WO2020233308A1 - Self-checking method, apparatus and device based on local certificate, and storage medium - Google Patents

Self-checking method, apparatus and device based on local certificate, and storage medium Download PDF

Info

Publication number
WO2020233308A1
WO2020233308A1 PCT/CN2020/085577 CN2020085577W WO2020233308A1 WO 2020233308 A1 WO2020233308 A1 WO 2020233308A1 CN 2020085577 W CN2020085577 W CN 2020085577W WO 2020233308 A1 WO2020233308 A1 WO 2020233308A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
local
verification
application software
public key
Prior art date
Application number
PCT/CN2020/085577
Other languages
French (fr)
Chinese (zh)
Inventor
陈步青
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020233308A1 publication Critical patent/WO2020233308A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • This application relates to the field of security protection, and in particular to a self-verification method, device, equipment and storage medium based on a local certificate.
  • the HTTPS certificate (Hyper Transfer Protocol Over Secure Socket Layer, the hypertext transfer protocol with security as the goal) verification of the mobile terminal application software on the market uses the standard certificate chain verification method, that is, the operation of the mobile terminal
  • the root certificate preset by the system is verified.
  • the inventor realizes that the current certificate chain verification method has security risks in mobile devices. The reason is that many phishing websites will guide users to install illegal root certificates on mobile terminals, and there are even blacklist applications that are installed illegally on mobile clients. Root certificate, so that the HTTPS communication of the operating system of the mobile terminal will be virtual, and the HTTPS communication can be directly captured and cracked by a phishing website or a blacklist application.
  • the embodiments of the present application provide a self-verification method, device, device, and storage medium based on a local certificate, which provide a higher level of communication security guarantee for the communication between the application software and the back-end server.
  • a self-verification method based on local certificates including:
  • a self-checking device based on local certificate including:
  • the sending module is used to obtain the verification request sent when the user triggers a preset verification operation through the application software when establishing a communication connection with the back-end server through the application software, and send the verification request to the Back-end server
  • the calling module is used to obtain the secondary certificate returned by the back-end server, and call the preset truncation interface to cut the certificate chain verification;
  • the self-verification module is configured to obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate;
  • the execution module is configured to make the application program execute the verification operation when the certificate self-verification is passed.
  • the prompt interruption module is configured to prompt the failure of performing the verification operation when the certificate self-verification fails, and interrupt the communication connection established by the application software and the back-end server.
  • a computer device includes a memory, a processor, and computer-readable instructions stored in the memory and that can run on the processor.
  • the processor implements the above-mentioned local certificate-based Self-checking method.
  • a computer-readable storage medium that stores computer-readable instructions that, when executed by a processor, implements the above-mentioned self-verification method based on local certificates.
  • the local certificate-based self-verification method, device, device and storage medium provided in this application will send a verification request generated by the user to trigger a verification operation on the application software when a communication connection is established with the back-end server through the application software To the back-end server; and after obtaining the secondary certificate returned by the back-end server, call the preset truncation interface to cut off the certificate chain verification, so that the verification process does not require CA certification, nor does it need to apply for a CA certificate, saving Save money and trouble; further, obtain the local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate, so that a third-party middleman cannot attack the application software and the backend
  • the communication process between servers provides a higher level of communication security.
  • FIG. 1 is a schematic diagram of an application environment of a self-verification method based on a local certificate in an embodiment of the present application
  • Figure 2 is a flowchart of a self-verification method based on a local certificate in an embodiment of the present application
  • FIG. 3 is a flowchart of a self-verification method based on a local certificate in an embodiment of the present application
  • Figure 5 is a functional block diagram of a self-verification device based on a local certificate in an embodiment of the present application
  • Figure 6 is a functional block diagram of a self-verification device based on a local certificate in another embodiment of the present application.
  • FIG. 7 is a functional block diagram of a distribution module of a self-verification device based on a local certificate in an embodiment of the present application
  • Fig. 8 is a schematic diagram of a computer device in an embodiment of the present application.
  • the self-verification method based on the local certificate provided in this application can be applied in the application environment as shown in Figure 1, where the client communicates with the server through the network.
  • the client includes, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
  • the server can be implemented as an independent server or a server cluster composed of multiple servers.
  • a self-verification method based on a local certificate is provided. Taking the method applied to the server in FIG. 1 as an example, the method includes the following steps:
  • the application software (also called APP) refers to various programming languages that users can use, and a collection of application programs compiled in various programming languages, which are divided into application software packages and user programs;
  • the application software packages Refers to a pre-programmed software package that can complete certain functions for sale or lease.
  • the application software package can be as small as only one function (for example, printing postal signs), or it can have complex functions and run The large system on the host;
  • the user program refers to the part of the software provided to meet the application needs of users in different fields and different problems, for example, game applets.
  • the back-end server may be a webpage accessed through a browser installed on the client (ie, application software on a certain client), and the back-end server is different from the local server; understandably, one of the local servers Corresponds to a client.
  • the verification request refers to a user triggering a preset verification operation through the client's application software, and when the local server in communication with the client receives the verification request, the verification request is sent to the post End server; each of the verification operations corresponds to a function button, for example, login operations, transfer operations.
  • the client application software when the client application software establishes an HTTPS (hypertext transfer protocol for security) communication connection with the back-end server, when the user triggers a function button on the application software, the verification operation The generated verification request is sent to the back-end server. At this time, the local server will wait for the back-end server to respond to the verification request before sending its secondary certificate.
  • the secondary certificate is an HTTPS certificate applied by a CA (Certificate Authority, certificate authority) issued by the application software.
  • the issuer of the application software sends a certificate application containing the issuer information to the CA, it receives the secondary certificate derived from the CA root certificate by the CA based on the issuer information, and configures the secondary certificate to the back
  • the issuer information includes information such as the issuer's organization and domain name
  • the secondary certificate includes the certificate public key, the certificate serial number, the digital signature of the certificate authority, and the validity time of the certificate.
  • S20 Obtain the secondary certificate returned by the back-end server, and call a preset truncation interface to cut the certificate chain verification.
  • the truncation interface is an application program interface provided by a programming language.
  • the certificate chain verification refers to verifying the secondary certificate using the CA root certificate preset by the client operating system.
  • the CA root certificate is stored in a trusted certificate list. If the client installs an illegal root certificate of a third-party intermediary when visiting a phishing website or installing blacklisted application software, the trusted certificate list also includes Illegal root certificates of third-party intermediaries.
  • the back-end server when the back-end server receives the verification request sent when the verification operation is triggered by the user through the client's application software, the back-end server responds to the verification request and stores the verification request on the back-end server.
  • the secondary certificate is returned to the local server; and the local server, after obtaining the secondary certificate returned by the back-end server, obtains the truncation interface preset in the client operating system, so that the truncation interface cuts off the certificate chain verification.
  • the waiting time refers to the difference between the time of sending the verification request and the current time.
  • S30 Obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate.
  • the local certificate associated with the application software is obtained from the local database according to the unique identifier of the application software, and the local certificate associated with the application software is used to perform self-checking on the secondary certificate returned by the back-end server in step S20. Check to verify the legitimacy of the secondary certificate and avoid communication security risks.
  • the local certificate is to store the hardened secondary certificate as a local certificate in a local database when the user installs the application software issued by the issuer on the client.
  • the middleman steals the encrypted information in the HTTPS communication process needs to meet three conditions: the illegal root certificate must be installed in the client operating system in advance; the middleman secondary certificate must be issued during the HTTPS handshake process; the client application software must go It is a system check.
  • the application software does not need to request to send a system verification request for verifying the validity of the secondary certificate to the client operating system, but directly uses the local certificate inside the application software to verify the returned server certificate.
  • the client operating system installed the illegal root certificate of the third-party middleman, and the third-party middleman attacked the secondary certificate returned during the HTTPS handshake process, but the verification still failed.
  • the operation page associated with the verification operation can be displayed on the client, for example, a mobile terminal.
  • the current verification operation is prompted to be an abnormal operation, and the communication connection with the back-end server is forcibly disconnected, and after the application software re-establishes the communication connection with the back-end server , The user needle can trigger the function button corresponding to the verification operation again to resend the verification request to the back-end server.
  • the self-verification method based on the local certificate provided by this application, after obtaining the secondary certificate returned by the back-end server, calls the preset truncation interface to cut the certificate chain verification, and obtains it from the local database A local certificate associated with the application software, and use the local certificate to perform certificate self-verification on the secondary certificate.
  • the certificate self-verification is passed, the verification operation is performed; if the certificate self-verification fails, the communication connection between the application software and the back-end server is interrupted, so that the self-verification process does not need CA certification eliminates the need to apply for a CA certificate, saving money and trouble; at the same time, it prevents third-party middlemen from attacking the communication process between the application software and the back-end server, providing a higher level of communication security.
  • the communication connection established by the application software and the back-end server can be selected according to the user trigger Make the application software perform the operation associated with the selection button.
  • the display mode includes a pop-up window mode or a reload switching mode.
