CN120455018A - Electronic signature authentication certificate identification with explicit identification, verification method and device and electronic equipment - Google Patents
Electronic signature authentication certificate identification with explicit identification, verification method and device and electronic equipmentInfo
- Publication number
- CN120455018A CN120455018A CN202510878844.4A CN202510878844A CN120455018A CN 120455018 A CN120455018 A CN 120455018A CN 202510878844 A CN202510878844 A CN 202510878844A CN 120455018 A CN120455018 A CN 120455018A
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- certificate
- signature authentication
- authentication certificate
- explicit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本发明提供了一种带显性标识的电子签名认证证书标识及验证方法、装置及电子设备,涉及信息安全技术领域,包括:注册机构获取申请方发送的电子签名认证证书请求;所述注册机构基于所述电子签名认证证书请求确定所述电子签名认证证书类型,并对申请方身份进行鉴别;当申请方身份鉴别为正常,证书颁发机构基于所述电子签名认证证书类型在电子签名认证证书中嵌入显性标识扩展项;所述证书颁发机构对含所述显性标识扩展项的电子签名认证证书进行数字签名,得到带显性标识的电子签名认证证书。本发明,通过显性标识扩展项中的自包含字段承载关键信息,使验证方仅解析证书本身即可完成法律符合性判断,规避外部文件不可访问的风险。
The present invention provides an electronic signature authentication certificate identification and verification method, device and electronic equipment with an explicit identification, which relates to the field of information security technology, including: a registration authority obtains an electronic signature authentication certificate request sent by an applicant; the registration authority determines the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request and authenticates the identity of the applicant; when the identity authentication of the applicant is normal, the certificate issuing authority embeds an explicit identification extension item in the electronic signature authentication certificate based on the electronic signature authentication certificate type; the certificate issuing authority digitally signs the electronic signature authentication certificate containing the explicit identification extension item to obtain an electronic signature authentication certificate with an explicit identification. The present invention carries key information through a self-contained field in the explicit identification extension item, so that the verifier can complete the legal compliance judgment by only parsing the certificate itself, avoiding the risk of inaccessibility of external files.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and apparatus for verifying an electronic signature authentication certificate with an explicit identifier, and an electronic device.
Background
ITU-T x.509 is an internationally recognized standard defining the format of public key certificates (digital certificates). It binds an identity with a public key through digital signing, playing a fundamental role in Public Key Infrastructure (PKI). Digital certificates can provide information security services such as integrity, authenticity, confidentiality, anti-repudiation and the like, and are widely used for various purposes such as identity authentication, encrypted communication, electronic signature and the like.
The basic structure of the digital certificate includes a version number, a serial number, a signature algorithm ID, an issuer name, a validity period, a principal name, principal public key information, and optional extension fields (e.g., a certificate policy, a key usage, etc.). The use, legal applicability, security level, authentication mode, etc. of the digital certificate are generally determined using a general verification method, that is, an extension of a certificate policy, key use, etc. in the verification certificate.
The electronic signature authentication certificate is issued by an electronic authentication service organization which obtains an electronic authentication service license, accords with legal regulations such as the electronic signature law of the people's republic of China, is used for signing a digital certificate with legal effectiveness and is a specific application of PKI digital certificate technology in the aspect of the legal effectiveness of electronic signature. In practice, the purpose and the validity of the electronic signature authentication certificate need to be verified, and the existing PKI technical certificate format and verification mode are still used for the electronic signature authentication certificate at present.
The existing electronic signature authentication certificate content format and verification mode have the following defects:
1. when verifying, external files such as certificate strategies outside the certificate content need to be acquired for interpretation, and the external files have the risk of being inaccessible;
2. the certificate policy is a summary file of the certificate, and lacks verification independence and observability;
3. In application, the type and legal compliance of the electronic signature authentication certificate are difficult to visually and automatically and rapidly determine by all parties.
Therefore, an electronic signature authentication certificate identification with an explicit identification, a verification method and device and electronic equipment are provided.
