Systems and methods to facilitate certificate and trust management across a distributed environment
US-2018159845-A1 · Jun 7, 2018 · US
Digital credential management method and device
US11323433B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11323433-B2 |
| Application number | US-201816645149-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 7, 2018 |
| Priority date | Sep 7, 2017 |
| Publication date | May 3, 2022 |
| Grant date | May 3, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided in the present invention are a digital credential management method and a device, the method comprising: a digital credential application device negotiating establishment of a secure data channel with a digital credential issuing device, and sending to the digital credential issuing device a digital credential management request message; the digital credential issuing device receiving the message, and sending to the digital credential application device a digital credential management verification request message; the digital credential application device receiving the verification request message, and sending to the digital credential issuing device a digital credential management verification response message; the digital credential issuing device receiving the digital credential management verification response message, and sending to the digital credential application device a digital credential management response message; the digital credential application device receiving the digital credential management response message, and sending to the digital credential issuing device a digital credential management confirmation message.
First claim
Opening claim text (preview).
The invention claimed is: 1. A digital certificate management method, comprising: negotiating, by a digital certificate requesting device, with a digital certificate issuing device, establishment of a secure data channel using an obtained authorization code and generating a security key, wherein the security key at least comprises a data communication key; transmitting, by the digital certificate requesting device, a digital certificate management request message to the digital certificate issuing device using the secure data channel, the digital certificate management request message being encrypted via the data communication key; receiving, by the digital certificate issuing device, the digital certificate management request message and transmitting a digital certificate management verification request message to the digital certificate requesting device using the secure data channel, the digital certificate management verification request message being encrypted via the data communication key; receiving, by the digital certificate requesting device, the digital certificate management verification request message and transmitting a digital certificate management verification response message to the digital certificate issuing device using the secure data channel, the digital certificate management verification response message being encrypted via the data communication key; receiving, by the digital certificate issuing device, the digital certificate management verification response message and transmitting a digital certificate management response message to the digital certificate requesting device using the secure data channel, the digital certificate management response message being encrypted via the data communication key; receiving, by the digital certificate requesting device, the digital certificate management response message and transmitting a digital certificate management confirmation message to the digital certificate issuing device using the secure data channel, the digital certificate management confirmation message being encrypted via the data communication key; and receiving and processing, by the digital certificate issuing device, the digital certificate management confirmation message. 2. The method according to claim 1 , wherein the digital certificate management verification request message being encrypted via the data communication key comprises: encrypting the digital certificate management verification request message via the data communication key of the secure data channel; and the digital certificate management verification response message being encrypted via the data communication key comprises: encrypting the digital certificate management verification response message via the data communication key of the secure data channel. 3. The method according to claim 1 , wherein the receiving, by the digital certificate issuing device, the digital certificate management request message, and transmitting the digital certificate management verification request message to the digital certificate requesting device using the secure data channel, specifically comprise: after the digital certificate issuing device receives the digital certificate management request message, firstly decrypting the digital certificate management request message by using the data communication key, performing processing according to data carried in the digital certificate management request message, and generating the digital certificate management verification request message; wherein the digital certificate management verification request message comprises certificate verification request information, and the certificate verification request information comprises a contrast value and verification value ciphertext. 4. The method according to claim 3 , wherein when data carried in the digital certificate management request message indicates that a digital certificate requested for management is configured to perform an encryption function, correspondingly, the generating, by the digital certificate issuing device, the digital certificate management verification request message, specifically comprises: generating, by the digital certificate issuing device, a verification value, the verification value being encrypted via a public key of the digital certificate requesting device to generate the verification value ciphertext, generating the contrast value by calculating the verification value, and generating the digital certificate management verification request message using the verification value ciphertext and the contrast value. 5. The method according to claim 4 , wherein the receiving, by the digital certificate requesting device, the digital certificate management verification request message, and transmitting the digital certificate management verification response message to the digital certificate issuing device using the secure data channel, specifically comprise: after the digital certificate requesting device receives the digital certificate management verification request message, firstly decrypting the digital certificate management verification request message using the data communication key to obtain the verification value ciphertext and the contrast value; decrypting the verification value ciphertext using a private key of the digital certificate requesting device to obtain the verification value, the verification value being calculated to generate a new contrast value; and determining whether the new contrast value generated through calculation is consistent with the received contrast value or not, if yes, determining that the digital certificate requesting device is capable of authenticating to which the public key and the private key pertain, and generating the digital certificate management verification response message by using the verification value and transmitting the digital certificate management verification response message to the digital certificate issuing device through the secure data channel. 6. The method according to claim 5 , wherein the receiving, by the digital certificate issuing device, the digital certificate management verification response message, and transmitting the digital certificate management response message to the digital certificate requesting device using the secure data channel, specifically comprise: after the digital certificate issuing device receives the digital certificate management verification response message, firstly decrypting the digital certificate management verification response message using the data communication key to obtain the verification value, and comparing whether the verification value is consistent with the verification value generated before the digital certificate issuing device transmits the digital certificate management verification request message or not, if yes, determining by the digital certificate issuing device that the public key and the private key pertain to the digital certificate requesting device, and generating the digital certificate management response message and transmitting the digital certificate management response message to the digital certificate requesting device through the secure data channel. 7. The method according to claim 3 , wherein when the data carried in the digital certificate management request message indicates that the digital certificate requested for management is configured to perform a key exchange function, correspondingly, the generating, by the digital certificate issuing device, the digital certificate management verification request message, specifically comprises: after the digital certificate issuing device exchanges a key with the digital certificate requesting device, generating a shared key; and generating, by the digital certificate issui
Assignees
Inventors
Classifications
- H04L9/3268Primary
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
using cryptographic hash functions · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
received data contents, e.g. message integrity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11323433B2 cover?
- Provided in the present invention are a digital credential management method and a device, the method comprising: a digital credential application device negotiating establishment of a secure data channel with a digital credential issuing device, and sending to the digital credential issuing device a digital credential management request message; the digital credential issuing device receiving …
- Who is the assignee on this patent?
- China Iwncomm Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 03 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).