  • the preset window includes a plurality of selection buttons; the selection button refers to a non-check button other than the function button corresponding to the check operation; for example, a cancel button, a continue button, a return button, etc.
  • the communication connection between the application software and the back-end server is not interrupted.
  • the user performs a transfer operation in the banking system of the mobile terminal. If the certificate self-verification fails, the pop-up window displays a message "Transfer Abnormal" for the user to perform the transfer operation again, so as to prevent the transfer request from being hijacked. The account was tampered with to the account of the attacker.
  • the back-end server is made not to respond to the user’s
  • the verification request re-sent by the verification operation; at this time, the following steps are included after the step S30:
  • the record information that fails the verification is temporarily stored in a cache area in the local database, and the record information in the cache area is not cleared before the communication connection between the application software and the back-end server is re-established, At this time, when the verification request is re-sent to the back-end server for the user to trigger the verification operation through the application software, the verification request is directly rejected according to the record information in the cache area, and a prompt may be prompted The user interrupts the communication connection and then returns to the application software.
  • the local certificate of the application software may be reinforced; at this time, before the step S10, it specifically includes the following step:
  • the application software installation instruction is received, and the application software downloaded from the software publisher in the local database is acquired and installed; wherein the application software contains the local certificate; the local certificate is in the software
  • the issuer has been preset in the binary code of the application software when it is released, and has been reinforced by a preset reinforcement tool.
  • the application software on the client can package the local certificate into the application software, and then receive the secondary certificate from the back-end server It can effectively verify whether the back-end server is credible and whether the encrypted information is stolen by a third-party middleman.
  • the installation instruction containing the name of the application software sent by the user from the client obtaining the application software matching the name of the application software from the local database, the local certificate required to install the application software, and the calling interface of the reinforcement tool
  • the application software released by the publisher is automatically installed, and during the installation of the application software, the local certificate is preset in the binary code of the installed application software, and the reinforcement tool is called through the call interface of the reinforcement tool.
  • the local certificate is reinforced to further ensure the security of the communication connection.
  • the local certificate-based self-verification method provided by this application has pre-installed the certificate into the binary code of the application software and reinforced it when the application software is released by the publisher, so that the application software and the back-end server When a communication connection is established, a higher security level is reached, and it is difficult to crack encrypted information.
  • the step S30 is to obtain the local certificate associated with the application software from the local database, and use the local certificate to perform self-certification on the secondary certificate.
  • the verification includes the following steps:
  • the certificate chain verification is to install a CA root certificate issued by an existing CA organization in the client operating system, and unconditionally information about the root certificate, and subsequent application software issuances apply to the CA organization for an HTTPS certificate , And receiving that the CA organization will generate a secondary certificate based on its own root certificate and issuer information, which is returned by the back-end server; if the local server obtains the secondary certificate returned by the back-end server, it will request the client The end operating system verifies the legitimacy of the secondary certificate. At this time, the client operating system uses the existing CA root certificate to verify the secondary certificate and returns the verification result to the local server.
  • the local server after obtaining the secondary certificate returned by the back-end server, the local server obtains the truncation interface preset in the client operating system, so that the truncation interface cuts off the certificate chain verification, and the local server detects When the system verification request fails to be sent to the client operating system, it is determined that the certificate chain verification is cut off, and a system verification failure prompt is issued. At this time, the self-verification is automatically run, that is, the acquisition is built in the local database
  • the local public key of the local certificate associated with the application and after obtaining the public key of the secondary certificate to be verified in step S202, according to the local public key of the local certificate and the value of the secondary certificate
  • the public key to be verified is self-verified within the application software.
  • S302 After parsing the obtained secondary certificate, obtain the public key to be verified of the secondary certificate, and detect whether the local public key is consistent with the public key to be verified.
  • the secondary certificate includes the address identifier (domain name or uniform resource locator) of the back-end server, the certificate serial number, the name of the certificate issuer, the certificate public key (that is, the public key to be verified), etc.
  • the public key to be verified of the secondary certificate is obtained, and the local public key of the local certificate associated with the application software in the database is used for the public key to be verified of the secondary certificate Perform public key verification (one of the self-verification methods) to verify whether the public key to be verified is consistent with the local public key.
  • public key verification one of the self-verification methods
  • step S301 the following steps are further included:
  • the address detection interface is an application program interface provided by a programming language.
  • the address identifier domain name or uniform resource locator
  • the address detection interface preset in the client operating system is called Perform address verification on the address identifier to verify the validity and legality of the address identifier; at the same time, use the local public key to perform public key verification on the public key to be verified to verify the public key to be verified. Whether the key is consistent with the local public key.
  • the secondary certificate is a legal certificate and the verification passed; and the address is identified as an invalid illegal address , Or when the local public key is inconsistent with the public key to be verified, it is determined that the secondary certificate is an illegal certificate and the verification fails.
  • the user uses the browser on the client to access website A of domain name 1. Because the domain name of the website is hijacked by a third-party intermediary, the user will be taken to the fake website B of domain 2; if the certificate of the fake website B is issued by a non-CA organization If the forged secondary certificate of the website is not trusted, the browser will prompt that the certificate of the current website is not trusted; and if the certificate of the forged website B is a secondary certificate issued by the CA, without address verification, the browser on the client There may not be any warnings.
  • a self-verification device based on a local certificate is provided, and the self-verification device based on a local certificate corresponds to the self-verification method based on a local certificate in the foregoing embodiment in a one-to-one correspondence.
  • the local certificate-based self-verification device includes a sending module 110, a calling module 120, a self-verification module 130, an execution module 140, and a prompt interrupt module 150.
  • the detailed description of each functional module is as follows:
  • the sending module 110 is used to obtain a verification request sent when a user triggers a preset verification operation through the application software when a communication connection is established with the back-end server through the application software, and send the verification request to the The back-end server.
  • the calling module 120 is configured to obtain the secondary certificate returned by the back-end server, and call a preset truncation interface to cut the certificate chain verification.
  • the self-verification module 130 is configured to obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate.
  • the execution module 140 is configured to make the application program perform the verification operation when the certificate self-verification is passed.
  • the prompt interruption module 150 is used for prompting that the verification operation fails when the certificate self-verification fails, and interrupts the communication connection established by the application software and the back-end server.
  • the self-verification device based on the local certificate further includes a display module 60 and a selection module 70, and each functional module is described in detail as follows:
  • the display module 60 is configured to continue to maintain the communication connection established between the application software and the back-end server when the certificate self-verification fails, and display a preset window containing security warning information according to a preset display mode On the client side.
  • the selection module 70 is configured to make the application program perform an operation associated with the selection button according to the selection button triggered by the user in the preset window.
  • the self-verification device based on the local certificate further includes an installation module, and the functional module is described in detail as follows:
  • the installation module is configured to receive an installation instruction of the application software, obtain and install the application software downloaded from the software issuer in the local database; wherein, the application software includes the local certificate; the local The certificate has been preset in the binary code of the application software when issued by the software publisher, and has been reinforced by a preset reinforcement tool.
  • the self-checking module 130 includes the following sub-modules, and each functional sub-module is described in detail as follows:
  • the obtaining sub-module 131 is configured to obtain the local public key of the local certificate associated with the application program built in the local database after confirming that the certificate chain verification has been cut.
  • the detection submodule 132 is configured to obtain the public key to be verified of the secondary certificate after parsing the acquired secondary certificate, and to detect whether the local public key is consistent with the public key to be verified .
  • the first result submodule 133 is configured to determine that the certificate self-verification passes when the local public key is consistent with the public key to be verified.
  • the second result sub-module 134 is configured to determine that the certificate self-verification fails when the local public key is inconsistent with the public key to be verified.
  • the self-checking module 130 further includes the following sub-modules, and each functional sub-module is described in detail as follows:
  • the double verification module is used to obtain the address identifier of the secondary certificate and the public key to be verified after parsing the acquired secondary certificate, and call a preset address detection interface to verify the status of the secondary certificate
  • the address identifier performs address verification, and uses the local public key to perform public key verification on the public key to be verified of the secondary certificate.
  • each module in the above-mentioned local certificate-based self-verification device can be implemented in whole or in part by software, hardware, and combinations thereof.
  • the foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
  • a computer device is provided.
  • the computer device may be a server, and its internal structure diagram may be as shown in FIG. 8.
  • the computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium.
  • the computer-readable instructions are executed by the processor to realize a self-verification method based on local certificates.
  • a computer device including a memory, a processor, and computer-readable instructions stored in the memory and running on the processor, and the processor implements the following steps when the processor executes the computer-readable instructions:
  • a computer-readable storage medium may be non-volatile or volatile, and computer-readable instructions are stored thereon, and the computer-readable instructions are The following steps are implemented during execution:
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • ROM read only memory
  • PROM programmable ROM
  • EPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