Disclosure of Invention
The specification provides an electronic signature authentication certificate identification with an explicit identification, a verification method, a device and electronic equipment, wherein key information is carried by a self-contained field in an extension item of the explicit identification, so that a verification party can finish legal compliance judgment only by analyzing the certificate, the risk that an external file is inaccessible is avoided, and meanwhile, a service application system is facilitated to quickly identify the type of the electronic signature authentication certificate and verify legal effectiveness compliance of the certificate.
The specification provides a method for identifying an electronic signature authentication certificate with an explicit identifier, which comprises the following steps:
The registration mechanism acquires an electronic signature authentication certificate request sent by an applicant party;
the registration authority determines the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request and authenticates the identity of the applicant;
When the identity authentication of the applicant is normal, the certificate authority embeds an explicit identification extension in the electronic signature authentication certificate based on the type of the electronic signature authentication certificate;
And the certificate authority carries out digital signature on the electronic signature authentication certificate containing the explicit identification extension to obtain the electronic signature authentication certificate with the explicit identification.
Optionally, the explicit identifier extension includes an electronic signature certificate statement, an electronic authentication service license number, an identity authentication field, and a cryptographic component identifier;
The electronic signature authentication certificate declaration includes a certificate type and a legal effectiveness compliance declaration;
the electronic authentication service license number includes a license number of the certificate authority;
the identity authentication field comprises an identity authentication result of the registration mechanism on the applicant;
The cryptographic component identification includes a commercial cryptographic product authentication certificate number used to generate the certificate signature.
Optionally, before the registration mechanism obtains the electronic signature authentication certificate request sent by the applicant, the method includes:
the certificate issuing organization formulates an electronic signature authentication certificate strategy and business rules, and issues a certificate configuration rule template to the registration organization.
The specification provides a method for verifying an electronic signature authentication certificate with an explicit identifier, which comprises the following steps:
Acquiring an electronic signature authentication certificate with an explicit identifier;
performing explicit identification extension verification on the electronic signature authentication certificate with the explicit identification, and outputting a legal compliance verification result;
when the legal compliance verification result is compliance, carrying out electronic signature validity verification on the electronic signature authentication certificate with the explicit mark, and outputting a validity verification result;
and when the validity verification result is in accordance, the verification of the electronic signature authentication certificate with the explicit identifier is completed.
Optionally, before the step of obtaining the electronic signature authentication certificate with the explicit identifier, the method includes:
The relying party formulates an explicit identification extension checking strategy of the electronic signature certificate based on the application scene and configures the checking strategy and the associated data set thereof to a verification system.
Optionally, the verifying the explicit identifier extension item of the electronic signature authentication certificate with the explicit identifier includes:
Analyzing the certificate declaration field of the electronic signature authentication, and extracting certificate type and legal effectiveness compliance declaration;
verifying the electronic authentication service license number, verifying the qualification of the issuing institution through an industrial and informatization department license database configured in a local storage;
Verifying an identity authentication field to confirm that the identity authentication result of the applicant is normal;
The verification password component identification field matches the commercial password product authentication certificate number configured in the local storage with the national password management agency record information configured in the local storage.
The present specification provides an electronic signature authentication certificate identification device with an explicit identification, comprising:
the first acquisition module is used for acquiring an electronic signature authentication certificate request sent by an applicant party by a registration mechanism;
The authentication module is used for determining the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request by the registration authority and authenticating the identity of the applicant;
the embedding module is used for embedding an explicit identification extension item in the electronic signature authentication certificate based on the type of the electronic signature authentication certificate by the certificate authority when the identity authentication of the applicant is normal;
and the signature module is used for digitally signing the electronic signature authentication certificate containing the explicit identifier extension by the certificate issuing mechanism to obtain the electronic signature authentication certificate with the explicit identifier.
