Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for certificate authentication

A technology of equipment and certificates, applied in the direction of transmission system, electrical components, etc., to achieve the effect of improving efficiency and realizing convenience

Active Publication Date: 2020-04-21
CHINA MOBILE COMM LTD RES INST +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In view of the above technical problems, the embodiment of the present invention provides a method and device for certificate authentication, which solves the problem that the client can verify the validity of the server certificate without accessing the CRL or OCSP server during the handshake process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for certificate authentication
  • Method and device for certificate authentication
  • Method and device for certificate authentication

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0068] see figure 2 , the figure shows a certificate authentication method, which is applicable to the handshake process. The scenario is that the first device can send a request to the second device to query the certificate status of the second device certificate during the SSL / TLS handshake process. The second device After receiving the query request, return the certificate status of the second device to the first device as a response, the specific steps are as follows:

[0069] Step 201, the first device sends a first online certificate status protocol OCSP request message to the second device, and the first OCSP request message is used to request the OCSP status information of the second device certificate of the second device, and then enter step 202;

[0070] Optionally, the first device sends a first device handshake message and a first Online Certificate Status Protocol OCSP request message to the second device, and the first OCSP request message is used to request OC...

no. 2 example

[0083] see image 3 , the figure shows a certificate authentication method, which is suitable for the handshake process. In this embodiment, the first device and the second device can carry OCSP status information during the handshake process. This method can reduce the first During the handshake process, the device and the second device actively query the CRL and OCSP to the CA to improve the handshake efficiency. The specific steps are as follows:

[0084] Step 301, the first device sends a first online certificate status protocol OCSP request message to the second device, and the first OCSP request message is used to request the OCSP status information of the second device certificate of the second device, and then enter step 302;

[0085] Optionally, the first device sends a first device handshake message and a first Online Certificate Status Protocol OCSP request message to the second device, and the first OCSP request message is used to request the second device certificat...

no. 3 example

[0100] see Figure 4 , the figure shows a certificate authentication method, which is suitable for the handshake process, and the specific steps are as follows:

[0101] Step 401, the second device receives the first online certificate status protocol OCSP request message sent by the first device, the first OCSP request message is used to request the OCSP status information of the second device certificate of the second device, and then enters step 402;

[0102] Optionally, the second device receives the first device handshake message and the first Online Certificate Status Protocol OCSP request message sent by the first device, and the first OCSP request message is used to request the second device certificate of the second device OCSP status information.

[0103] Of course, it can be understood that the above-mentioned first device may be a client and the second device may be a server, or the first device may be a server and the second device may be a client.

[0104] Step...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention provide a certificate authentication method and equipment. The method comprises the following steps that first equipment sends a first online certificate status protocol (OCSP) request message to second equipment, wherein the first OCSP request message is used for requesting OCSP status information of a second equipment certificate of the second equipment; the first equipment receives a first OCSP response message sent by the second equipment, wherein the first OCSP response message includes OCSP status information of the second equipment certificate; and the firstequipment carries out identity verification on the second equipment according to the OCSP status information of the second equipment certificate. According to the certificate authentication method and equipment, a problem that a client does not need to access a CRL or OCSP server to carry out validity verification on the certificate of the server in a handshaking process is solved.

Description

technical field [0001] The invention relates to the technical field of digital certificate authentication, in particular to a method and equipment for certificate authentication in the handshake process. Background technique [0002] SSL (Secure Sockets Layer) / TLS (Security Transport Layer Protocol) is a security protocol that provides security and data integrity for network communication. The network connection is encrypted at the transport layer, which can prevent the communication content of both parties from being eavesdropped and tampered with. , Pretending. The HTTPs (Hypertext Transfer Security Protocol) protocol commonly used in the Internet at present is the HTTP (Hypertext Transfer Protocol) protocol on top of the SSL / TLS protocol. [0003] In the network access scenario, the user equipment cannot access the Internet before the authentication is successful, so the user equipment cannot access the CRL (Certificate Revocation List) server or the OCSP (Online Certifi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0823H04L63/12H04L63/16
Inventor 阎军智
Owner CHINA MOBILE COMM LTD RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com