificate authentication method for application program for mobile terminal,
Comprise the following steps:
Connection request is sent to service end, the current certificates of the service end are obtained;
The certificate is parsed, the attribute information of the certificate is obtained;
Send the attribute information of the certificate to checking proxy server;
The checking proxy server receives the attribute information of the certificate, with storage in the checking proxy server
Multiple certificates are compared, and the attribute information identical certificate with the certificate are judged whether, if so, then returning to the certificate
Status information to application program for mobile terminal;If it is not, the status information for then obtaining the certificate by certification authority is simultaneously
Return to application program for mobile terminal.
Preferably, the checking proxy server by certification authority obtain the status information bag of the certificate
Include following steps:
The checking proxy server receives the current certificates of the service end and signs originator certificate;
Current certificates are sent by the checking proxy server and originator certificate to certification authority is signed;
The checking proxy server obtains the status information of the certificate from the certification authority;
Parse the status information of the certificate;
Store the certificate and the status information of the certificate;
The checking proxy server is signed to the status information of the certificate, is sent to the mobile terminal of connection request
Application program.
Preferably, the status information for returning to the identical certificate information is comprised the following steps:
The application program for mobile terminal receives the status information of the certificate of signature;
The signature is verified, the status information of the certificate is obtained.
Preferably, the status information for returning to the identical certificate information is further comprising the steps of:
The status information of certificate of the application program for mobile terminal to returning carries out determining whether to revoke status information
Or effective status information, if revoking status information, dangerous tip is carried out to the service end, if effective status information, then
Application program for mobile terminal Connection Service end obtains application.
Preferably, the checking proxy server is cloud server, and the attribute information of the certificate includes certificate sequence
Number, issuer title hash and issuer cipher key Hash.
The present invention also proposes a kind of digital certificate confirmation system for application program for mobile terminal, including mobile terminal and
Checking proxy server,
The application program for mobile terminal includes:
Acquisition module, connection request is sent to service end, obtains the current certificates of the service end;
Parsing module, for parsing the certificate, obtains the attribute information of the certificate;
Sending module, for sending the attribute information of the certificate to checking proxy server;
The checking proxy server includes:
Judging unit is more for what is stored in the attribute information by the certificate is received, with the checking proxy server
Individual certificate is compared, and the attribute information identical certificate with the certificate is judged whether, if so, then returning to the certificate
Status information is to application program for mobile terminal;If it is not, then obtaining the status information of the certificate by inquiring about certification authority.
Preferably, the checking proxy server also includes:
Receiving unit, for receiving the current certificates of the service end and signing originator certificate;
Transmitting element, for sending current certificates by the checking proxy server and signing originator certificate to certificate authority
Mechanism;
Acquiring unit, the status information for obtaining the certificate from the certification authority;
Resolution unit, the status information for parsing the certificate;
Memory cell, the status information for storing the certificate and the certificate;
Signature unit, signs for the status information to the certificate, sends to the mobile terminal application of connection request
Program.
Preferably, the application program for mobile terminal also includes:
Receiver module, receives the status information of the certificate of signature;
Authentication module, verifies the signature, obtains the status information of the certificate.
Preferably, the application program for mobile terminal also includes:Judge module, for the application program for mobile terminal pair
The status information of the certificate of return carries out determining whether to revoke status information or effective status information, if revoking state letter
Breath, dangerous tip is carried out to connecting the service end, if effective status information, then application program for mobile terminal Connection Service end
Obtain application.
Preferably, the checking proxy server is cloud server, and the attribute information of the certificate includes certificate sequence
Number, issuer title hash and issuer cipher key Hash.
When technical solution of the present invention to service end by sending connection request, the attribute information of the certificate of the service end is arrived
Checking proxy server, checking proxy server receives the attribute information of certificate, the multiple with storage in checking proxy server
Certificate is compared, and judges whether the attribute information identical certificate with certificate, if so, then returning to the state letter of the certificate
Breath makes easy to verify quick to mobile terminal, saves mobile flow and the amount of saving energy, efficiency high, if it is not, being issued by certificate again
The state of simple byte is returned after the status information of hair mechanism acquisition certificate to application program for mobile terminal, ensures mobile whole with this
Hold the safety of application program.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Structure according to these accompanying drawings obtains other accompanying drawings.