Optionally, the explicit identifier extension includes an electronic signature certificate statement, an electronic authentication service license number, an identity authentication field, and a cryptographic component identifier;
The electronic signature authentication certificate declaration includes a certificate type and a legal effectiveness compliance declaration;
the electronic authentication service license number includes a license number of the certificate authority;
the identity authentication field comprises an identity authentication result of the registration mechanism on the applicant;
The cryptographic component identification includes a commercial cryptographic product authentication certificate number used to generate the certificate signature.
Optionally, before the first obtaining module, the method includes:
the certificate issuing organization formulates an electronic signature authentication certificate strategy and business rules, and issues a certificate configuration rule template to the registration organization.
The specification provides an electronic signature authentication certificate verification device with an explicit identifier, which comprises:
The second acquisition module is used for acquiring the electronic signature authentication certificate with the explicit identifier;
the first verification module is used for verifying the explicit identification extension item of the electronic signature authentication certificate with the explicit identification and outputting a legal compliance verification result;
The second verification module is used for carrying out electronic signature validity verification on the electronic signature authentication certificate with the explicit mark when the legal compliance verification result is the compliance, and outputting a validity verification result;
And the verification completion module is used for completing the verification of the electronic signature authentication certificate with the explicit identifier when the validity verification result is in accordance.
Optionally, before the second obtaining module, the method includes:
The relying party formulates an explicit identification extension checking strategy of the electronic signature certificate based on the application scene and configures the checking strategy and the associated data set thereof to a verification system.
Optionally, the first verification module includes:
Analyzing the certificate declaration field of the electronic signature authentication, and extracting certificate type and legal effectiveness compliance declaration;
verifying the electronic authentication service license number, verifying the qualification of the issuing institution through an industrial and informatization department license database configured in a local storage;
Checking an identity authentication field to confirm that the identity authentication result of the applicant is normal;
The verification password component identification field matches the commercial password product authentication certificate number configured in the local storage with the national password management agency record information configured in the local storage.
The specification also provides an electronic device, wherein the electronic device includes:
And a memory storing computer executable instructions that, when executed, cause the processor to perform any of the methods described above.
The present specification also provides a computer readable storage medium storing one or more programs which when executed by a processor implement any of the methods described above.
In the invention, key information is carried by the self-contained field in the explicit identifier extension item, so that a verification party can finish legal compliance judgment only by analyzing the certificate, and the risk that an external file is inaccessible is avoided. Meanwhile, the service application system is helped to quickly identify the type of the electronic signature authentication certificate and verify the legal effectiveness compliance of the certificate. The certificate declaration field in the extension directly identifies the certificate type and legal compliance, and solves the problem that the traditional certificate strategy lacks intuitiveness. The relying party can directly read the field values to judge legal effectiveness without manually reading the obscured policy document. And the verification system verifies the four fields of the extension item based on a pre-configured checking strategy, and outputs a machine-readable legal compliance conclusion. The flow replaces manual intervention, and timely response of legal effectiveness judgment is achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a method for identifying an electronic signature authentication certificate with an explicit identifier according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a verification method of an electronic signature authentication certificate with an explicit identifier according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic signature authentication certificate identifier with an explicit identifier according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic signature authentication certificate verification device with an explicit identifier according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of a computer readable medium according to an embodiment of the present disclosure.
Detailed Description
The following description is presented to enable one of ordinary skill in the art to make and use the invention. The preferred embodiments in the following description are by way of example only and other obvious variations will occur to those skilled in the art. The basic principles of the invention defined in the following description may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
Exemplary embodiments of the present invention are described more fully below in connection with fig. 1-6. However, the exemplary embodiments can be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals in the drawings denote the same or similar elements, components or portions, and thus a repetitive description thereof will be omitted.
The features, structures, characteristics or other details described in a particular embodiment do not exclude that may be combined in one or more other embodiments in a suitable manner, without departing from the technical idea of the invention.