Provided are a self-checking method, apparatus and device based on a local certificate, and a storage medium. The method comprises: when communication connection with a back-end server is established by means of application software, acquiring a checking request sent when a user triggers a preset checking operation by means of the application software, and sending the checking request to the back-end server; acquiring a second-level certificate returned by the back-end server, and calling a preset truncation interface to cut off certificate chain checking; acquiring, from a local database, a local certificate associated with the application software, and using the local certificate to perform certificate self-checking on the second-level certificate; when the certificate self-checking is passed, enabling an application program to execute the checking operation; and when the certificate self-checking is not passed, prompting that execution of the checking operation fails, and interrupting the communication connection established between the application software and the back-end server. According to the present application, communication security assurance of a higher level is provided for communication between application software and a back-end server.

Description

基于本地证书的自校验方法、装置、设备及存储介质Self-verification method, device, equipment and storage medium based on local certificate
本申请要求于2019年5月22日提交中国专利局、申请号为201910430075.6,发明名称为“基于本地证书的自校验方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the Chinese Patent Office on May 22, 2019, the application number is 201910430075.6, and the invention title is "self-verification method, device, equipment and storage medium based on local certificate", all of which The content is incorporated in this application by reference.
技术领域Technical field
本申请涉及安全防护领域,具体涉及一种基于本地证书的自校验方法、装置、设备及存储介质。This application relates to the field of security protection, and in particular to a self-verification method, device, equipment and storage medium based on a local certificate.
背景技术Background technique
目前,市面上的移动终端应用软件的HTTPS证书(Hyper Transfer Protocol Over Secure Socket Layer,以安全为目标的超文本传输协议)校验均使用标准的证书链校验方式,也即使用移动终端的操作***预置的根证书进行验证。发明人意识到,目前的证书链校验方式在移动端设备已存在安全隐患,原因在于目前很多钓鱼网站会引导用户在移动终端安装非法根证书,甚至有黑名单应用在移动客户端偷偷安装非法根证书,从而该移动终端的操作***的HTTPS通信将如同虚设,该HTTPS通信可直接被钓鱼网站或者黑名单应用抓包并破解。At present, the HTTPS certificate (Hyper Transfer Protocol Over Secure Socket Layer, the hypertext transfer protocol with security as the goal) verification of the mobile terminal application software on the market uses the standard certificate chain verification method, that is, the operation of the mobile terminal The root certificate preset by the system is verified. The inventor realizes that the current certificate chain verification method has security risks in mobile devices. The reason is that many phishing websites will guide users to install illegal root certificates on mobile terminals, and there are even blacklist applications that are installed illegally on mobile clients. Root certificate, so that the HTTPS communication of the operating system of the mobile terminal will be virtual, and the HTTPS communication can be directly captured and cracked by a phishing website or a blacklist application.
基于此,有必要提供一种HTTPS证书校验方法,以保证高级别安全的HTTPS通信。Based on this, it is necessary to provide an HTTPS certificate verification method to ensure high-level secure HTTPS communication.
发明内容Summary of the invention
本申请实施例提供一种基于本地证书的自校验方法、装置、设备及存储介质,为应用软件与后端服务器之间的通信提供了更高级别的通信安全保障。The embodiments of the present application provide a self-verification method, device, device, and storage medium based on a local certificate, which provide a higher level of communication security guarantee for the communication between the application software and the back-end server.
一种基于本地证书的自校验方法,包括:A self-verification method based on local certificates, including:
在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
一种基于本地证书的自校验装置,包括:A self-checking device based on local certificate, including:
发送模块,用于在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;The sending module is used to obtain the verification request sent when the user triggers a preset verification operation through the application software when establishing a communication connection with the back-end server through the application software, and send the verification request to the Back-end server
调用模块,用于获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;The calling module is used to obtain the secondary certificate returned by the back-end server, and call the preset truncation interface to cut the certificate chain verification;
自校验模块,用于自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;The self-verification module is configured to obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate;
执行模块,用于在所述证书自校验通过时,令所述应用程序执行该校验操作。The execution module is configured to make the application program execute the verification operation when the certificate self-verification is passed.
提示中断模块,用于在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。The prompt interruption module is configured to prompt the failure of performing the verification operation when the certificate self-verification fails, and interrupt the communication connection established by the application software and the back-end server.
一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现上述基于本地证书的自校验方法。A computer device includes a memory, a processor, and computer-readable instructions stored in the memory and that can run on the processor. The processor implements the above-mentioned local certificate-based Self-checking method.
一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时实现上述基于本地证书的自校验方法。A computer-readable storage medium that stores computer-readable instructions that, when executed by a processor, implements the above-mentioned self-verification method based on local certificates.
本申请提供的基于本地证书的自校验方法、装置、设备及存储介质,在通过应用软件与后端服务器建立通信连接时,将针对用户在应用软件上触发校验操作生成的校验请求发送至所述后端服务器;而在获取所述后端服务器返回的二级证书之后,调用预设的截断接口斩断证书链校验,使得校验过程无需CA认证,也无需申请CA证书,省钱省事;进一步的,自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验,使 得第三方中间人无法攻击应用软件与后端服务器之间的通信过程,提供更高级别的通信安全保障。The local certificate-based self-verification method, device, device and storage medium provided in this application will send a verification request generated by the user to trigger a verification operation on the application software when a communication connection is established with the back-end server through the application software To the back-end server; and after obtaining the secondary certificate returned by the back-end server, call the preset truncation interface to cut off the certificate chain verification, so that the verification process does not require CA certification, nor does it need to apply for a CA certificate, saving Save money and trouble; further, obtain the local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate, so that a third-party middleman cannot attack the application software and the backend The communication process between servers provides a higher level of communication security.
附图说明Description of the drawings
图1是本申请一实施例中基于本地证书的自校验方法的应用环境示意图;FIG. 1 is a schematic diagram of an application environment of a self-verification method based on a local certificate in an embodiment of the present application;
图2是本申请一实施例中基于本地证书的自校验方法的流程图;Figure 2 is a flowchart of a self-verification method based on a local certificate in an embodiment of the present application;
图3是本申请令一实施例中基于本地证书的自校验方法的流程图;FIG. 3 is a flowchart of a self-verification method based on a local certificate in an embodiment of the present application;
图4是本申请一实施例中基于本地证书的自校验方法的步骤S30的流程图;4 is a flowchart of step S30 of a self-verification method based on a local certificate in an embodiment of the present application;
图5是本申请一实施例中基于本地证书的自校验装置的原理框图;Figure 5 is a functional block diagram of a self-verification device based on a local certificate in an embodiment of the present application;
图6是本申请另一实施例中基于本地证书的自校验装置的原理框图;Figure 6 is a functional block diagram of a self-verification device based on a local certificate in another embodiment of the present application;
图7是本申请一实施例中基于本地证书的自校验装置的分配模块的原理框图;FIG. 7 is a functional block diagram of a distribution module of a self-verification device based on a local certificate in an embodiment of the present application;
图8是本申请一实施例中计算机设备的示意图。Fig. 8 is a schematic diagram of a computer device in an embodiment of the present application.
具体实施方式Detailed ways
本申请提供的基于本地证书的自校验方法,可应用在如图1的应用环境中,其中,客户端通过网络与服务器进行通信。其中,客户端包括但不限于为各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备。服务器可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The self-verification method based on the local certificate provided in this application can be applied in the application environment as shown in Figure 1, where the client communicates with the server through the network. Among them, the client includes, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server can be implemented as an independent server or a server cluster composed of multiple servers.
在一实施例中,如图2所示,提供一种基于本地证书的自校验方法,以该方法应用在图1中的服务器为例进行说明,包括以下步骤:In an embodiment, as shown in FIG. 2, a self-verification method based on a local certificate is provided. Taking the method applied to the server in FIG. 1 as an example, the method includes the following steps:
S10,在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器。S10: When establishing a communication connection with a back-end server through application software, obtain a verification request sent when a user triggers a preset verification operation through the application software, and send the verification request to the back-end server .
其中,所述应用软件(也称APP)是指用户可以使用的各种程序设计语言,以及用各种程序语言编制的应用程序的集合,分为应用软件包和用户程序;所述应用软件包是指预先编制好的、能完成一定功能的、供出售或出租的成套软件***,所述应用软件包可以小到只有一项功能(例如,打印邮签),也可以是具有复杂功能、运行在主机上的大***;所述用户程序是指为满足用户不同领 域、不同问题的应用需求而提供的那部分软件,例如,游戏小程序。Wherein, the application software (also called APP) refers to various programming languages that users can use, and a collection of application programs compiled in various programming languages, which are divided into application software packages and user programs; the application software packages Refers to a pre-programmed software package that can complete certain functions for sale or lease. The application software package can be as small as only one function (for example, printing postal signs), or it can have complex functions and run The large system on the host; the user program refers to the part of the software provided to meet the application needs of users in different fields and different problems, for example, game applets.
所述后端服务器可以是通过安装在客户端上的浏览器(即某一客户端上的应用软件)访问的网页,且该后端服务器区别于本地服务器;可理解的,一个所述本地服务器对应于一个客户端。The back-end server may be a webpage accessed through a browser installed on the client (ie, application software on a certain client), and the back-end server is different from the local server; understandably, one of the local servers Corresponds to a client.