Fig. 1 is that the present invention shows for the operation principle of the embodiment of digital certificate authentication method one of application program for mobile terminal
It is intended to;
Fig. 2 be Fig. 1 in by certification authority acquisition certificate the embodiment of status information one operation principle schematic diagram;
Fig. 3 is another embodiment operation principle schematic diagram of status information in Fig. 1 by certification authority acquisition certificate;
Fig. 4 is the mobile terminal function module diagram of the digital certificate confirmation system for application program for mobile terminal;
Fig. 5 is the functional module of the checking proxy server of the digital certificate confirmation system for application program for mobile terminal
Schematic diagram.
Drawing reference numeral explanation:
| Label | Title | Label | Title |
| 10 | Application program for mobile terminal | 21 | Judging unit |
| 11 | Acquisition module | 22 | Receiving unit |
| 12 | Parsing module | 23 | Transmitting element |
| 13 | Sending module | 24 | Acquiring unit |
| 14 | Receiver module | 25 | Resolution unit |
| 15 | Authentication module | 26 | Memory cell |
| 16 | Judge module | 27 | Signature unit |
| 20 | Checking proxy server |
The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Base
Embodiment in the present invention, those of ordinary skill in the art obtained under the premise of creative work is not made it is all its
His embodiment, belongs to the scope of protection of the invention.
It is to be appreciated that the directional instruction (such as up, down, left, right, before and after ...) of institute is only used in the embodiment of the present invention
In relative position relation, motion conditions under a certain particular pose (as shown in drawings) between each part etc. are explained, if should
When particular pose changes, then directionality indicates also correspondingly to change therewith.
In the present invention, unless otherwise clearly defined and limited, term " connection ", " fixation " etc. should be interpreted broadly,
For example, " fixation " can be fixedly connected, or be detachably connected, or integrally;Can be mechanically connect, or
Electrical connection;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two connections or two of element internal
The interaction relationship of individual element, unless otherwise clearly restriction.For the ordinary skill in the art, can basis
Concrete condition understands above-mentioned term concrete meaning in the present invention.
In addition, in the present invention such as relating to the description of " first ", " second " etc. be only used for describe purpose, and it is not intended that
Indicate or imply its relative importance or the implicit quantity for indicating indicated technical characteristic.Thus, define " first ",
At least one this feature can be expressed or be implicitly included to the feature of " second ".In addition, the technical side between each embodiment
Case can be combined with each other, but must can be implemented as basis with those of ordinary skill in the art, when the combination of technical scheme
It will be understood that the combination of this technical scheme does not exist when appearance is conflicting or cannot realize, also not in the guarantor of application claims
Within the scope of shield.
The present invention proposes a kind of digital certificate authentication method and system for application program for mobile terminal.
Reference picture 1, in an embodiment of the present invention, this is used for the digital certificate authentication method bag of application program for mobile terminal
Include following steps:
S11:Connection request is sent to service end, the current certificates of the service end are obtained;
S12:Parsing certificate, obtains the attribute information of certificate;
S13:Send certificate attribute information to verify proxy server;
S21:Checking proxy server receives the attribute information of certificate, the multiple certificates with storage in checking proxy server
Compare, judge whether the attribute information identical certificate with certificate, S211:If so, then returning to the state of the certificate
Information is to mobile terminal;S212:If it is not, then obtaining the status information of certificate by certification authority (CA).
The digital certificate authentication method for application program for mobile terminal of the present embodiment, first, mobile terminal application journey
Sequence sends connection request, such as browser on various mobile terminals to service end:Apple Safari browsers, Google Chrome are clear
Looking at device, red fox browser, Tengxun's browser, 360 browsers or UC browsers etc. be input into domain name or address etc. of service end,
One embodiment is by accessing website with https on a web browser;May also be the e-mail on mobile terminal
What program needed to verify mail signature and encrypted certificate revokes state;Or mobile terminal operating system needs checking to be installed
Application program digital signature it is whether effective etc..Then, certificate can be parsed by application program for mobile terminal, only
To the attribute information of certificate, now only checking proxy server need to be submitted to by the attribute information of the certificate of simple byte, it is excellent
Selection of land, checking proxy server is cloud server, different regions and many people faster can be easily passed through cloud server
Carry out checking certificate.Be stored with multiple certificates and the status information of the certificate in checking proxy server, and certificate includes certificate
Attribute information, it is preferable that the attribute information of certificate include certificate serial number, issuer title hash and issuer key dissipate
Row.Can successively be classified by the attribute information of certificate, such as be classified by the sequence number of certificate, make to submit to checking agency
The certificate of server or the attribute information of certificate can quickly be stored or compared, and be found with fast and easy and certificate by comparing
Attribute information identical certificate, if it is present be returned only to the status information of the certificate, by a small amount of byte, inquiry is quick,
Save flow and power consumption, high efficiency.If it does not, returning to letter after certification authority obtains the status information of certificate
The state of single byte is to application program for mobile terminal, it is ensured that the security that mobile terminal is used.