In the description of specific embodiments, features, structures, characteristics, or other details described in the present invention are provided to enable one skilled in the art to fully understand the embodiments. It is not excluded that one skilled in the art may practice the present invention without one or more of the specific features, structures, characteristics, or other details.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of a method for identifying an electronic signature authentication certificate with an explicit identifier according to an embodiment of the present disclosure, where the method may include:
optionally, before S110, the method includes:
the certificate issuing organization formulates an electronic signature authentication certificate strategy and business rules, and issues a certificate configuration rule template to the registration organization.
In particular embodiments of the present description, a Certificate Authority (CA) first formulates an electronic signature certification certificate policy and business rules, including legal effectiveness compliance criteria, certificate type definitions, and cryptographic algorithm specifications. The CA system then translates the rules into machine-executable code modules via a policy structured compilation engine and dynamically generates certificate configuration rule templates.
S110, a registration mechanism acquires an electronic signature authentication certificate request sent by an applicant party;
S120, the registration institution determines the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request and authenticates the identity of the applicant party;
s130, when the identity authentication of the applicant is normal, embedding an explicit identification extension term in the electronic signature authentication certificate based on the type of the electronic signature authentication certificate by a certificate authority;
And S140, the certificate authority digitally signs the electronic signature authentication certificate containing the explicit identification extension to obtain the electronic signature authentication certificate with the explicit identification.
Optionally, the explicit identifier extension includes an electronic signature certificate statement, an electronic authentication service license number, an identity authentication field, and a cryptographic component identifier;
The electronic signature authentication certificate declaration includes a certificate type and a legal effectiveness compliance declaration;
the electronic authentication service license number includes a license number of the certificate authority;
the identity authentication field comprises an identity authentication result of the registration mechanism on the applicant;
The cryptographic component identification includes a commercial cryptographic product authentication certificate number used to generate the certificate signature.
In the specific embodiment of the present specification, a Registration Authority (RA) receives an electronic signature authentication certificate request initiated by an applicant, determines a required certificate type (such as a personal signature, an enterprise signature, etc.) according to the request content, and performs real-name authentication on the identity of the applicant. When the identity authentication result is confirmed to be normal, a Certificate Authority (CA) embeds an explicit identification extension in the electronic signature authentication certificate according to the determined certificate type. As shown in table 1, the extension contains the following core fields:
An electronic signature authentication certificate statement, namely, clearly marking the type of the certificate and the compliance of legal effectiveness (such as 'compliance with the thirteenth item of electronic signature law');
An electronic authentication service license number, which is written in a legal license number of the CA mechanism;
an identity authentication field for recording the real name authentication state of the RA to the applicant;
the cipher component mark marks the cipher algorithm and the cipher identification number for generating the certificate signature.
And the CA mechanism carries out digital signature on the certificate containing the extension, and finally generates an electronic signature authentication certificate with an explicit identifier and distributes the electronic signature authentication certificate to the applicant.
Table 1 electronic signature authentication certificate extension content and definition
Fig. 2 is a schematic diagram of an electronic signature authentication certificate verification method with explicit identifier according to an embodiment of the present disclosure, where the method may include:
Optionally, before S210, the method includes:
The relying party formulates an explicit identification extension checking strategy of the electronic signature certificate based on the application scene and configures the checking strategy and the associated data set thereof to a verification system.
In the specific embodiments of this specification, a relying party formulates an explicit identity extension checking strategy according to legal effectiveness requirements of an application scenario. The strategy comprises the following core contents:
certificate type verification rules, namely setting a certificate type list which is allowed to be used (such as only accepting 'qualified electronic signature');
legal compliance assertion condition, the legal assertion field in the clear extension must be true;
An identity authentication threshold value, namely requiring an identity authentication field value to reach a 'real name authentication passing' level;
the password identification white list defines the acceptable commercial password product authentication certificate number range.
The policy and associated data set (e.g., the national password administration algorithm record library) are configured to a verification system to generate executable machine verification rules. And the verification system automatically loads a strategy when in operation, performs field-level verification on the certificate dominant identifier extension, and outputs a legal compliance decision instruction.
