Security authorization method which solves problem that certificate private key is reused by multiple users

Abstract

The invention discloses a security authorization method which solves a problem that a certificate private key is reused by multiple users, and belongs to the information security field. The method includes the steps that based on characteristic information of a user and an electronicsignature document or data, a use authorization application for a client side public certificate private key is initiated; and an authorization system verifies the validity of the authorization application, signs and issues electronic authorization according to an authorization strategy, and authorizes the user to use the certificate private key for a specific purpose in some period. According to the invention, a security authorization flow based on the user and electronic document characteristic information is realized; the possession and control of the certificate private key by a special user in some document signature process or in some period can be ensured; the electronic document integrity, the signer identity legality, and the signature operation non-repudiation can be realized; temporary certification to the user is avoided; and a usage habit of the user is met. The security authorization method of the invention is simple and convenient, has low cost, satisfies an electronic signature method, meets requirements of electronic evidence proof, and is suitable for e-government and electronic commerce.

Description

technical field [0001] The present invention relates to a method for solving the problem of certificate private key reuse by multiple users through security authorization technology. Specifically, based on the feature information of users and electronic signature documents or data, an application for authorization of the use of the public certificate private key of the client is initiated, and the authorization system The method of verifying the validity of the authorization application, issuing an electronic authorization letter according to the authorization policy, and authorizing the user to use the private key of the certificate for a specific purpose within a certain period of time is applicable to e-government and e-commerce; it belongs to the field of information security. Background technique [0002] Digital certificate technology is used for identity authentication, data integrity and data confidentiality in network communication. During the application, the user ...

AI Technical Summary

Problems solved by technology

[0003] In some cases, such as the signing of the informed consent of hospital patients, the signing of business documents of users in paperless business halls, etc., it is difficult to implement the method of reviewing user applications through the CA center and issuing certificates to users one by one.

In these cases, users often only temporarily use the private key to sign a certain data or electronic document once. After signing, the user generally no longer needs to use the private key. The method of issuing certificates to the user on site is too expensive and the process is complicated. , it is difficult for users to accept

[0004] One solution is to temporarily generate keys and certificates for each signatu

Images