所述校验请求是指用户通过客户端的应用软件触发预设的校验操作生成的,而在与该客户端通信连接的本地服务器接收到该校验请求时,将该校验请求发送至后端服务器;每个所述校验操作对应一个功能按钮,例如,登录操作,转账操作。The verification request refers to a user triggering a preset verification operation through the client's application software, and when the local server in communication with the client receives the verification request, the verification request is sent to the post End server; each of the verification operations corresponds to a function button, for example, login operations, transfer operations.
在本实施例中,在客户端的应用软件与后端服务器建立HTTPS(以安全为目标的超文本传输协议)通信连接时,在用户触发所述应用软件上的功能按钮时,将针对校验操作生成的校验请求发送至后端服务器,此时,本地服务器将等待后端服务器响应所述校验请求之后发送其二级证书。作为优选,所述二级证书为应用软件的发布方向CA机构(Certificate Authority,证书授权机构)申请的HTTPS证书。In this embodiment, when the client application software establishes an HTTPS (hypertext transfer protocol for security) communication connection with the back-end server, when the user triggers a function button on the application software, the verification operation The generated verification request is sent to the back-end server. At this time, the local server will wait for the back-end server to respond to the verification request before sending its secondary certificate. Preferably, the secondary certificate is an HTTPS certificate applied by a CA (Certificate Authority, certificate authority) issued by the application software.
可理解的,应用软件的发布方向CA机构发送包含发布方信息的证书申请之后,接收CA机构根据所述发布方信息从CA根证书派生的二级证书,并将所述二级证书配置到后端服务器中,同时开发应用软件给用户使用。其中,所述发布方信息包含发布方组织、域名等信息;所述二级证书包含证书公钥、证书序列号、证书授权中心的数字签名和证书有效时间等。Understandably, after the issuer of the application software sends a certificate application containing the issuer information to the CA, it receives the secondary certificate derived from the CA root certificate by the CA based on the issuer information, and configures the secondary certificate to the back In the end server, application software is also developed for users to use. Wherein, the issuer information includes information such as the issuer's organization and domain name; the secondary certificate includes the certificate public key, the certificate serial number, the digital signature of the certificate authority, and the validity time of the certificate.
S20,获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验。S20: Obtain the secondary certificate returned by the back-end server, and call a preset truncation interface to cut the certificate chain verification.
其中,所述截断接口是由编程语言提供的应用程序接口。Wherein, the truncation interface is an application program interface provided by a programming language.
所述证书链式校验是指使用客户端操作***预置的CA根证书对二级证书进行校验。作为优选,所述CA根证书存放在可信证书列表中,若客户端在访问钓鱼网站或者安装黑名单应用软件时安装了第三方中间人的非法根证书,则所述可信证书列表中还包含第三方中间人的非法根证书。The certificate chain verification refers to verifying the secondary certificate using the CA root certificate preset by the client operating system. Preferably, the CA root certificate is stored in a trusted certificate list. If the client installs an illegal root certificate of a third-party intermediary when visiting a phishing website or installing blacklisted application software, the trusted certificate list also includes Illegal root certificates of third-party intermediaries.
在本实施例中,在后端服务器接收到针对用户通过客户端的应用软件触发校验操作时发送的校验请求时,该后端服务器响应该校验请求,并将存储在后端服 务器上的二级证书返回至本地服务器;而本地服务器在获取到后端服务器返回的二级证书之后,获取客户端操作***中预置的截断接口,令该截断接口斩断证书链式校验。作为优选,在等待所述后端服务器返回二级证书时,获取等待时长,并检测所述等待时长是否超过预设时长阈值;在所述等待时长超过(大于)预设时长阈值时,提示用户发送请求失败;而在所述等待时长未超过(等于或小于)预设时长阈值时,提示用户正在校验过程中。其中,所述等待时长是指发送所述校验请求的时间与当前时间的差值。In this embodiment, when the back-end server receives the verification request sent when the verification operation is triggered by the user through the client's application software, the back-end server responds to the verification request and stores the verification request on the back-end server. The secondary certificate is returned to the local server; and the local server, after obtaining the secondary certificate returned by the back-end server, obtains the truncation interface preset in the client operating system, so that the truncation interface cuts off the certificate chain verification. Preferably, when waiting for the back-end server to return the secondary certificate, obtain the waiting time, and detect whether the waiting time exceeds a preset time threshold; when the waiting time exceeds (greater than) the preset time threshold, prompt the user Sending the request fails; and when the waiting time does not exceed (equal to or less than) the preset time threshold, the user is prompted that the verification process is in progress. Wherein, the waiting time refers to the difference between the time of sending the verification request and the current time.
S30,自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验。S30: Obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate.
作为优选,根据应用软件的唯一标识自本地数据库中获取与所述应用软件关联的本地证书,使用与所述应用软件关联的本地证书对所述步骤S20中后端服务器返回的二级证书进行自校验,以验证所述二级证书的合法性,避免通信的安全隐患问题。其中,所述本地证书是在用户在客户端安装所述发布方发布的应用软件时,将经过加固之后的所述二级证书作为本地证书存储在本地数据库中。Preferably, the local certificate associated with the application software is obtained from the local database according to the unique identifier of the application software, and the local certificate associated with the application software is used to perform self-checking on the secondary certificate returned by the back-end server in step S20. Check to verify the legitimacy of the secondary certificate and avoid communication security risks. Wherein, the local certificate is to store the hardened secondary certificate as a local certificate in a local database when the user installs the application software issued by the issuer on the client.
可理解的,中间人窃取HTTPS通信过程中的加密信息需要达到三个条件:必须在客户端操作***预先安装非法根证书;必须在HTTPS握手过程中下发中间人二级证书;客户端的应用软件走的是***校验。而本实施例中,所述应用软件无需请求向客户端操作***发送用于验证二级证书合法性的***校验请求,而是直接采用应用软件内部的本地证书对返回的服务端证书进行校验,使得客户端操作***安装了第三方中间人的非法根证书,并在第三方中间人攻击了HTTPS握手过程返回的二级证书,依然无法通过校验。Understandably, the middleman steals the encrypted information in the HTTPS communication process needs to meet three conditions: the illegal root certificate must be installed in the client operating system in advance; the middleman secondary certificate must be issued during the HTTPS handshake process; the client application software must go It is a system check. In this embodiment, the application software does not need to request to send a system verification request for verifying the validity of the secondary certificate to the client operating system, but directly uses the local certificate inside the application software to verify the returned server certificate. After verification, the client operating system installed the illegal root certificate of the third-party middleman, and the third-party middleman attacked the secondary certificate returned during the HTTPS handshake process, but the verification still failed.
S40,在所述证书自校验通过时,令所述应用程序执行该校验操作。S40: When the certificate self-verification passes, the application program is allowed to perform the verification operation.
也即,在所述证书自校验通过时,可以将与该校验操作关联的操作页面显示在客户端,例如,移动终端。That is, when the certificate self-verification passes, the operation page associated with the verification operation can be displayed on the client, for example, a mobile terminal.
S50,在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。S50: When the certificate self-verification fails, prompting that the verification operation has failed, and interrupting the communication connection established by the application software and the back-end server.
在所述二级证书检验未通过时,提示当前的校验操作为异常操作,并强行断开与后端服务器的通信连接,而在所述应用软件与所述后端服务器重新建立通信 连接之后,所述用户针可以再次触发与所述校验操作对应的功能按钮,向后端服务器重新发送校验请求。When the secondary certificate verification fails, the current verification operation is prompted to be an abnormal operation, and the communication connection with the back-end server is forcibly disconnected, and after the application software re-establishes the communication connection with the back-end server , The user needle can trigger the function button corresponding to the verification operation again to resend the verification request to the back-end server.
综上所述,本申请提供的基于本地证书的自校验方法,在获取所述后端服务器返回的二级证书之后,调用预设的截断接口斩断证书链校验,自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验。若所述证书自校验通过,则执行该校验操作;若所述证书自校验未通过,则中断所述应用软件与所述后端服务器之间的通信连接,使得自校验过程无需CA认证,也无需申请CA证书,省钱省事;同时使得第三方中间人无法攻击应用软件与后端服务器之间的通信过程,提供更高级别的通信安全保障。In summary, the self-verification method based on the local certificate provided by this application, after obtaining the secondary certificate returned by the back-end server, calls the preset truncation interface to cut the certificate chain verification, and obtains it from the local database A local certificate associated with the application software, and use the local certificate to perform certificate self-verification on the secondary certificate. If the certificate self-verification is passed, the verification operation is performed; if the certificate self-verification fails, the communication connection between the application software and the back-end server is interrupted, so that the self-verification process does not need CA certification eliminates the need to apply for a CA certificate, saving money and trouble; at the same time, it prevents third-party middlemen from attacking the communication process between the application software and the back-end server, providing a higher level of communication security.
在另一实施例中,如图3所示,为了提升用户体验,便于用户操作客户端的应用软件,可以在不中断该应用软件与后端服务器建立的通信连接情况下,根据用户触发的选择按钮令应用软件执行与该选择按钮关联的操作。此时,所述步骤S30之后包括以下步骤:In another embodiment, as shown in FIG. 3, in order to improve the user experience and facilitate the user to operate the application software of the client, the communication connection established by the application software and the back-end server can be selected according to the user trigger Make the application software perform the operation associated with the selection button. At this time, the following steps are included after the step S30:
S50,在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端。S50: When the certificate self-verification fails, continue to maintain the communication connection established between the application software and the back-end server, and display a preset window containing security warning information on the client according to a preset display mode.
其中,所述显示模式包括弹窗模式或重新加载转入模式等。Wherein, the display mode includes a pop-up window mode or a reload switching mode.
所述预设窗口包含多个选择按钮;所述选择按钮是指除与所述校验操作对应的功能按钮之外的非校验按钮;例如,取消按钮,继续按钮,返回按钮等。The preset window includes a plurality of selection buttons; the selection button refers to a non-check button other than the function button corresponding to the check operation; for example, a cancel button, a continue button, a return button, etc.
可理解的,在所述证书自校验未通过时,不中断所述应用软件与所述后端服务器的通信连接。示例性的,用户在移动终端的银行***执行转账操作,若所述证书自校验失败,弹窗显示一条“转账异常”的信息以供用户重新执行该转账操作,避免转账请求被劫持,转账账号被篡改为攻击者的账号。Understandably, when the certificate self-verification fails, the communication connection between the application software and the back-end server is not interrupted. Exemplarily, the user performs a transfer operation in the banking system of the mobile terminal. If the certificate self-verification fails, the pop-up window displays a message "Transfer Abnormal" for the user to perform the transfer operation again, so as to prevent the transfer request from being hijacked. The account was tampered with to the account of the attacker.
S60,根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。S60: According to the selection button triggered by the user in the preset window, the application program is executed to perform an operation associated with the selection button.