S210, acquiring an electronic signature authentication certificate with an explicit identifier;
S220, verifying the explicit identification extension item of the electronic signature authentication certificate with the explicit identification, and outputting a legal compliance verification result;
S230, when the legal compliance verification result is compliance, carrying out electronic signature validity verification on the electronic signature authentication certificate with the explicit mark, and outputting a validity verification result;
And S240, when the validity verification result is in accordance, the verification of the electronic signature authentication certificate with the explicit identifier is completed.
Optionally, the S220 includes:
Analyzing the certificate declaration field of the electronic signature authentication, and extracting certificate type and legal effectiveness compliance declaration;
verifying the electronic authentication service license number, verifying the qualification of the issuing institution through an industrial and informatization department license database configured in a local storage;
Verifying an identity authentication field to confirm that the identity authentication result of the applicant is normal;
The verification password component identification field matches the commercial password product authentication certificate number configured in the local storage with the national password management agency record information configured in the local storage.
In the specific embodiment of the present specification, the verification system first acquires an electronic signature authentication certificate with an explicit identifier, and performs four-step field-level verification on the explicit identifier extension in the certificate:
Resolving certificate declaration field, extracting certificate type and legal effectiveness compliance declaration (such as "accord with thirteenth item of electronic signature law");
Verifying license numbers, namely verifying qualification legitimacy of an issuing institution through an electronic authentication service license database of an industrial and informatization part;
verifying the identity authentication field, namely confirming that the identity authentication state of the applicant party is normal (the authentication of the real name passes);
and verifying the password component identification, namely matching the commercial password product authentication certificate number with the record information of the national password management agency, and ensuring the algorithm compliance.
Outputting legal compliance verification results:
If the verification in the four steps is passed, marking the verification as 'legal compliance verification passing';
Any field verifies failure, terminates the flow and returns a specific failure cause (e.g., "password component identification not yet filed").
When the legal compliance results are passed, the system triggers electronic signature validity verification (including certificate chain verification, signature algorithm verification, etc.). Finally, only after signature validity verification is passed, judging that the verification of the electronic signature authentication certificate is completed
In the invention, key information is carried by the self-contained field in the explicit identifier extension item, so that a verification party can finish legal compliance judgment only by analyzing the certificate, and the risk that an external file is inaccessible is avoided. Meanwhile, the service application system is helped to quickly identify the type of the electronic signature authentication certificate and verify the legal effectiveness compliance of the certificate. The certificate declaration field in the extension directly identifies the certificate type and legal compliance, and solves the problem that the traditional certificate strategy lacks intuitiveness. The relying party can directly read the field values to judge legal effectiveness without manually reading the obscured policy document. And the verification system verifies the four fields of the extension item based on a pre-configured checking strategy, and outputs a machine-readable legal compliance conclusion. The flow replaces manual intervention, and second-level response of legal effectiveness judgment is realized.
Fig. 3 is a schematic diagram of an electronic signature authentication certificate identifier device with explicit identifier according to an embodiment of the present disclosure, where the device may include:
a first obtaining module 10, configured to obtain an electronic signature authentication certificate request sent by an applicant by a registration authority;
an authentication module 20, configured to determine the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request by the registration authority, and authenticate the identity of the applicant;
An embedding module 30, configured to embed an explicit identifier extension in the electronic signature authentication certificate based on the electronic signature authentication certificate type by the certificate authority when the identity authentication of the applicant is normal;
and the signature module 40 is used for the certificate authority to digitally sign the electronic signature authentication certificate containing the explicit identifier extension to obtain the electronic signature authentication certificate with the explicit identifier.
Optionally, the explicit identifier extension includes an electronic signature certificate statement, an electronic authentication service license number, an identity authentication field, and a cryptographic component identifier;
The electronic signature authentication certificate declaration includes a certificate type and a legal effectiveness compliance declaration;
the electronic authentication service license number includes a license number of the certificate authority;
the identity authentication field comprises the identity authentication of the registration authority to the applicant;
The cryptographic component identification includes a commercial cryptographic product authentication certificate number used to generate the certificate signature.
