543 results about "Certificate verification" patented technology

Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.

A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D₁. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.

A method of computing a cryptographic key to be shared between a pair of correspondents communicating with one another through a cryptographic system is provided, where one of the correspondents receives a certificate of the other correspondents public key information to be combined with private key information of the one correspondent to generate the key. The method comprises the steps of computing the key by combining the public key information and the private key information and including in the computation a component corresponding to verification of the certificate, such that failure of the certificate to verify results in a key at the one corespondent that is different to the key computed at the other correspondent.

A system of distributed group management for generating authentication information relating to a group to which users belong at a high speed on a client side and, at the same time, wherein a server side can verify this at a high speed. This system provides a group certificate issuing apparatus for issuing a group certificate on a client side based on original group information including the name of the group to which the users belong and a group certificate verification unit for verifying a legitimacy of the certificate transmitted from the client side in a server. Here, the group certificate issuing apparatus adds an issuance side processed value obtained by processing the information of the original group information by a cryptographic function to this original group information to obtain a group certificate, and the group certificate verification unit processes part of information included in the received certificate by an identical cryptographic function to obtain a verification side processed value and performs an authentication by confirming that the issuance side processed value and the verification side processed value coincide.

A connection is established between a server and a web browser having access to a first, trusted public key. The server downloads a digitally signed archive to the browser, the archive including a second public key. The browser verifies the digitally signed archive using the first public key, and stores the second public key in response to the verification. The browser then uses the stored second public key to authenticate the server and establish a secure connection with the server. The second public key and its chain of trust need not be known by the browser beforehand, and the archive may include program fragments that store the key in an area where the browser (or an applet running under the browser) can access and use it. The archive may also include a program fragment that performs certificate validation for the client—enabling the client to handle certificate types it does not know about. Advantages include allowing the archive to be transmitted over any insecure connection since it is integrity protected and authenticated; and allowing the client to make a direct connection to the server without having to access certificate stores on the platform.

Systems and methods for facilitating electronic commerce by securely providing certificate-related and other services including certificate validation and warranty. In a preferred embodiment, these services are provided within the context of a four-corner trust model. The four-corner model comprises a buyer, or subscribing customer, and a seller, or relying customer, who engage in an on-line transaction. The buyer is a customer of a first financial institution, or issuing participant. The issuing participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the issuing participant. The seller is a customer of a second financial institution, or relying participant. The relying participant operates a certificate authority and issues the seller a hardware token including a private key and a digital certificate signed by the relying participant. The system also includes a root certificate authority that operates a certificate authority that issues digital certificates to the issuing and relying participants. At the time of a transaction, the buyer creates a hash of the transaction data, signs the hash, and transmits the transaction data, the signature, and its digital certificate to the seller. The seller may then request system services via a connection with its financial institution, the relying participant. The system services may include a certificate status check service and a warranty service. The certificate status check service allows the relying customer to validate the subscribing customer's certificate. The warranty service allows the relying customer to receive a collateral-backed warranty that the subscribing customer's certificate is valid. Each participant and the root entity is provided with a transaction coordinator for combining services and operations into a single transaction having the qualities of atomicity, consistency, isolation, and durability. The transaction coordinator provides a single consistent interface for certificate-status messages and requests, as well as messages and requests relating to other services.

A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

Method and system are described for validating a digital signature. More particularly, a signed message and a corresponding certificate are received. The certificate is checked for validation. A validation statement is generated, and the certificate validation and the signed message provide a status. This status represents a request for validation, and is provided along with a set of validations among which such status is an element. A digest is generated using a Merkle authentication tree corresponding to the set of validations, and this digest is signed with a private key. Accordingly, a notary may provide the signed digest, status and the set of validations for subsequent confirmation of the digital signature.

The invention discloses a two-dimensional code processing method, device and system, and relates to the technical field of information processing. The main purpose is to solve the problem that the electronic certificate security is leaked once an electronic certificate is stolen in a copying or shooting way since the generation of the electronic certificate is dependent on a static random code in the prior art. The technical scheme corresponding to the invention comprises the following steps: a server receives an electronic certification acquisition request sent by a client, and the electronic certificate acquisition request comprises a user identity label; the electronic certificate corresponding to the user identity label is acquired, and a server private key is used for signing the electronic certificate and a user public key of the client, thereby obtaining server signature information; the server signature information and the electronic certificate are sent to the client so that the client can verify the server signature information conveniently, and generates a two-dimensional code according to the electronic certificate, and a certificate verification end verifies the electronic certificate contained in the two-dimensional code, wherein the certificate verification end is used for generating the electronic certificate according to the user identity label.

A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D₁. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

An apparatus and method collects, for a community of interest, at least one cross certificate associated with an anchor certificate issuing unit, and obtains at least one certificate issuing unit public key and an associated unique identifier for a cross-certified certificate issuing unit identified by the at least one cross certificate. For example, a certificate issuing unit, client unit, or other suitable unit, searches for one or up to all certification authorities or certificate issuing units that it can trust based on cross certificate chains. This is done, for example, from a given trust anchor. The apparatus selects those obtained certificates that satisfy, for example, some search criteria, such as what policy must be enforced in each certificate, for example, the allowed path length or depth that the apparatus is allowed to evaluate, and creates a signed certificate set, such as a list of all trusted certificate issuing units from the perspective of a given trust anchor. Accordingly, the apparatus and method creates a signed certificate set identifying certificate issuing units determined to be trusted by the anchor certificate issuing unit based on the cross certificates that the apparatus obtained. The signed certificate set includes at least a unique identifier of each trusted certificate issuing unit, such as the distinguished name (DN) of the certificate issuing unit, and public key of each trusted certificate issuing unit.

Transaction ID information corresponding to proof certificate-verifying transaction information is transmitted to a block chain retention server if a request for proof certificate information is sensed, when the proof certificate-verifying transaction information generated by using the proof certificate information, to be provided to a customer, is recorded in a block chain retention server and the transaction ID information is managed. The proof certificate-verifying transaction information corresponding to the transaction ID information is acquired from the block chain retention server. A proof certificate index hash value used for comparison, acquired from the proof certificate information to be provided to a customer and corresponding to a request, is compared with a proof certificate-verifying index hash value acquired from the proof certificate verifying-transaction information. Verification information generated with reference to the comparison result of the proof certificate index hash value used for comparison and the proof certificate-verifying index hash value are provided.

The invention relates to a technique for safely updating a software and provides a software update packet packaging method for ensuring the legality and completeness of an updated software, as well as a software updating method. Digital certificates of trustworthy authentication institutes are prearranged in a terminal apparatus, or a server is used for determining the trustworthy authentication institutes; the authentication institutes respectively perform digital signing to the software and transmit an original cleartext software together with all digital signatures and digital certificates to the terminal apparatus; the terminal apparatus verifies whether all digital certificates are legal and judges the authentication institutes working together for updating the software; if all conditions are satisfied, the terminal apparatus verifies all digital signatures and then updates the software after the verification. As the legality of a software update packet is verified according to the digital certificates of the authentication institutes, the completeness of the software update packet is verified according to the digital signatures of the authentication institutes and a plurality of parties participate the concerted signing to the software, the safe update of the software is ensured.

The invention provides a certificate verification method, a system and a certificate verification terminal, aiming at solving the problem in the traditional checking system which checks the verification of certificates by manually inputting the certificate number and has the disadvantages of wasting time and energy and having high error rate. The method comprises the following steps of: obtainingan area image containing a certificate number; carrying out character segmentation to the area image, thus obtaining images of all the characters; utilizing a classifier obtained by training in advance to carry out identification to the images of all the characters, thus obtaining the certificate number information; and sending the certificate number information to a server side for verification and then receiving the returned checking result. The invention can identify certificate numbers automatically and does not need to input certificate numbers manually, thus greatly raising the efficiency of certificate checking; besides, the identification processing of certificate numbers is carried out in a system terminal, thus occupying little bandwidth and reducing the demand for the performance of network and server terminals.

The invention discloses a vehicle network security authentication method, system and apparatus, a vehicle and a medium. The vehicle comprises a vehicle-mounted communication box, a gateway and a special vehicle microcomputer controller. The method comprises the following steps: the vehicle-mounted communication box receives a command sent by a remote service provider, and performs certificate verification on the command according to a certificate issued by PKI in advance; if the certificate verification of the vehicle-mounted communication box is successful, the command is sent to the gateway;the gateway performs certificate verification on the command according to the certificate issued by PKI in advance; if the certificate verification is successful, the command is sent to the vehicle-mounted communication box; the vehicle-mounted communication box performs certificate verification on the command according to the certificate issued by PKI in advance; if the certificate verificationof the special vehicle microcomputer controller is successful, the command is executed. The method and apparatus provided by the invention are used for solving the network security problem of the Internet of Vehicles in the prior art and achieving the technical effect of ensuring the vehicle network security.

One example method may include generating a template transaction certificate by one or more entities which verify proof of ownership of attributes incorporated into the template transaction certificate, and generating one or more operational transaction certificates by the one or more entities which verified proof of ownership of the template transaction certificate.

A system and method of providing on-line verification of various credentials without requiring second site authentication utilizes protocols and cryptography to assure customers (generally referred to hereinafter as “users”) that they are dealing with a person (or organization) that can present multiple, non-repudiable proof of their identification. The system is launched directly from the user's browser such that certificate verification is performed “locally”, without needing to go out and obtain information from a second web site. The system is based upon the creation of a new MIME (i.e. Multipurpose Internet Mail Extensions) type that is employed by the user's browser and utilizes public keys associated with the credentialing organizations in combination with a public key of the verification organization.

A system and method for delivery of secure software license information to authorize the use of a software program is disclosed. The method and system comprises a computer system for executing the software program and the authorizing program, and a license server, connected to the computer system over a network. The method and system include associating a publisher certificate and a signed product key pair with the program to be authorized, generating a license request containing user and product information and signed by the private key from the product key pair, transmitting the license request to a license server, generating a license using data extracted from the license request and license terms, signing the license with the publisher private key associated with the publisher certificate, transmitting the license to the authorization program, validating the license using the publisher certificate, and using the license terms to control the use of the software program.

The invention discloses a certificate authenticity verification method and device, a computer device and a storage medium. The method comprises the adopting a CTPN-RNN algorithm to locate the originalcertificate image, obtaining the text line area, and truncating the image corresponding to the text line area to obtain the region block image; using the OCR recognition model to recognize the regional block image and obtain the corresponding target text; based on the certificate type and the corresponding position identification of the regional block image, obtaining the corresponding content verification rules, and using the content verification rules to perform the content verification on the target text corresponding to the regional block image, and obtaining the content verification result; checking the target text corresponding to the area block image and the standard text in the database corresponding to the certificate type to obtain the data checking result; carrying out the chromatic aberration check on the original certificate image to obtain the chromatic aberration check result; if the content verification result, data verification result and color difference verificationresult are passed, verifying that the original certificate image is true certificate, which solves the problem of inaccurate certificate verification.