Further, the status information of the certificate of the checking automatically updated storage of proxy server, and it is continuously increased new label
The certificate of hair, when after the status information for obtaining certificate by certification authority, checking proxy server automatically saves the certificate
State, checking proxy server also can record the first certificate for carrying out certification authentication, and agents query still can be with simple byte
Return to the result and save wireless flow and power consumption, when the mobile terminal or other mobile terminals are again by Information Mobile Service
When device carries out certification authentication, first with record authenticated certificate and compare, the status information of the direct feedback certificate is carried with this
High efficiency, makes inquiry more rapidly, and when verifying that proxy server carries out the data renewal of certificate, also can only refresh has updated
The certificate of record, makes all certificates of record not update record one by one, further improves search efficiency.
When technical solution of the present invention to service end by sending connection request, the attribute information of the certificate of the service end is arrived
Checking proxy server, checking proxy server receives the attribute information of certificate, the multiple with storage in checking proxy server
Certificate is compared, and judges whether the attribute information identical certificate with certificate, if so, then returning to the state letter of the certificate
Breath makes easy to verify quick, saving flow and electricity, efficiency high, if it is not, being obtained by certification authority again to mobile terminal
The state of simple byte is returned after the status information of certificate to application program for mobile terminal, the peace that mobile terminal is used is ensured with this
Quan Xing.
Reference picture 2, it is preferable that checking proxy server by certification authority obtain the status information bag of certificate
Include following steps:
S22:Checking proxy server receives the current certificates of service end and signs originator certificate;
S23:By verifying the online certificate status protocol of proxy server, send current certificates and sign originator certificate to card
Book issuing organization;
S24:Checking proxy server obtains the status information of the certificate from certification authority;
S25:Parse the status information of the certificate;
S26:Store the certificate and the status information of the certificate;
S27:Checking proxy server is signed to the status information of the certificate, is sent to the mobile terminal of connection request
Application program.
The digital certificate authentication method for application program for mobile terminal of the present embodiment, when checking proxy server passes through
When certification authority obtain the status information of certificate, checking proxy server parse the status information of the certificate,
And be stored in sequence checking proxy server database in, also recorded, make mobile terminal next time access when can be straight
Connect fast verification certificate by inquiry record.By verifying that proxy server is signed to the status information of the certificate, also may be used
The application program for mobile terminal sent to connection request such as it is digitally signed to the status information of the certificate, prevents from illegally being usurped
Change, the security of the result.
Reference picture 3, further, the digital certificate authentication method for application program for mobile terminal also includes following step
Suddenly:
S14:Application program for mobile terminal receives the status information of the certificate of signature;
S15:Checking signature, obtains the status information of the certificate.
The digital certificate authentication method for application program for mobile terminal of the present embodiment, by corresponding to mobile terminal
Checking information is verified whether to be effective information, and the status information of the certificate is obtained with this optional refusal or checking.
Reference picture 1, it is preferable that the digital certificate authentication method for application program for mobile terminal is further comprising the steps of:
S16:The status information of certificate of the application program for mobile terminal to returning carries out determining whether to revoke status information
Or effective status information, if revoking status information, S161:Dangerous tip is carried out to Connection Service end;If effective status is believed
Breath, S162:Safety instruction is carried out to Connection Service end, or directly by the connection request of application program for mobile terminal, it is mobile whole
End application program Connection Service end obtains application.
The digital certificate authentication method for application program for mobile terminal of the present embodiment, by the soft of mobile terminal loading
The status information that part or related plug-in unit carry out the certificate to returning carries out determining whether to revoke status information or effective status letter
Breath, makes corresponding display alarm, enables application program for mobile terminal to be more convenient directly to show the certificate status of service end.