Optionally, before the first obtaining module 10, the method includes:
the certificate issuing organization formulates an electronic signature authentication certificate strategy and business rules, and issues a certificate configuration rule template to the registration organization.
The functions of the apparatus according to the embodiments of the present invention have been described in the foregoing method embodiments, so that the descriptions of the embodiments are not exhaustive, and reference may be made to the related descriptions in the foregoing embodiments, which are not repeated herein.
Fig. 4 is a schematic diagram of an electronic signature authentication certificate verification device with explicit identifier according to an embodiment of the present disclosure, where the device may include:
A second obtaining module 50, configured to obtain an electronic signature authentication certificate with an explicit identifier;
a first verification module 60, configured to perform explicit identifier extension verification on the electronic signature authentication certificate with the explicit identifier, and output a legal compliance verification result;
A second verification module 70, configured to perform electronic signature validity verification on the electronic signature authentication certificate with the explicit identifier, and output a validity verification result when the legal compliance verification result is coincidence;
and the verification completion module 80 is configured to complete verification of the electronic signature authentication certificate with the explicit identifier when the validity verification result is in accordance.
Optionally, before the second obtaining module 50, the method includes:
The relying party formulates an explicit identification extension checking strategy of the electronic signature certificate based on the application scene and configures the checking strategy and the associated data set thereof to a verification system.
Optionally, the first verification module 60 includes:
Analyzing the certificate declaration field of the electronic signature authentication, and extracting certificate type and legal effectiveness compliance declaration;
verifying the electronic authentication service license number, verifying the qualification of the issuing institution through an industrial and informatization department license database configured in a local storage;
Checking an identity authentication field to confirm that the identity authentication result of the applicant is normal;
The verification password component identification field matches the commercial password product authentication certificate number configured in the local storage with the national password management agency record information configured in the local storage.
The functions of the apparatus according to the embodiments of the present invention have been described in the foregoing method embodiments, so that the descriptions of the embodiments are not exhaustive, and reference may be made to the related descriptions in the foregoing embodiments, which are not repeated herein.
Based on the same inventive concept, the embodiments of the present specification also provide an electronic device.
The following describes an embodiment of an electronic device according to the present invention, which may be regarded as a specific physical implementation of the above-described embodiment of the method and apparatus according to the present invention. The details described in the embodiments of the electronic device according to the invention should be regarded as additions to the embodiments of the method or the apparatus described above, and the details not disclosed in the embodiments of the electronic device according to the invention may be realized by referring to the embodiments of the method or the apparatus described above.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. An electronic device 300 according to this embodiment of the present invention is described below with reference to fig. 5. The electronic device 300 shown in fig. 5 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 5, the electronic device 300 is embodied in the form of a general purpose computing device. The components of electronic device 300 may include, but are not limited to, at least one processing unit 310, at least one memory unit 320, a bus 330 connecting the different system components (including memory unit 320 and processing unit 310), a display unit 340, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 310 such that the processing unit 310 performs the steps according to various exemplary embodiments of the invention described in the above processing method section of the present specification. For example, the processing unit 310 may perform the steps shown in fig. 1 and/or 2.
The memory unit 320 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 3201 and/or cache memory 3202, and may further include Read Only Memory (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 330 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a viewer to interact with the electronic device 300, and/or any device (e.g., router, modem, etc.) that enables the electronic device 300 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 350. Also, electronic device 300 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 360. The network adapter 360 may communicate with other modules of the electronic device 300 via the bus 330. It should be appreciated that although not shown in FIG. 5, other hardware and/or software modules may be used in connection with electronic device 300, including, but not limited to, microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
From the above description of embodiments, those skilled in the art will readily appreciate that the exemplary embodiments described herein may be implemented in software, or may be implemented in software in combination with necessary hardware. Thus, the technical solution according to the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a computer readable storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-mentioned method according to the present invention. The computer program, when executed by a data processing device, enables the computer readable medium to carry out the above-described method of the present invention, i.e. the method as shown in fig. 1 and/or 2.
