Method, device and system for certificate renewal

Abstract

This paper discloses a method, device and system for certificate renewal. The method includes: the satellite CA receives permission setting information from the central CA, and the permission setting information includes permission information for indicating that only renewal processing is performed; the satellite CA receiving device sends the renewal request; determine whether the renewal conditions are met; determine that the renewal conditions are met, and generate a new device certificate, the new device certificate is generated by signing with the private key corresponding to the third-level certificate of the satellite CA; the generated A new device certificate is sent to the device. The present invention sets a distributed CA structure, sets a satellite CA with limited functions, and the satellite CA with limited functions shares the processing pressure of the central CA, and enables IoT devices to access the satellite CA nearby to quickly and effectively realize certificate renewal.

Description

technical field [0001] The present invention relates to the technical field of the Internet, in particular to a certificate renewal method, device and system. Background technique [0002] With the rapid increase of the Internet of Things (Internet of Things, IoT) scale, the number of IoT devices also increases rapidly, which causes people to pay great attention to the security of IoT devices. [0003] At present, the security issues of IoT devices mainly focus on data encryption and identity authentication. Data encryption and identity authentication are currently implemented based on a public key cryptographic infrastructure (Public Key Infrastructure, PKI for short) system. In the existing PKI security system, each IoT device obtains a certificate issued by a CA from a Certification Authority (CA for short), and also obtains a private key corresponding to this certificate, where the certificate is used to identify the IoT device. identity. In the subsequent processing,...

AI Technical Summary

Problems solved by technology

[0008] 1. Due to the wide geographical distribution of IoT devices, the certificate cannot be renewed in time, resulting in the invalidation of the certificate

[0009] Second, the certificate renewal is implemented in a centralized manner, that is, only one central CA is set up for certificate renewal, and all IoT devices are renewed by this central CA, which leads to a greater processing pressure on the central CA, especially when the number of IoT devices is rapidly increasing. In the context of growth, the central CA is prone to failure under processing pressure, which affects the user experience of certificate renewal

[0010] 3. Manually apply for renewal to the central CA, and the renewal efficiency is slow

The certificate issued by the secondary private key is generally not allowed to continue to perform the issuance function, for example: the IoT device certificate can only be used for its own business, and cannot continue to issue other certificates

Images