Reference picture 1 and Fig. 2, the present invention also propose a kind of digital certificate confirmation system for application program for mobile terminal,
Including application program for mobile terminal 10 and checking proxy server 20,
Application program for mobile terminal 10 includes:
Acquisition module 11, connection request is sent to service end, obtains the current certificates of the service end;
Parsing module 12, for parsing certificate, obtains the attribute information of certificate;
Sending module 13, for sending the attribute information of certificate to checking proxy server 20;
Checking proxy server 20 includes:
Judging unit 21, for the multiple cards stored in the attribute information by certificate is received, with checking proxy server 20
Book is compared, and the attribute information identical certificate with certificate is judged whether, if so, then returning to the status information of the certificate
To application program for mobile terminal 10;If it is not, then obtaining the status information of certificate by certification authority.
Above-mentioned application program for mobile terminal 10 sends connection request, such as browser on mobile terminal, apple to service end
Fruit Safari browsers, Google's browser, red fox browser, Tengxun's browser, 360 browsers or UC browsers etc. are input into
The domain name of service end or address etc., an embodiment are by accessing website with https on a web browser, being obtained by acquisition module 11
The certificate of the website is taken, by parsing module 12 parse the attribute information of the certificate of the website;May also be mobile terminal should
Needed to verify that email encryption certificate revokes state with the client application of the Email being equipped with program 10, then sent
Mail side is service end, and acquisition module 11 obtains current certificates and relevant information of transmission mail side etc.;Or mobile terminal
Whether the operating system of application program 10 needs the digital signature of checking application program to be installed effective etc., then provide application program
Exploitation software side be service end, acquisition module 11 carry out obtain the application development software side current certificates.Then, may be used
Certificate is parsed by the built-in parsing module 12 of application program for mobile terminal 10, only obtains the attribute information of certificate, this
When by sending module 13 by the attribute information of the certificate of simple byte submit to checking proxy server 20, it is preferable that checking
Proxy server 20 is cloud server, different regions and many people faster easily can be verified by cloud server
Certificate.Be stored with multiple certificates and the status information of the certificate in checking proxy server 20, and certificate includes the attribute of certificate
Information, it is preferable that the attribute information of certificate includes certificate serial number, issuer title hash and issuer cipher key Hash.Can lead to
The attribute information for crossing certificate is classified successively, is such as classified by the sequence number of certificate, makes to submit to by judging unit 16
Verify that the certificate of proxy server or the attribute information of certificate can quickly be stored or compared, looked for fast and easy by comparing
To the attribute information identical certificate with certificate, if it is present the status information of the certificate is returned only to, by a small amount of byte,
Inquiry is quick, saves flow, high efficiency.If it does not, simple after certification authority obtains the status information of certificate
Byte returns to certificate status and gives mobile terminal application program, it is ensured that the safety that application program for mobile terminal 10 is used.
Further, the status information of the certificate of the checking automatically updated storage of proxy server 20, and increase new note
The certificate of volume, when after the status information for obtaining certificate by certification authority, checking proxy server 20 automatically saves the card
Book, checking proxy server 20 also can record the first certificate for carrying out certification authentication, when the application program for mobile terminal 10 or its
When his mobile terminal carries out certification authentication again by checking proxy server 20, first with record authenticated certificate and compared
Right, the status information of the direct feedback certificate improves efficiency with this, makes inquiry more rapidly, when checking proxy server 20 is carried out
When the data of certificate update, also can only refresh the certificate of the record for having updated, all certificates of record is not updated note one by one
Record, further improves search efficiency.
Reference picture 2, it is preferable that checking proxy server 20 also includes:
Receiving unit 22, for receiving the current certificates of service end and signing originator certificate;
Transmitting element 23, for the online certificate status protocol by verifying proxy server 20, send current certificates and
Sign originator certificate to certification authority;
Acquiring unit 24, the status information for obtaining the certificate from certification authority;
Resolution unit 25, the status information for parsing the certificate;
Memory cell 26, for the status information for storing the certificate and be somebody's turn to do;
Signature unit 27, signs for the status information to the certificate, sends to the mobile terminal of connection request and answers
Use program.
When checking proxy server 20 from certification authority obtain the status information of certificate by acquiring unit 24
When, checking proxy server 20 by resolution unit 25 parse the status information of the certificate, and is pressed by memory cell 26
According to sequential storage in the database of checking proxy server 20, also recorded, application program for mobile terminal 10 is visited next time
Fast verification certificate by record can be directly inquired about when asking.Signed by the status information of 27 pairs of certificates of signature unit,
Also signature can be carried out to the status information of the certificate to send to the application program for mobile terminal 10 of connection request, prevent from illegally being usurped
Change, it is ensured that the security of transmission information.