示例性的,在所述用户触发预设窗口上的返回按钮时,继续所述应用软件与所述后端服务器之间的通信连接;Exemplarily, when the user triggers the return button on the preset window, continue the communication connection between the application software and the back-end server;
在所述用户触发预设窗口上的取消按钮时,结束所述客户端应用与所述服务端应用之间的通信连接。When the user triggers the cancel button on the preset window, the communication connection between the client application and the server application is ended.
在一实施例中,在所述证书自校验未通过时,若所述应用软件与所述后端服务器仍在通信连接,为了减小安全隐患,令所述后端服务器不响应用户针对所述校验操作重新发送的所述校验请求;此时,所述步骤S30之后包括以下步骤:In one embodiment, when the certificate self-verification fails, if the application software is still in communication with the back-end server, in order to reduce security risks, the back-end server is made not to respond to the user’s The verification request re-sent by the verification operation; at this time, the following steps are included after the step S30:
在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,若针对用户通过所述应用软件触发所述校验操作重新向所述后端服务器发送所述校验请求,则令所述应用软件拒绝执行所述校验操作。When the certificate self-verification fails, continue to maintain the communication connection established by the application software and the back-end server, and if the verification operation is triggered by the user through the application software, send again to the back-end server The verification request causes the application software to refuse to perform the verification operation.
作为优选,将校验未通过的记录信息暂存至本地数据库中的缓存区域,在所述应用软件与所述后端服务器未重新建立通信连接之前,不清除所述缓存区域中的记录信息,此时,在针对用户通过所述应用软件触发所述校验操作重新向后端服务器发送所述校验请求时,根据所述缓存区域中的记录信息直接驳回所述校验请求,且可以提示用户中断通信连接之后再返回该应用软件。Preferably, the record information that fails the verification is temporarily stored in a cache area in the local database, and the record information in the cache area is not cleared before the communication connection between the application software and the back-end server is re-established, At this time, when the verification request is re-sent to the back-end server for the user to trigger the verification operation through the application software, the verification request is directly rejected according to the record information in the cache area, and a prompt may be prompted The user interrupts the communication connection and then returns to the application software.
在一实施例中,为了避免中间人攻击,提高所述应用软件与后端服务器之间的通信安全,可以对所述应用软件的本地证书进行加固;此时,所述步骤S10之前,具体包括以下步骤:In an embodiment, in order to avoid man-in-the-middle attacks and improve the communication security between the application software and the back-end server, the local certificate of the application software may be reinforced; at this time, before the step S10, it specifically includes the following step:
接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The application software installation instruction is received, and the application software downloaded from the software publisher in the local database is acquired and installed; wherein the application software contains the local certificate; the local certificate is in the software The issuer has been preset in the binary code of the application software when it is released, and has been reinforced by a preset reinforcement tool.
可理解的,客户端上的应用软件为了防止第三方中间人攻击(即中间人窃取HTTPS通信过程中的加密信息),可以将本地证书打包进应用软件中,后续在收到后端服务器的二级证书时,能够有效地验证后端服务器是否可信,加密信息是否被第三方中间人窃取。Understandably, in order to prevent third-party man-in-the-middle attacks (that is, man-in-the-middle stealing encrypted information in the HTTPS communication process), the application software on the client can package the local certificate into the application software, and then receive the secondary certificate from the back-end server It can effectively verify whether the back-end server is credible and whether the encrypted information is stolen by a third-party middleman.
具体的,接收用户自客户端发送的包含应用软件名称的安装指令,从本地数据库中获取与所述应用软件名称匹配的应用软件、安装该应用软件所需的本地证书以及加固工具的调用接口,自动安装由发布方发布的该应用软件,并在安装该应用软件过程中时,将该本地证书预置在安装好的所述应用软件的二进制代 码,并通过加固工具的调用接口调用加固工具对所述本地证书进行加固,进一步保障通信连接的安全性。Specifically, receiving the installation instruction containing the name of the application software sent by the user from the client, obtaining the application software matching the name of the application software from the local database, the local certificate required to install the application software, and the calling interface of the reinforcement tool, The application software released by the publisher is automatically installed, and during the installation of the application software, the local certificate is preset in the binary code of the installed application software, and the reinforcement tool is called through the call interface of the reinforcement tool. The local certificate is reinforced to further ensure the security of the communication connection.
综上所述,本申请提供的基于本地证书的自校验方法,在发布方发布的应用软件时,已将证书预置到应用软件的二进制代码中并进行加固,使得应用软件与后端服务器建立通信连接时,达到了更高的安全级别,加密信息破解难度高。In summary, the local certificate-based self-verification method provided by this application has pre-installed the certificate into the binary code of the application software and reinforced it when the application software is released by the publisher, so that the application software and the back-end server When a communication connection is established, a higher security level is reached, and it is difficult to crack encrypted information.
在一实施例中,如图4所示,所述步骤S30,即所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验,包括以下步骤:In one embodiment, as shown in FIG. 4, the step S30 is to obtain the local certificate associated with the application software from the local database, and use the local certificate to perform self-certification on the secondary certificate. The verification includes the following steps:
S301,在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥。S301: After confirming that the certificate chain verification has been cut, obtain a local public key of a local certificate that is built in the local database and associated with the application.
可理解的,所述证书链式校验是在客户端操作***安装现有CA机构颁发的CA根证书,并对所述根证书无条件信息,后续应用软件的发布方向所述CA机构申请HTTPS证书,并接收所述CA机构会根据本身的根证书以及发布方信息生成二级证书,该二级证书由后端服务器返回;若本地服务器获取到由后端服务器返回该二级证书,则请求客户端操作***校验该二级证书的合法性,此时,客户端操作***会使用现有的CA根证书对二级证书进行校验,并将校验结果返回给本地服务器。It is understandable that the certificate chain verification is to install a CA root certificate issued by an existing CA organization in the client operating system, and unconditionally information about the root certificate, and subsequent application software issuances apply to the CA organization for an HTTPS certificate , And receiving that the CA organization will generate a secondary certificate based on its own root certificate and issuer information, which is returned by the back-end server; if the local server obtains the secondary certificate returned by the back-end server, it will request the client The end operating system verifies the legitimacy of the secondary certificate. At this time, the client operating system uses the existing CA root certificate to verify the secondary certificate and returns the verification result to the local server.
而在本实施例中,本地服务器在获取到后端服务器返回的二级证书之后,获取客户端操作***中预置的截断接口,令该截断接口斩断证书链式校验,在本地服务器检测到向客户端操作***发送***校验请求失败时,确定斩断了证书链式校验,并发出***校验失败的提示,此时,自动运行自校验,也即获取内置在本地数据库中与所述应用程序关联的本地证书的本地公钥,并在所述步骤S202获取所述二级证书的待校验公钥之后,根据所述本地证书的本地公钥和所述二级证书的待校验公钥在应用软件内部进行自校验。In this embodiment, after obtaining the secondary certificate returned by the back-end server, the local server obtains the truncation interface preset in the client operating system, so that the truncation interface cuts off the certificate chain verification, and the local server detects When the system verification request fails to be sent to the client operating system, it is determined that the certificate chain verification is cut off, and a system verification failure prompt is issued. At this time, the self-verification is automatically run, that is, the acquisition is built in the local database The local public key of the local certificate associated with the application, and after obtaining the public key of the secondary certificate to be verified in step S202, according to the local public key of the local certificate and the value of the secondary certificate The public key to be verified is self-verified within the application software.
S302,对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致。S302: After parsing the obtained secondary certificate, obtain the public key to be verified of the secondary certificate, and detect whether the local public key is consistent with the public key to be verified.
S303,在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验通过。S303: When the local public key is consistent with the public key to be verified, it is determined that the certificate self-verification is passed.
S304,在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通 过。S304: When the local public key is inconsistent with the public key to be verified, it is determined that the certificate self-verification has not passed.
在本实施例中,所述二级证书中包含后端服务器的地址标识(域名或者统一资源定位符)、证书序列号、证书颁发者名称、证书公钥(即待校验公钥)等。In this embodiment, the secondary certificate includes the address identifier (domain name or uniform resource locator) of the back-end server, the certificate serial number, the name of the certificate issuer, the certificate public key (that is, the public key to be verified), etc.
具体的,对二级证书进行解析之后,获取该二级证书的待校验公钥,使用数据库中与所述应用软件关联的本地证书的本地公钥对该二级证书的待校验公钥进行公钥验证(自校验方式之一),以验证所述待校验公钥与所述本地公钥是否一致。在所述本地公钥与所述待校验公钥一致时,确定该二级证书为合法证书且校验通过;而在所述本地公钥与所述待校验公钥不一致时,确定该二级证书为非法证书且校验未通过。Specifically, after the secondary certificate is parsed, the public key to be verified of the secondary certificate is obtained, and the local public key of the local certificate associated with the application software in the database is used for the public key to be verified of the secondary certificate Perform public key verification (one of the self-verification methods) to verify whether the public key to be verified is consistent with the local public key. When the local public key is consistent with the public key to be verified, it is determined that the secondary certificate is a legal certificate and the verification is passed; and when the local public key is inconsistent with the public key to be verified, it is determined that The secondary certificate is an illegal certificate and the verification fails.
在另一实施例中,所述步骤S301之后还包括以下步骤:In another embodiment, after the step S301, the following steps are further included:
对获取到的所述二级证书进行解析之后,获取所述二级证书的地址标识和待校验公钥,调用预设的地址检测接口对所述二级证书的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。After parsing the obtained secondary certificate, obtain the address identifier of the secondary certificate and the public key to be verified, and call the preset address detection interface to perform address verification on the address identifier of the secondary certificate. And use the local public key to perform public key verification on the public key to be verified of the secondary certificate.
其中,所述地址检测接口是由编程语言提供的应用程序接口。Wherein, the address detection interface is an application program interface provided by a programming language.