Fig. 6 is a schematic diagram of a computer readable medium according to an embodiment of the present disclosure.
A computer program implementing the methods shown in fig. 1 and/or 2 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of a readable storage medium include an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the spectator computing device, partly on the spectator device, as a stand-alone software package, partly on the spectator computing device, partly on a remote computing device, or entirely on a remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the spectator computing device through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the internet using an internet service provider).
In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in accordance with embodiments of the present invention may be implemented in practice using a general purpose data processing device such as a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
The above-described specific embodiments further describe the objects, technical solutions and advantageous effects of the present invention in detail, and it should be understood that the present invention is not inherently related to any particular computer, virtual device or electronic apparatus, and various general-purpose devices may also implement the present invention. The foregoing description of the embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (10)
1. A method for identifying an electronic signature authentication certificate with an explicit identification, comprising:
The registration mechanism acquires an electronic signature authentication certificate request sent by an applicant party;
the registration authority determines the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request and authenticates the identity of the applicant;
When the identity authentication of the applicant is normal, the certificate authority embeds an explicit identification extension in the electronic signature authentication certificate based on the type of the electronic signature authentication certificate;
And the certificate authority carries out digital signature on the electronic signature authentication certificate containing the explicit identification extension to obtain the electronic signature authentication certificate with the explicit identification.
2. The method for identifying an electronic signature authentication certificate with an explicit identification of claim 1, wherein the explicit identification extension comprises an electronic signature authentication certificate declaration, an electronic authentication service license number, an identity authentication field, a cryptographic component identification;
The electronic signature authentication certificate declaration includes a certificate type and a legal effectiveness compliance declaration;
the electronic authentication service license number includes a license number of the certificate authority;
the identity authentication field comprises an identity authentication result of the registration mechanism on the applicant;
The cryptographic component identification includes a commercial cryptographic product authentication certificate number used to generate the certificate signature.
3. The method for identifying an electronic signature authentication certificate with an explicit identification as set forth in claim 2, wherein before the registration authority obtains the electronic signature authentication certificate request sent by the applicant, the method comprises:
the certificate issuing organization formulates an electronic signature authentication certificate strategy and business rules, and issues a certificate configuration rule template to the registration organization.
4. A method for verifying an electronic signature authentication certificate with an explicit identifier, comprising:
Acquiring an electronic signature authentication certificate with an explicit identifier;
performing explicit identification extension verification on the electronic signature authentication certificate with the explicit identification, and outputting a legal compliance verification result;
when the legal compliance verification result is compliance, carrying out electronic signature validity verification on the electronic signature authentication certificate with the explicit mark, and outputting a validity verification result;
and when the validity verification result is in accordance, the verification of the electronic signature authentication certificate with the explicit identifier is completed.
5. The method for verifying the electronic signature authentication certificate with the explicit identification as set forth in claim 4, wherein before the step of obtaining the electronic signature authentication certificate with the explicit identification comprises:
The relying party formulates an explicit identification extension checking strategy of the electronic signature certificate based on the application scene and configures the checking strategy and the associated data set thereof to a verification system.
6. The method for verifying the electronic signature authentication certificate with the explicit identification as set forth in claim 5, wherein the performing explicit identification extension verification on the electronic signature authentication certificate with the explicit identification includes:
Analyzing the certificate declaration field of the electronic signature authentication, and extracting certificate type and legal effectiveness compliance declaration;
verifying the electronic authentication service license number, verifying the qualification of the issuing institution through an industrial and informatization department license database configured in a local storage;
Verifying an identity authentication field to confirm that the identity authentication result of the applicant is normal;
The verification password component identification field matches the commercial password product authentication certificate number configured in the local storage with the national password management agency record information configured in the local storage.