With further reference to Fig. 1, it is preferable that application program for mobile terminal 10 also includes:
Receiver module 14, receives the status information of the certificate of signature;
Authentication module 15, checking signature, obtains the status information of the certificate.
The present embodiment receives the checking information corresponding to application program for mobile terminal 10 by receiver module 14, and by testing
Card module 15 is verified whether to be effective information, and mobile terminal can decide whether to trust this certificate with this.
Preferably, application program for mobile terminal 10 also includes:Judge module 16, for application program for mobile terminal, 10 pairs are returned
The status information of the certificate for returning carries out determining whether to revoke status information or effective status information, if revoking status information,
Dangerous tip is carried out to Connection Service end, if effective status information, then directly by the connection of application program for mobile terminal 10
Request, the Connection Service end of application program for mobile terminal 10 obtains application.
Can be the soft of the loading of application program for mobile terminal 10 above by the judge module 16 of application program for mobile terminal 10
Part or related plug-in unit are carried out, and the status information of the certificate to returning carries out determining whether to revoke status information or effective status letter
Breath, and corresponding display alarm is made, enable the certificate shape of the more convenient directly display service end of application program for mobile terminal 10
State.
The preferred embodiments of the present invention are the foregoing is only, the scope of the claims of the invention is not thereby limited, it is every at this
Under the inventive concept of invention, the equivalent structure transformation made using description of the invention and accompanying drawing content, or directly/use indirectly
It is included in scope of patent protection of the invention in other related technical fields.
Claims (10)
1. a kind of digital certificate authentication method for application program for mobile terminal, it is characterised in that this is used for mobile terminal should
Comprised the following steps with the digital certificate authentication method of program:
Connection request is sent to service end, the current certificates of the service end are obtained;
The certificate is parsed, the attribute information of the certificate is obtained;
Send the attribute information of the certificate to checking proxy server;
The checking proxy server receives the attribute information of the certificate, the multiple with storage in the checking proxy server
Certificate is compared, and the attribute information identical certificate with the certificate is judged whether, if so, then returning to the shape of the certificate
State information is to application program for mobile terminal;If it is not, then obtaining the status information of the certificate by certification authority and returning
To application program for mobile terminal.
2. the digital certificate authentication method of application program for mobile terminal is used for as claimed in claim 1, it is characterised in that described
Checking proxy server is comprised the following steps by the status information that certification authority obtain the certificate:
The checking proxy server receives the current certificates of the service end and signs originator certificate;
Current certificates are sent by the checking proxy server and originator certificate to certification authority is signed;
The checking proxy server obtains the status information of the certificate from the certification authority;
Parse the status information of the certificate;
Store the certificate and the status information of the certificate;
The checking proxy server is signed to the status information of the certificate, is sent to the mobile terminal application of connection request
Program.
3. the digital certificate authentication method of application program for mobile terminal is used for as claimed in claim 2, it is characterised in that the use
It is further comprising the steps of in the digital certificate authentication method of application program for mobile terminal:
The application program for mobile terminal receives the status information of the certificate of signature;
The signature is verified, the status information of the certificate is obtained.
4. the digital certificate authentication method of application program for mobile terminal is used for as claimed in claim 1, it is characterised in that the use
It is further comprising the steps of in the digital certificate authentication method of application program for mobile terminal:
The status information of certificate of the application program for mobile terminal to returning is carried out determining whether to revoke status information or had
Effect status information, if revoking status information, dangerous tip is carried out to the service end, if effective status information, then move
End application Connection Service end obtains application.
5. the digital certificate authentication method for application program for mobile terminal as described in claim 1-4 is any, its feature exists
In the checking proxy server is cloud server, and the attribute information of the certificate includes certificate serial number, issuer title
Hash and issuer cipher key Hash.
6. a kind of digital certificate confirmation system for application program for mobile terminal, it is characterised in that including mobile terminal application
Program and checking proxy server,
The application program for mobile terminal includes:
Acquisition module, connection request is sent to service end, obtains the current certificates of the service end;
Parsing module, for parsing the certificate, obtains the attribute information of the certificate;
Sending module, for sending the attribute information of the certificate to checking proxy server;
The checking proxy server includes:
Judging unit, for the multiple cards stored in the attribute information by the certificate is received, with the checking proxy server
Book is compared, and the attribute information identical certificate with the certificate is judged whether, if so, then returning to the state of the certificate
Information is to mobile terminal;If it is not, then obtaining the status information of the certificate by certification authority.
7. the digital certificate confirmation system of application program for mobile terminal is used for as claimed in claim 6, it is characterised in that described
Checking proxy server also includes:
Receiving unit, for receiving the current certificates of the service end and signing originator certificate;
Transmitting element, for sending current certificates by the checking proxy server and signing originator certificate to certificate authority machine
Structure;
Acquiring unit, the status information for obtaining the certificate from the certification authority;
Resolution unit, the status information for parsing the certificate;
Memory cell, the status information for storing the certificate and the certificate;
Signature unit, signs for the status information to the certificate, sends to the application program for mobile terminal of connection request.
8. the digital certificate confirmation system of application program for mobile terminal is used for as claimed in claim 7, it is characterised in that described
Application program for mobile terminal includes:
Receiver module, receives the status information of the certificate of signature;
Authentication module, verifies the signature, obtains the status information of the certificate.
9. the digital certificate confirmation system of application program for mobile terminal is used for as claimed in claim 6, it is characterised in that described
Application program for mobile terminal also includes:
Judge module, the status information of the certificate for the application program for mobile terminal to returning carries out determining whether to revoke
Status information or effective status information, if revoking status information, carry out dangerous tip, if effectively to connecting the service end
Status information, then application program for mobile terminal Connection Service end acquisition application.
10. the digital certificate confirmation system for application program for mobile terminal as described in claim any one of 6-9, its feature
It is that the checking proxy server is cloud server, the attribute information of the certificate includes certificate serial number, issuer name
Claim hash and issuer cipher key Hash.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611033380.4A CN106789897B (en) | 2016-11-15 | 2016-11-15 | Digital certificate authentication method and system for application program for mobile terminal |
| PCT/CN2017/071216 WO2018090481A1 (en) | 2016-11-15 | 2017-01-16 | Method and system for verifying digital certificate of mobile terminal application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611033380.4A CN106789897B (en) | 2016-11-15 | 2016-11-15 | Digital certificate authentication method and system for application program for mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106789897A true CN106789897A (en) | 2017-05-31 |
| CN106789897B CN106789897B (en) | 2019-08-06 |
Family
ID=58970780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611033380.4A Active CN106789897B (en) | 2016-11-15 | 2016-11-15 | Digital certificate authentication method and system for application program for mobile terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106789897B (en) |
| WO (1) | WO2018090481A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241341A (en) * | 2017-06-29 | 2017-10-10 | 北京五八信息技术有限公司 | Access control method and device |
| CN107392589A (en) * | 2017-07-01 | 2017-11-24 | 武汉天喻信息产业股份有限公司 | Android system intelligence POS system, safe verification method, storage medium |
| CN109101813A (en) * | 2018-09-03 | 2018-12-28 | 郑州云海信息技术有限公司 | A kind of application program hold-up interception method and relevant apparatus |
| CN109379371A (en) * | 2018-11-20 | 2019-02-22 | 多点生活(成都)科技有限公司 | Certification authentication method, apparatus and system |
| CN111797379A (en) * | 2020-07-15 | 2020-10-20 | 上海瀚之友信息技术服务有限公司 | A processing method and device for improving information security |
| CN111865992A (en) * | 2020-07-23 | 2020-10-30 | 亚数信息科技(上海)有限公司 | ACME centralized management system and load balancing method thereof |
| CN114154171A (en) * | 2022-02-07 | 2022-03-08 | 浙江省人力资源和社会保障信息中心 | Social security self-service machine program installation method and system, electronic equipment and computer medium |
| CN114615309A (en) * | 2022-01-18 | 2022-06-10 | 奇安信科技集团股份有限公司 | Client access control method, device and system, electronic equipment and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20240406011A1 (en) * | 2023-06-01 | 2024-12-05 | Arris Enterprises Llc | Security assurance framework for testing and validating certificates |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101652793A (en) * | 2007-04-06 | 2010-02-17 | 日本电气株式会社 | Electronic money system and electronic money trading method |
| CN103778367A (en) * | 2013-12-30 | 2014-05-07 | 网秦(北京)科技有限公司 | Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server |