在本实施例中,对二级证书进行解析之后,获取所述二级证书的地址标识(域名或者统一资源定位符)和待校验公钥,调用客户端操作***中预置的地址检测接口对所述地址标识进行地址校验,以验证该地址标识的有效性以及合法性;同时使用所述本地公钥对所述待校验公钥进行公钥验证,以验证所述待校验公钥与所述本地公钥是否一致。在所述地址标识为有效合法地址,且所述本地公钥与所述待校验公钥一致时,确定该二级证书为合法证书且校验通过;而在所述地址标识为无效非法地址,或所述本地公钥与所述待校验公钥不一致时,确定该二级证书为非法证书且校验未通过。In this embodiment, after the secondary certificate is parsed, the address identifier (domain name or uniform resource locator) of the secondary certificate and the public key to be verified are obtained, and the address detection interface preset in the client operating system is called Perform address verification on the address identifier to verify the validity and legality of the address identifier; at the same time, use the local public key to perform public key verification on the public key to be verified to verify the public key to be verified. Whether the key is consistent with the local public key. When the address is identified as a valid legal address, and the local public key is consistent with the public key to be verified, it is determined that the secondary certificate is a legal certificate and the verification passed; and the address is identified as an invalid illegal address , Or when the local public key is inconsistent with the public key to be verified, it is determined that the secondary certificate is an illegal certificate and the verification fails.
示例性的,用户使用客户端上的浏览器访问域名1的网站A,由于网站域名被第三方中间人劫持,会将用户带到域名2的伪造网站B;若伪造网站B的证书是非CA机构颁发的伪造二级证书,则浏览器会提示当前网站的证书不可信;而若伪造网站B的证书是CA机构颁发的二级证书,在不做地址校验的情况下,客户端上的浏览器可能不会有任何的警告。Exemplarily, the user uses the browser on the client to access website A of domain name 1. Because the domain name of the website is hijacked by a third-party intermediary, the user will be taken to the fake website B of domain 2; if the certificate of the fake website B is issued by a non-CA organization If the forged secondary certificate of the website is not trusted, the browser will prompt that the certificate of the current website is not trusted; and if the certificate of the forged website B is a secondary certificate issued by the CA, without address verification, the browser on the client There may not be any warnings.
在一实施例中,如图5所示,提供一种基于本地证书的自校验装置,该基于本 地证书的自校验装置与上述实施例中基于本地证书的自校验方法一一对应。该基于本地证书的自校验装置包括发送模块110、调用模块120、自校验模块130、执行模块140和提示中断模块150。各功能模块详细说明如下:In one embodiment, as shown in FIG. 5, a self-verification device based on a local certificate is provided, and the self-verification device based on a local certificate corresponds to the self-verification method based on a local certificate in the foregoing embodiment in a one-to-one correspondence. The local certificate-based self-verification device includes a sending module 110, a calling module 120, a self-verification module 130, an execution module 140, and a prompt interrupt module 150. The detailed description of each functional module is as follows:
发送模块110,用于在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器。The sending module 110 is used to obtain a verification request sent when a user triggers a preset verification operation through the application software when a communication connection is established with the back-end server through the application software, and send the verification request to the The back-end server.
调用模块120,用于获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验。The calling module 120 is configured to obtain the secondary certificate returned by the back-end server, and call a preset truncation interface to cut the certificate chain verification.
自校验模块130,用于自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验。The self-verification module 130 is configured to obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate.
执行模块140,用于在所述证书自校验通过时,令所述应用程序执行该校验操作。The execution module 140 is configured to make the application program perform the verification operation when the certificate self-verification is passed.
提示中断模块150,用于在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。The prompt interruption module 150 is used for prompting that the verification operation fails when the certificate self-verification fails, and interrupts the communication connection established by the application software and the back-end server.
在另一实施例中,如图6所示,基于本地证书的自校验装置还包括显示模块60和选择模块70,各功能模块详细说明如下:In another embodiment, as shown in FIG. 6, the self-verification device based on the local certificate further includes a display module 60 and a selection module 70, and each functional module is described in detail as follows:
显示模块60,用于在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端。The display module 60 is configured to continue to maintain the communication connection established between the application software and the back-end server when the certificate self-verification fails, and display a preset window containing security warning information according to a preset display mode On the client side.
选择模块70,用于根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。The selection module 70 is configured to make the application program perform an operation associated with the selection button according to the selection button triggered by the user in the preset window.
在另一实施例中,基于本地证书的自校验装置还包括安装模块,该功能模块详细说明如下:In another embodiment, the self-verification device based on the local certificate further includes an installation module, and the functional module is described in detail as follows:
安装模块,用于接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The installation module is configured to receive an installation instruction of the application software, obtain and install the application software downloaded from the software issuer in the local database; wherein, the application software includes the local certificate; the local The certificate has been preset in the binary code of the application software when issued by the software publisher, and has been reinforced by a preset reinforcement tool.
在一实施例中,如图7所示,所述自校验模块130包括以下子模块,各功能子模 块详细说明如下:In an embodiment, as shown in FIG. 7, the self-checking module 130 includes the following sub-modules, and each functional sub-module is described in detail as follows:
获取子模块131,用于在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥。The obtaining sub-module 131 is configured to obtain the local public key of the local certificate associated with the application program built in the local database after confirming that the certificate chain verification has been cut.
检测子模块132,用于对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致。The detection submodule 132 is configured to obtain the public key to be verified of the secondary certificate after parsing the acquired secondary certificate, and to detect whether the local public key is consistent with the public key to be verified .
第一结果子模块133,用于在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验通过。The first result submodule 133 is configured to determine that the certificate self-verification passes when the local public key is consistent with the public key to be verified.
第二结果子模块134,用于在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通过。The second result sub-module 134 is configured to determine that the certificate self-verification fails when the local public key is inconsistent with the public key to be verified.
在另一实施例中,所述自校验模块130还包括以下子模块,各功能子模块详细说明如下:In another embodiment, the self-checking module 130 further includes the following sub-modules, and each functional sub-module is described in detail as follows:
双重校验模块,用于对获取到的所述二级证书进行解析之后,获取所述二级证书的地址标识和待校验公钥,调用预设的地址检测接口对所述二级证书的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。The double verification module is used to obtain the address identifier of the secondary certificate and the public key to be verified after parsing the acquired secondary certificate, and call a preset address detection interface to verify the status of the secondary certificate The address identifier performs address verification, and uses the local public key to perform public key verification on the public key to be verified of the secondary certificate.
关于基于本地证书的自校验装置的具体限定可以参见上文中对于基于本地证书的自校验方法的限定,在此不再赘述。上述基于本地证书的自校验装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the self-verification device based on the local certificate, please refer to the above-mentioned limitation on the self-verification method based on the local certificate, which will not be repeated here. Each module in the above-mentioned local certificate-based self-verification device can be implemented in whole or in part by software, hardware, and combinations thereof. The foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图8所示。该计算机设备包括通过***总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作***、计算机可读指令和数据库。该内存储器为非易失性存储介质中的操作***和计算机可读指令的运行提供环境。该计算机可读指令被处理器执行时以实现一种基于本地证书的自校验方法。In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure diagram may be as shown in FIG. 8. The computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer readable instructions, and a database. The internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium. The computer-readable instructions are executed by the processor to realize a self-verification method based on local certificates.
在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储 器上并可在处理器上运行的计算机可读指令,处理器执行计算机可读指令时实现以下步骤:In one embodiment, a computer device is provided, including a memory, a processor, and computer-readable instructions stored in the memory and running on the processor, and the processor implements the following steps when the processor executes the computer-readable instructions:
在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
在一个实施例中,提供了一种计算机可读存储介质,计算机可读存储介质可以是非易失性,也可以是易失性,其上存储有计算机可读指令,计算机可读指令被处理器执行时实现以下步骤:In one embodiment, a computer-readable storage medium is provided. The computer-readable storage medium may be non-volatile or volatile, and computer-readable instructions are stored thereon, and the computer-readable instructions are The following steps are implemented during execution:
在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失 性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路DRAM(SLDRAM)、存储器总线直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through computer-readable instructions, which can be stored in a non-volatile computer. In a readable storage medium, when the computer-readable instructions are executed, they may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database, or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元或模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元或模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。Those skilled in the art can clearly understand that for the convenience and conciseness of description, only the division of the above functional units or modules is used as an example. In actual applications, the above functions can be allocated to different functional units or Module completion means dividing the internal structure of the device into different functional units or modules to complete all or part of the functions described above.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still implement the foregoing The technical solutions recorded in the examples are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the application, and should be included in Within the scope of protection of this application. .
发明概述Summary of the invention
技术问题technical problem
问题的解决方案The solution to the problem
发明的有益效果The beneficial effects of the invention