7. An electronic signature authentication certificate identification device with an explicit identification, comprising:
the first acquisition module is used for acquiring an electronic signature authentication certificate request sent by an applicant party by a registration mechanism;
The authentication module is used for determining the type of the electronic signature authentication certificate based on the electronic signature authentication certificate request by the registration authority and authenticating the identity of the applicant;
the embedding module is used for embedding an explicit identification extension item in the electronic signature authentication certificate based on the type of the electronic signature authentication certificate by the certificate authority when the identity authentication of the applicant is normal;
and the signature module is used for digitally signing the electronic signature authentication certificate containing the explicit identifier extension by the certificate issuing mechanism to obtain the electronic signature authentication certificate with the explicit identifier.
8. An electronic signature authentication certificate verification device with an explicit identifier, comprising:
The second acquisition module is used for acquiring the electronic signature authentication certificate with the explicit identifier;
the first verification module is used for verifying the explicit identification extension item of the electronic signature authentication certificate with the explicit identification and outputting a legal compliance verification result;
The second verification module is used for carrying out electronic signature validity verification on the electronic signature authentication certificate with the explicit mark when the legal compliance verification result is the compliance, and outputting a validity verification result;
And the verification completion module is used for completing the verification of the electronic signature authentication certificate with the explicit identifier when the validity verification result is in accordance.
9. An electronic device, wherein the electronic device comprises:
and a memory storing computer executable instructions that, when executed, cause the processor to perform the method of any of claims 1-6.
10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-6.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510872287 | 2025-06-26 | ||
| CN2025108722875 | 2025-06-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN120455018A true CN120455018A (en) | 2025-08-08 |
Family
ID=96611163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510878844.4A Pending CN120455018A (en) | 2025-06-26 | 2025-06-27 | Electronic signature authentication certificate identification with explicit identification, verification method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120455018A (en) |
-
2025
- 2025-06-27 CN CN202510878844.4A patent/CN120455018A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112199721A (en) | Authentication information processing method, device, equipment and storage medium | |
| US11849050B1 (en) | Systems and methods of ring usage certificate extension | |
| US9946848B2 (en) | Software protection using an installation product having an entitlement file | |
| JP4113274B2 (en) | Authentication apparatus and method | |
| US20020038290A1 (en) | Digital notary system and method | |
| CN112801663B (en) | Blockchain certification method, device, system, equipment and medium | |
| WO2018070848A1 (en) | Method for providing smart contract-based certificate service, and server employing same | |
| US20020143711A1 (en) | Method and system for performing and providing notary services and verifying an electronic signature via a global computer network | |
| CN112364385B (en) | OFD format real estate electronic certificate file signature method and system | |
| CN110022318B (en) | A consortium chain management method, device and computer-readable storage medium | |
| CN117980895A (en) | Secure signing method, device and system | |
| US20230206219A1 (en) | Identification token, systems and methods for identification and identity verification. | |
| CN111476652B (en) | Blockchain-based data processing method, device, terminal and storage medium | |
| CN114172663B (en) | Business right determining method and device based on block chain, storage medium and electronic equipment | |
| WO2019178763A1 (en) | Certificate importing method and terminal | |
| CN113015973B (en) | Data processing method, storage medium, electronic device and data transaction system | |
| CN114329567B (en) | Bidding document generation method, verification method, electronic equipment and medium | |
| CN112950416A (en) | Block chain-based electronic evidence processing method and device and readable medium | |
| CN118118275A (en) | Security electronic signature and signature verification method based on front gateway | |
| CN118279065A (en) | Data right determining method and device, electronic equipment and storage medium | |
| CN120455018A (en) | Electronic signature authentication certificate identification with explicit identification, verification method and device and electronic equipment | |
| CN114638009B (en) | An electronic signature system applicable to public key cryptography technology and supporting commercial cryptographic algorithms | |
| CN120582885A (en) | Identification and verification method and device for digital certificate reliability level and electronic equipment | |
| CN117650943B (en) | User verification method and device based on distributed network, equipment and medium | |
| CN114401096B (en) | Block chain data uplink control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |