Application service management system and management method based on digital certificate

Abstract

The invention relates to an application service management system and a management method based on a digital certificate. An authentication server issues certificates and corresponding certificate private keys for each user end and each application server, and each user end can access different application servers according to the certificate which is issued by the authentication server without logging in when accessing a new application server each time; in addition, after the authentication server validates the identities of the user end and the application server, the application server distributes the private keys for each user end and negotiates about service private keys of the communication between the application server and the user end through elements such as a main private key, and the like so as to establish a safe channel for the transmission of application service data and realize encrypted transmission of the application server data in the safe channel through the service private key. In the scheme of the invention, communication in the process of access and authentication among the user end, the application server and the authentication server is not needed to pass through an additional safe channel, thereby the invention improves and breaks through the management and the operation modes.

Description

technical field [0001] The invention relates to the technical field of digital information networks, in particular to a digital certificate-based application service management system and management method. Background technique [0002] With the rapid development of network technology, more and more types of application services are being developed and applied, and at the same time, they are still growing at a high speed. As an entity in the application service network, the application server provides users with accessible channels according to their business needs, so that users can enjoy corresponding application services: that is, users can access the application servers stored in various systems through the application server. Various types of information and enjoy related services. For example, application servers can be used in all aspects of network application services such as multimedia news release, online live broadcast, online advertising, e-commerce, video on d...

AI Technical Summary

Problems solved by technology

[0003] With the continuous improvement of network scale and complexity, the network has gradually become more open, and its security issues are increasingly attracting the attention of the majority of users. In order to achieve the security of the application service network, one of the existing technologies The implementation method is to adopt the commonly used "username + password" authentication method when the user initiates an access application to the application server. However, according to this method, the user's personal information, such as the user's username and password, is transmitted to On the Internet, it is very easy to be stolen and leaked; at the same time, the application server cannot guarantee that the user’s access information received has not been tampered with. This kind of security problem is difficult to solve under the traditional network operation mode; the existing Another implementation method in the technology is to use PKI (Public Key Infrastructure) related technologies to solve the problem, and the application server is responsible for providing access rights to authenticated users. In this way, compared to the above-mentioned "username + password "Authentication method, the security can be improved, but for the user, in most cases, the user does not provide a way to verify the legitimacy of the application server, which will lead to a problem, that is, the method of forging the application server can be Deceive user access to achieve the purpose of defrauding user charges, leaking user information, providing inferior services, etc., which seriously affects the image and reputation of application server service providers and leads to a decline in market occupancy. In addition, in this way, In order to achieve security issues, various application server service providers usually establish their own application service networks. For users, each time they access a different application service network, they need to register user information and verify their identity. As the content of the application services provided increases, the number of registrations performed by users also increases accordingly, so that users may have a large number of certificates; in addition, for regulatory agencies, services and data on the network should be Manageable and controllable, but in the existing technology, there is no unified regulatory agency to achieve unified management of various services and data on the network

Images