Claims (20)

  1. 一种基于本地证书的自校验方法,其中,包括:A self-verification method based on local certificates, which includes:
    在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
    获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
    自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
    在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
    在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
  2. 如权利要求1所述的基于本地证书的自校验方法,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行比对校验,包括:The self-verification method based on a local certificate according to claim 1, wherein the local certificate associated with the application software is obtained from a local database, and the local certificate is used to compare and verify the secondary certificate ,include:
    在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥;After confirming that the certificate chain verification has been cut off, obtaining the local public key of the local certificate associated with the application built in the local database;
    对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致;After parsing the acquired secondary certificate, acquiring the public key to be verified of the secondary certificate, and detecting whether the local public key is consistent with the public key to be verified;
    在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验通过;When the local public key is consistent with the public key to be verified, determining that the certificate self-verification passes;
    在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通过。When the local public key is inconsistent with the public key to be verified, it is determined that the certificate self-verification fails.
  3. 如权利要求2所述的基于本地证书的自校验方法,所述在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥之后,包括:The self-verification method based on the local certificate according to claim 2, wherein after confirming that the certificate chain verification has been cut off, obtaining the local public certificate of the local certificate associated with the application built in the local database After the key, include:
    对获取到的所述二级证书进行解析之后,获取所述二级证书的地址标识和待校验公钥,调用预设的地址检测接口对所述二级证书 的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。After parsing the obtained secondary certificate, obtain the address identifier of the secondary certificate and the public key to be verified, and call the preset address detection interface to perform address verification on the address identifier of the secondary certificate. And use the local public key to perform public key verification on the public key to be verified of the secondary certificate.
  4. 如权利要求1所述的基于本地证书的自校验方法,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验之后,包括:The self-verification method based on a local certificate according to claim 1, wherein the local certificate associated with the application software is obtained from a local database, and the local certificate is used to perform certificate self-verification on the secondary certificate After that, include:
    在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端;When the certificate self-verification fails, continue to maintain the communication connection established between the application software and the back-end server, and display a preset window containing security warning information on the client according to a preset display mode;
    根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。According to the selection button triggered by the user in the preset window, the application program is caused to perform an operation associated with the selection button.
  5. 如权利要求1所述的基于本地证书的自校验方法,所述在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器之前,包括:The self-verification method based on a local certificate according to claim 1, wherein when the communication connection is established with the back-end server through the application software, the verification sent when the user triggers the preset verification operation through the application software Before sending the verification request to the back-end server, including:
    接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The application software installation instruction is received, and the application software downloaded from the software publisher in the local database is acquired and installed; wherein the application software contains the local certificate; the local certificate is in the software The issuer has been preset in the binary code of the application software when it is released, and has been reinforced by a preset reinforcement tool.
  6. 一种基于本地证书的自校验装置,包括:A self-checking device based on local certificate, including:
    发送模块,用于在通过应用软件与后端服务器建立通信连接时,The sending module is used to establish a communication connection with the back-end server through application software,
    获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;Acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
    调用模块,用于获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;The calling module is used to obtain the secondary certificate returned by the back-end server, and call the preset truncation interface to cut the certificate chain verification;
    自校验模块,用于自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;The self-verification module is configured to obtain a local certificate associated with the application software from a local database, and use the local certificate to perform certificate self-verification on the secondary certificate;
    执行模块,用于在所述证书自校验通过时,令所述应用程序执行 该校验操作;The execution module is configured to make the application program execute the verification operation when the certificate self-verification is passed;
    提示中断模块,用于在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。The prompt interruption module is configured to prompt the failure of performing the verification operation when the certificate self-verification fails, and interrupt the communication connection established by the application software and the back-end server.
  7. 如权利要求6所述的基于本地证书的自校验装置,所述自校验模块,包括:The self-verification device based on local certificate according to claim 6, wherein the self-verification module includes:
    获取子模块,用于在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥;The obtaining sub-module is used to obtain the local public key of the local certificate that is built in the local database and associated with the application after confirming that the certificate chain verification has been cut;
    检测子模块,用于对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致;The detection sub-module is configured to obtain the public key to be verified of the secondary certificate after parsing the acquired secondary certificate, and detect whether the local public key is consistent with the public key to be verified;
    第一结果子模块,用于在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验通过;The first result submodule is configured to determine that the certificate self-verification passes when the local public key is consistent with the public key to be verified;
    第二结果子模块,用于在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通过。The second result sub-module is configured to determine that the certificate self-verification fails when the local public key is inconsistent with the public key to be verified.
  8. 如权利要求6所述的基于本地证书的自校验装置,所述装置还包括:The self-verification device based on the local certificate according to claim 6, the device further comprising:
    显示模块,用于在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端;The display module is configured to continue to maintain the communication connection established between the application software and the back-end server when the certificate self-verification fails, and display a preset window containing security warning information in a preset display mode Client
    选择模块,用于根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。The selection module is configured to make the application program perform an operation associated with the selection button according to the selection button triggered by the user in the preset window.
  9. 如权利要求6所述的基于本地证书的自校验装置,还包括:The self-verification device based on the local certificate according to claim 6, further comprising:
    双重校验模块,用于对获取到的所述二级证书进行解析之后,获取所述二级证书的地址标识和待校验公钥,调用预设的地址检测接口对所述二级证书的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。The double verification module is used to obtain the address identifier of the secondary certificate and the public key to be verified after parsing the acquired secondary certificate, and call a preset address detection interface to verify the status of the secondary certificate The address identifier performs address verification, and uses the local public key to perform public key verification on the public key to be verified of the secondary certificate.
  10. 如权利要求6所述的基于本地证书的自校验装置,还包括:The self-verification device based on the local certificate according to claim 6, further comprising:
    安装模块,用于接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The installation module is configured to receive an installation instruction of the application software, obtain and install the application software downloaded from the software issuer in the local database; wherein, the application software includes the local certificate; the local The certificate has been preset in the binary code of the application software when issued by the software publisher, and has been reinforced by a preset reinforcement tool.
  11. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现基于本地证书的自校验方法;A computer device includes a memory, a processor, and computer-readable instructions stored in the memory and capable of running on the processor. The processor implements a local certificate-based autonomy when the processor executes the computer-readable instructions Verification method
    其中,所述基于本地证书的自校验方法包括:Wherein, the self-verification method based on the local certificate includes:
    在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
    获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
    自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
    在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
    在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
  12. 如权利要求11所述的计算机设备,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行比对校验,包括:11. The computer device according to claim 11, wherein the obtaining a local certificate associated with the application software from a local database and using the local certificate to compare and verify the secondary certificate comprises:
    在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥;After confirming that the certificate chain verification has been cut off, obtaining the local public key of the local certificate associated with the application built in the local database;
    对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致;After parsing the obtained secondary certificate, obtain the public key to be verified of the secondary certificate, and detect whether the local public key is consistent with the public key to be verified;
    在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验 通过;When the local public key is consistent with the public key to be verified, determining that the certificate self-verification passes;
    在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通过。When the local public key is inconsistent with the public key to be verified, it is determined that the certificate self-verification fails.
  13. 如权利要求11所述的计算机设备,所述在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥之后,包括:11. The computer device according to claim 11, after confirming that the certificate chain verification has been cut off, after obtaining the local public key of the local certificate associated with the application built in the local database, comprising:
    对获取到的所述二级证书进行解析之后,获取所述二级证书的地址标识和待校验公钥,调用预设的地址检测接口对所述二级证书的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。After parsing the obtained secondary certificate, obtain the address identifier of the secondary certificate and the public key to be verified, and call the preset address detection interface to perform address verification on the address identifier of the secondary certificate. And use the local public key to perform public key verification on the public key to be verified of the secondary certificate.
  14. 如权利要求11所述的基于本地证书的计算机设备,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验之后,包括:The computer device based on a local certificate according to claim 11, after obtaining the local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate, include:
    在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端;When the certificate self-verification fails, continue to maintain the communication connection established between the application software and the back-end server, and display a preset window containing security warning information on the client according to a preset display mode;
    根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。According to the selection button triggered by the user in the preset window, the application program is caused to perform an operation associated with the selection button.
  15. 如权利要求11所述的计算机设备,所述在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器之前,包括:The computer device according to claim 11, wherein when a communication connection is established with a back-end server through application software, the verification request sent when a user triggers a preset verification operation through the application software is acquired, and the Before the verification request is sent to the back-end server, it includes:
    接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The application software installation instruction is received, and the application software downloaded from the software publisher in the local database is acquired and installed; wherein the application software contains the local certificate; the local certificate is in the software The issuer has been preset in the binary code of the application software when it is released, and has been reinforced by a preset reinforcement tool.
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算 机可读指令,,所述计算机可读指令被处理器执行时实现基于本地证书的自校验方法,其中,所述基于本地证书的自校验方法包括如下步骤:A computer-readable storage medium, the computer-readable storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, a self-verification method based on a local certificate is implemented, wherein the local-based The self-verification method of the certificate includes the following steps:
    在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器;When establishing a communication connection with a back-end server through application software, acquiring a verification request sent when a user triggers a preset verification operation through the application software, and sending the verification request to the back-end server;
    获取所述后端服务器返回的二级证书,调用预设的截断接口斩断证书链校验;Obtain the secondary certificate returned by the back-end server, call a preset truncation interface to cut the certificate chain verification;
    自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验;Acquiring a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate;
    在所述证书自校验通过时,令所述应用程序执行该校验操作;When the certificate self-verification passes, the application program is made to perform the verification operation;
    在所述证书自校验未通过时,提示执行该校验操作失败,并中断所述应用软件与所述后端服务器建立的通信连接。When the certificate self-verification fails, it is prompted that the verification operation has failed, and the communication connection established by the application software and the back-end server is interrupted.
  17. 如权利要求16所述的计算机可读存储介质,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行比对校验,包括:15. The computer-readable storage medium according to claim 16, wherein said obtaining a local certificate associated with said application software from a local database and using said local certificate to compare and verify said secondary certificate comprises:
    在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥;After confirming that the certificate chain verification has been cut off, obtaining the local public key of the local certificate associated with the application built in the local database;
    对获取到的所述二级证书进行解析之后,获取所述二级证书的待校验公钥,并检测所述本地公钥与所述待校验公钥是否一致;After parsing the acquired secondary certificate, acquiring the public key to be verified of the secondary certificate, and detecting whether the local public key is consistent with the public key to be verified;
    在所述本地公钥与所述待校验公钥一致时,确定所述证书自校验通过;When the local public key is consistent with the public key to be verified, determining that the certificate self-verification passes;
    在所述本地公钥与所述待校验公钥不一致时,确定所述证书自校验未通过。When the local public key is inconsistent with the public key to be verified, it is determined that the certificate self-verification fails.
  18. 如权利要求17所述的计算机可读存储介质,所述在确认已经斩断所述证书链校验之后,获取内置在所述本地数据库中与所应用程序关联的本地证书的本地公钥之后,包括:17. The computer-readable storage medium according to claim 17, after confirming that the certificate chain verification has been cut off, after obtaining the local public key of the local certificate associated with the application built in the local database, include:
    对获取到的所述二级证书进行解析之后,获取所述二级证书的地 址标识和待校验公钥,调用预设的地址检测接口对所述二级证书的所述地址标识进行地址校验,且使用所述本地公钥对所述二级证书的所述待校验公钥进行公钥校验。After parsing the obtained secondary certificate, obtain the address identifier of the secondary certificate and the public key to be verified, and call the preset address detection interface to perform address verification on the address identifier of the secondary certificate. And use the local public key to perform public key verification on the public key to be verified of the secondary certificate.
  19. 如权利要求16所述的计算机可读存储介质,所述自本地数据库中获取与所述应用软件关联的本地证书,并使用所述本地证书对所述二级证书进行证书自校验之后,包括:The computer-readable storage medium according to claim 16, after obtaining a local certificate associated with the application software from a local database, and using the local certificate to perform certificate self-verification on the secondary certificate, comprising :
    在所述证书自校验未通过时,继续保持所述应用软件与所述后端服务器建立的通信连接,并根据预设显示模式将包含安全警告信息的预设窗口显示在客户端;When the certificate self-verification fails, continue to maintain the communication connection established between the application software and the back-end server, and display a preset window containing security warning information on the client according to a preset display mode;
    根据所述用户在所述预设窗口触发的选择按钮令所述应用程序执行与所述选择按钮关联的操作。According to the selection button triggered by the user in the preset window, the application program is caused to perform an operation associated with the selection button.
  20. 如权利要求16所述的计算机可读存储介质,所述在通过应用软件与后端服务器建立通信连接时,获取用户通过所述应用软件触发预设的校验操作时发送的校验请求,并将所述校验请求发送至所述后端服务器之前,包括:The computer-readable storage medium according to claim 16, wherein when the communication connection is established with the back-end server through the application software, the verification request sent when the user triggers the preset verification operation through the application software is obtained, and Before sending the verification request to the back-end server, it includes:
    接收所述应用软件的安装指令,获取并安装从软件发布方下载在所述本地数据库中的所述应用软件;其中,所述应用软件中包含所述本地证书;所述本地证书在所述软件发布方发布时已被预置在所述应用软件的二进制代码中,并已通过预设的加固工具进行加固。The application software installation instruction is received, and the application software downloaded from the software publisher in the local database is acquired and installed; wherein the application software contains the local certificate; the local certificate is in the software The issuer has been preset in the binary code of the application software when it is released, and has been reinforced by a preset reinforcement tool.
PCT/CN2020/085577 2019-05-22 2020-04-20 Self-checking method, apparatus and device based on local certificate, and storage medium WO2020233308A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910430075.6 2019-05-22
CN201910430075.6A CN110300096B (en) 2019-05-22 2019-05-22 Self-checking method, device and equipment based on local certificate and storage medium

Publications (1)

Publication Number Publication Date
WO2020233308A1 true WO2020233308A1 (en) 2020-11-26

Family

ID=68027069

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/085577 WO2020233308A1 (en) 2019-05-22 2020-04-20 Self-checking method, apparatus and device based on local certificate, and storage medium

Country Status (2)

Country Link
CN (1) CN110300096B (en)
WO (1) WO2020233308A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822020A (en) * 2020-12-30 2021-05-18 平安普惠企业管理有限公司 Network request method, network request device, computer equipment and storage medium
CN114301601A (en) * 2021-12-28 2022-04-08 福州汇思博信息技术有限公司 Interface management method and terminal based on Android platform
CN115250186A (en) * 2021-04-12 2022-10-28 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN115334160A (en) * 2022-08-03 2022-11-11 中国平安财产保险股份有限公司 HTTPS certificate issuing method and related equipment thereof
CN115905172A (en) * 2022-11-28 2023-04-04 维克多精密工业(深圳)有限公司 Method for constructing database of complete set of dies

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300096B (en) * 2019-05-22 2022-09-23 深圳壹账通智能科技有限公司 Self-checking method, device and equipment based on local certificate and storage medium
CN111314085B (en) * 2020-01-22 2023-05-23 维沃移动通信有限公司 Digital certificate verification method and device
CN112597517A (en) * 2020-12-25 2021-04-02 携程旅游网络技术(上海)有限公司 Encrypted communication method, system, device and medium for installing client
CN112995158B (en) * 2021-02-09 2022-11-08 中国建设银行股份有限公司 Communication method, terminal, server and communication system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819584A (en) * 2017-10-11 2018-03-20 杭州迪普科技股份有限公司 Digital certificate acquisition methods and device
US20180302787A1 (en) * 2017-04-13 2018-10-18 Synchronoss Technologies, Inc. Systems and methods for securely provisioning hypertext transfer protocol secure (https) pins to a mobile client
CN108989039A (en) * 2017-05-31 2018-12-11 中兴通讯股份有限公司 Certificate acquisition method and device
CN109359977A (en) * 2018-09-10 2019-02-19 平安科技(深圳)有限公司 Network communication method, device, computer equipment and storage medium
US20190087639A1 (en) * 2017-09-15 2019-03-21 Darien Crane Capturing electronic signatures via captive portal
CN110300096A (en) * 2019-05-22 2019-10-01 深圳壹账通智能科技有限公司 Self checking method, apparatus, equipment and storage medium based on local certificate

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100344091C (en) * 2004-01-19 2007-10-17 上海市电子商务安全证书管理中心有限公司 Distributed certificate verification method
CN101674304B (en) * 2009-10-15 2013-07-10 浙江师范大学 Network identity authentication system and method
US20180131525A1 (en) * 2016-11-07 2018-05-10 International Business Machines Corporation Establishing a secure connection across secured environments
CN109194631A (en) * 2018-08-17 2019-01-11 郑州云海信息技术有限公司 A kind of proof of identity method and relevant apparatus
CN109639661B (en) * 2018-12-04 2021-05-18 深圳前海微众银行股份有限公司 Server certificate updating method, device, equipment and computer readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180302787A1 (en) * 2017-04-13 2018-10-18 Synchronoss Technologies, Inc. Systems and methods for securely provisioning hypertext transfer protocol secure (https) pins to a mobile client
CN108989039A (en) * 2017-05-31 2018-12-11 中兴通讯股份有限公司 Certificate acquisition method and device
US20190087639A1 (en) * 2017-09-15 2019-03-21 Darien Crane Capturing electronic signatures via captive portal
CN107819584A (en) * 2017-10-11 2018-03-20 杭州迪普科技股份有限公司 Digital certificate acquisition methods and device
CN109359977A (en) * 2018-09-10 2019-02-19 平安科技(深圳)有限公司 Network communication method, device, computer equipment and storage medium
CN110300096A (en) * 2019-05-22 2019-10-01 深圳壹账通智能科技有限公司 Self checking method, apparatus, equipment and storage medium based on local certificate

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822020A (en) * 2020-12-30 2021-05-18 平安普惠企业管理有限公司 Network request method, network request device, computer equipment and storage medium
CN112822020B (en) * 2020-12-30 2023-12-12 新疆联盛科技有限公司 Network request method, device, computer equipment and storage medium
CN115250186A (en) * 2021-04-12 2022-10-28 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN115250186B (en) * 2021-04-12 2024-04-16 顺丰科技有限公司 Network connection authentication method, device, computer equipment and storage medium
CN114301601A (en) * 2021-12-28 2022-04-08 福州汇思博信息技术有限公司 Interface management method and terminal based on Android platform
CN114301601B (en) * 2021-12-28 2023-11-03 福建汇思博数字科技有限公司 Interface management method and terminal based on Android platform
CN115334160A (en) * 2022-08-03 2022-11-11 中国平安财产保险股份有限公司 HTTPS certificate issuing method and related equipment thereof
CN115334160B (en) * 2022-08-03 2024-03-29 中国平安财产保险股份有限公司 HTTPS certificate issuing method and related equipment thereof
CN115905172A (en) * 2022-11-28 2023-04-04 维克多精密工业(深圳)有限公司 Method for constructing database of complete set of dies
CN115905172B (en) * 2022-11-28 2023-08-04 维克多精密工业(深圳)有限公司 Method for constructing complete die database

Also Published As

Publication number Publication date
CN110300096B (en) 2022-09-23
CN110300096A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
WO2020233308A1 (en) Self-checking method, apparatus and device based on local certificate, and storage medium
US11924234B2 (en) Analyzing client application behavior to detect anomalies and prevent access
US10171250B2 (en) Detecting and preventing man-in-the-middle attacks on an encrypted connection
CN107135073B (en) Interface calling method and device
US9887999B2 (en) Login method and apparatus
US10419431B2 (en) Preventing cross-site request forgery using environment fingerprints of a client device
US9003519B2 (en) Verifying transactions using out-of-band devices
WO2015169158A1 (en) Information protection method and system
CN107046544B (en) Method and device for identifying illegal access request to website
CN105188060A (en) Mobile terminal-oriented single sign-on (SSO) authentication method and system
CN107566413B (en) Smart card security authentication method and system based on data short message technology
CN105577619B (en) Client login method, client and system
CN113452531A (en) Data transmission method and device
CN113239397A (en) Information access method, device, computer equipment and medium
CN112448930A (en) Account registration method, device, server and computer readable storage medium
CN111259368A (en) Method and equipment for logging in system
CN112260983B (en) Identity authentication method, device, equipment and computer readable storage medium
KR101436404B1 (en) User authenticating method and apparatus
CN108234399B (en) Interface communication method and terminal
CN111193708A (en) Code scanning login method and device based on enterprise browser
CN110781466A (en) Equipment safety management method and device, computer equipment and storage medium
CN114297616A (en) Third-party system access method, device, equipment and storage medium
CN111246479A (en) Method, device, terminal equipment and storage medium for resisting counterfeit operator attack
CN117135203A (en) Bank-enterprise docking method, device, equipment and storage medium
KR102092377B1 (en) User authentication system and method thereof, and apparatus applied to the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20810296

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20810296

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 18/03/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20810296

Country of ref document: EP

Kind code of ref document: A1