| CN103905448A (en) * | 2014-04-01 | 2014-07-02 | 江苏物联网研究发展中心 | Video camera equipment entity authentication method for urban security and protection |
| CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
| CN105429934A (en) * | 2014-09-19 | 2016-03-23 | 腾讯科技(深圳)有限公司 | HTTPS connection verification method and device |
-
2016
- 2016-11-15 CN CN201611033380.4A patent/CN106789897B/en active Active
-
2017
- 2017-01-16 WO PCT/CN2017/071216 patent/WO2018090481A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101652793A (en) * | 2007-04-06 | 2010-02-17 | 日本电气株式会社 | Electronic money system and electronic money trading method |
| CN103778367A (en) * | 2013-12-30 | 2014-05-07 | 网秦(北京)科技有限公司 | Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server |
| CN103905448A (en) * | 2014-04-01 | 2014-07-02 | 江苏物联网研究发展中心 | Video camera equipment entity authentication method for urban security and protection |
| CN105429934A (en) * | 2014-09-19 | 2016-03-23 | 腾讯科技(深圳)有限公司 | HTTPS connection verification method and device |
| CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241341A (en) * | 2017-06-29 | 2017-10-10 | 北京五八信息技术有限公司 | Access control method and device |
| CN107241341B (en) * | 2017-06-29 | 2020-07-07 | 北京五八信息技术有限公司 | Access control method and device |
| CN107392589A (en) * | 2017-07-01 | 2017-11-24 | 武汉天喻信息产业股份有限公司 | Android system intelligence POS system, safe verification method, storage medium |
| CN109101813A (en) * | 2018-09-03 | 2018-12-28 | 郑州云海信息技术有限公司 | A kind of application program hold-up interception method and relevant apparatus |
| CN109379371A (en) * | 2018-11-20 | 2019-02-22 | 多点生活(成都)科技有限公司 | Certification authentication method, apparatus and system |
| CN109379371B (en) * | 2018-11-20 | 2021-11-23 | 多点生活(成都)科技有限公司 | Certificate verification method, device and system |
| CN111797379A (en) * | 2020-07-15 | 2020-10-20 | 上海瀚之友信息技术服务有限公司 | A processing method and device for improving information security |
| CN111865992A (en) * | 2020-07-23 | 2020-10-30 | 亚数信息科技(上海)有限公司 | ACME centralized management system and load balancing method thereof |
| CN114615309A (en) * | 2022-01-18 | 2022-06-10 | 奇安信科技集团股份有限公司 | Client access control method, device and system, electronic equipment and storage medium |
| CN114615309B (en) * | 2022-01-18 | 2024-03-15 | 奇安信科技集团股份有限公司 | Client access control method, device, system, electronic equipment and storage medium |
| CN114154171A (en) * | 2022-02-07 | 2022-03-08 | 浙江省人力资源和社会保障信息中心 | Social security self-service machine program installation method and system, electronic equipment and computer medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018090481A1 (en) | 2018-05-24 |
| CN106789897B (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789897B (en) | Digital certificate authentication method and system for application program for mobile terminal | |
| AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| CN102143134B (en) | Method, device and system for distributed identity authentication | |
| CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
| US12244727B2 (en) | User credential control system and user credential control method | |
| CN108769020B (en) | A privacy-preserving identity attribute certification system and method | |
| CN105099673A (en) | Authorization method, authorization requesting method and devices | |
| CN101765108A (en) | Safety certification service platform system, device and method based on mobile terminal | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| Yan et al. | A lightweight authentication and key agreement scheme for smart grid | |
| CN102546579A (en) | Method, device and system used for providing system resources | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN102984046A (en) | Processing method of instant messaging business and corresponding network equipment | |
| Khattak et al. | Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach | |
| CN103401686A (en) | User Internet identity authentication system and application method thereof | |
| CN113129008B (en) | Data processing method, device, computer readable medium and electronic equipment | |
| CN103532961A (en) | Method and system for authenticating identity of power grid website based on trusted crypto modules | |
| Zhang et al. | Efficient privacy protection authentication protocol for vehicle network in 5G | |
| KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
| CN114079645A (en) | Method and device for registering services | |
| Augusto et al. | OFELIA–A secure mobile attribute aggregation infrastructure for user-centric identity management | |
| JP2009031849A (en) | Electronic application certificate issuance system, electronic application reception system, and methods and programs thereof | |
| KR101676832B1 (en) | Method for Storing Web Standard Digital Certificate and Conducting Digital Signature Using the Same | |
| US20140245412A1 (en) | Linking credentials in a trust mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |