[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106656455A - Website access method and device - Google Patents

Website access method and device Download PDF

Info

Publication number
CN106656455A
CN106656455A CN201510407842.3A CN201510407842A CN106656455A CN 106656455 A CN106656455 A CN 106656455A CN 201510407842 A CN201510407842 A CN 201510407842A CN 106656455 A CN106656455 A CN 106656455A
Authority
CN
China
Prior art keywords
certificate
validity
state
failure
revocation list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510407842.3A
Other languages
Chinese (zh)
Other versions
CN106656455B (en
Inventor
王小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510407842.3A priority Critical patent/CN106656455B/en
Publication of CN106656455A publication Critical patent/CN106656455A/en
Application granted granted Critical
Publication of CN106656455B publication Critical patent/CN106656455B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a website access method and a device. The method comprises the steps of obtaining a certificate sent from a target website, wherein the certificate corresponds to the target website; selecting at least one preset query channel, and sending a certificate verification request to a server corresponding to the query channel, wherein the certificate verification request is used for verifying the validity of the certificate, and a certificate revocation list for representing invalid certificates is stored inside the server corresponding to the query channel; receiving the validity state of the certificate from the server, and determining whether to visit the website or not according to the validity state of the certificate. According to the invention, at least one query channel and a server corresponding to the query channel are arranged. Meanwhile, a list of invalid certificates is stored in the server. The validity of the certificate of the to-be-accessed target website is determined through the information interaction with a browser. Furthermore, whether to access the target website or not is determined. Therefore, the security of the website access is improved.

Description

A kind of Website access method and device
Technical field
The application is related to Internet technical field, more particularly, it relates to a kind of certificate management method and dress Put.
Background technology
With the development of the Internet, people more and more complete some sensitive offices using network Reason, for example:Web bank, shopping online etc..Because these sensitive datas need to carry out in a network Transmission, in order to guarantee data security and privacy of user, people have invented many new techniques, wherein numeral card Book is exactly one of them.The identity of server on user identity and network is verified by digital certificate.
But, if a certificate is cancelled before the deadline by certificate issuance mechanism, or there is safe asking Topic (private key of such as certificate is compromised), and if browser can not in time obtain corresponding information, continuation If trusting the certificate, the safety of HTTPS may be under attack.
The content of the invention
In view of this, this application provides a kind of certificate management method and device, in browser access During, the effective status of each website certificate is understood in time, improve the safety of website visiting.
To achieve these goals, it is proposed that scheme it is as follows:
A kind of Website access method, is applied to browser, and the method includes:
The certificate that targeted website sends is obtained, the certificate is corresponding with the targeted website;
At least one preset inquiry channel is chosen, is sent for verifying to the corresponding server of inquiry channel The certification verification request of certificate validity, wherein, be stored with expression in server corresponding with inquiry channel The certificate revocation list of failure certificate;
The state of validity of the certificate of the reception server feedback, and according to the effective character of the certificate State chooses whether to access the targeted website.
A kind of Website access method, is applied to certificate management server, and the method includes:
Receive the certification verification request for verifying certificate validity that browser sends, the certification authentication Request bag contains certificate to be verified;
Preset certificate revocation list is read, the certificate revocation list is used for the certificate of storage failure;
Judge in the certificate revocation list with the presence or absence of the certificate to be verified, if so, determine described The state of validity of certificate to be verified is failure, if it is not, determining the state of validity of the certificate to be verified For effective;
The state of validity of the certificate to be verified is fed back to into browser, it is effective according to the certificate for it Character state chooses whether to continue to access website.
A kind of website visiting device, is applied to browser, and the device includes:
Certificate acquisition unit, for obtaining the certificate of targeted website transmission, the certificate and the target network Stand corresponding;
Status poll unit, it is corresponding to inquiry channel for choosing at least one preset inquiry channel Server sends the certification verification request for verifying certificate validity, wherein, it is corresponding with inquiry channel It is stored with server and represents the certificate revocation list of failure certificate;
Access process unit, for the state of validity of the certificate of the reception server feedback, and according to The state of validity of the certificate chooses whether to access the targeted website.
A kind of website visiting device, is applied to server, and the device includes:
Checking request receiving unit, for receiving the certificate for verifying certificate validity of browser transmission Checking request, the certification verification request includes certificate to be verified;
List reading unit, for reading preset certificate revocation list, the certificate revocation list is used for The certificate of storage failure;
List query unit, for judging to whether there is the card to be verified in the certificate revocation list Book;
Certificate status determining unit, for when the list query unit judges result is to be, determining institute The state of validity for stating certificate to be verified is failure, when the list query unit judges result is no, The state of validity for determining the certificate to be verified is effective;
Certificate status feedback unit, for the state of validity of the certificate to be verified to be fed back to into browser, So that it chooses whether to continue to access website according to the certificate validity status.
It can be seen from above-mentioned technical scheme that, the Website access method that the embodiment of the present application is provided is being obtained After taking the certificate of targeted website transmission, at least one preset inquiry channel is chosen, to inquiry channel correspondence Server send certification verification request for verifying certificate validity, wherein, it is corresponding with inquiry channel Server in be stored with represent failure certificate certificate revocation list, the reception server feedback the card The state of validity of book, and chosen whether to access the targeted website according to the state of validity of the certificate. The present processes, are provided with least one inquiry channel and its corresponding server, and in the server Storage failure list of cert, by information interaction with browser determine will access target website certificate Effectiveness, and then decide whether access target website, to improve the safety of website visiting.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to reality Apply the accompanying drawing to be used needed for example or description of the prior art to be briefly described, it should be apparent that, below Accompanying drawing in description is only embodiments herein, for those of ordinary skill in the art, not On the premise of paying creative work, can be with according to the other accompanying drawings of accompanying drawing acquisition for providing.
Fig. 1 is a kind of Website access method flow chart disclosed in the embodiment of the present application;
Fig. 2 is another kind of Website access method flow chart disclosed in the embodiment of the present application;
Fig. 3 is another Website access method flow chart disclosed in the embodiment of the present application;
Fig. 4 is another Website access method flow chart disclosed in the embodiment of the present application;
Fig. 5 is a kind of website visiting apparatus structure schematic diagram disclosed in the embodiment of the present application;
Fig. 6 is another kind of website visiting apparatus structure schematic diagram disclosed in the embodiment of the present application;
Fig. 7 is that a kind of third state inquires about sub-unit structure schematic diagram disclosed in the embodiment of the present application;
Fig. 8 is another website visiting apparatus structure schematic diagram disclosed in the embodiment of the present application;
Fig. 9 is a kind of list query cellular construction schematic diagram disclosed in the embodiment of the present application;
Figure 10 is another website visiting apparatus structure schematic diagram disclosed in the embodiment of the present application;
Figure 11 is a kind of terminal hardware structural representation disclosed in the embodiment of the present application.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out Clearly and completely describe, it is clear that described embodiment is only some embodiments of the present application, and It is not all, of embodiment.Based on the embodiment in the application, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under the premise of creative work, belong to the scope of the application protection.
This application provides a kind of Website access method based on certification authentication, before access target website, The effectiveness of the certificate of the website is first verified, denied access website in its Certificate Revocation.In order to realize The scheme of the application, pre-sets at least one inquiry channel, and its corresponding service in the present embodiment Device, collects in the server and stores the list of failure certificate.
The Website access method that the embodiment of the present application is provided is based on a kind of website visiting framework, and the framework includes Browser, local system, each certification authority and preset certificate management server.Browser leads to Cross inquiry local system more new file determine certificate validity status communicate with certification authority determination card Book the state of validity communicates with certificate management server and determines certificate validity status, and then comprehensive descision The state of validity of certificate, decides whether access target website determined by three kinds of modes.
First the scheme of the application is introduced from the angle of browser.Referring to Fig. 1, Fig. 1 is the application A kind of Website access method flow chart disclosed in embodiment.
As shown in figure 1, the method includes:
Step S100, the certificate for obtaining targeted website transmission, the certificate is corresponding with the targeted website;
Specifically, when some websites are accessed, these websites may be correspondingly arranged on certificate, for example, access Each big bank website and some net purchase platform websites.When website visiting is carried out, website can will be corresponding Certificate is sent to user.
At least one preset inquiry channel of step S110, selection, sends out to the corresponding server of inquiry channel Send the certification verification request for verifying certificate validity;
Wherein, it is stored with server corresponding with inquiry channel and represents the certificate revocation list of failure certificate. Various inquiry channels can be pre-set in the application, every kind of inquiry channel is correspondingly arranged on server, For the list of storage failure certificate.
The state of validity of step S120, the certificate of the reception server feedback, and according to the certificate The state of validity choose whether to access the targeted website.
Specifically, the selected corresponding server of inquiry channel can inquire about upon receiving a request the card The state of validity of book, and result is fed back.According to the effective character of the certificate for receiving in this step State, it is determined whether access target website.For example, when it is determined that certificate is failure certificate, can select to refuse Exhausted access target website, to ensure safety.
The Website access method that the embodiment of the present application is provided, after the certificate that targeted website sends is obtained, choosing At least one preset inquiry channel is taken, is sent for verifying that certificate has to the corresponding server of inquiry channel The certification verification request of effect property, wherein, be stored with expression failure card in server corresponding with inquiry channel The certificate revocation list of book, the state of validity of the certificate of the reception server feedback, and according to described The state of validity of certificate chooses whether to access the targeted website.The present processes, are provided with least One inquiry channel and its corresponding server, and in the server storage failure list of cert, by with The information interaction of browser determine will access target website certificate effectiveness, and then decide whether to visit Targeted website is asked, the safety of website visiting is improve.
It is to be understood that for the certificate of the targeted website transmission for obtaining, that includes and the website pair The all certificates answered, generally by the mode of recurrence father's certificate of certificate and certificate is obtained, until obtaining Till root certificate, for these certificates are required to carry out the checking of effectiveness.
Referring to Fig. 2, Fig. 2 is another kind of Website access method flow chart disclosed in the embodiment of the present application.
As shown in Fig. 2 the method includes:
Step S200, the certificate for obtaining targeted website transmission, the certificate is corresponding with the targeted website;
Specifically, when some websites are accessed, these websites may be correspondingly arranged on certificate, for example, access Each big bank website and some net purchase platform websites.When website visiting is carried out, website can will be corresponding Certificate is sent to user.
Step S210, inquiry local system more new file, to determine the state of validity of the certificate;
Wherein, record has the certificate revocation list for representing failure certificate in the local system more new file.
Specifically, operating system can be by way of renewal security patch come the cancellation of doucment in more new system List, the certificate that the state of validity is failure is added in local system file.Accordingly, the application can To determine the effectiveness of certificate by inquiring about local system file.
Step S220, according to OCSP protocol, send for verifying certificate to the issuing organization of the certificate The certification verification request of effectiveness;
Wherein, OCSP protocol is:Online Certificate Status Protocol, online certificate status association View.Online certificate status protocol defines communication grammer.The communication language for specially specifying according to OCSP protocol The issuing organization of certificate described in normal direction sends the certificate validity checking request.Wherein, the certificate is issued Sending out mechanism's record has the certificate revocation list for representing failure certificate.
It should be noted that a configurable item of the OCSP protocol generally as browser, gives tacit consent to and does not open Or be closed by the user, to need user to open using the function.Additionally, OCSP protocol be also possible to because For network or server the reason for, it is impossible to access.
Step S230, the certificate sent for verifying certificate validity to preset certificate management server are tested Card request;
It is stored with wherein preset certificate management server and represents the certificate revocation list of failure certificate.Can With through various channels by the failure certificate for getting storage in certificate management server.
Step S240, reception local system, the issuing organization of the certificate and the certificate management server The state of validity of the certificate of each self feed back of three;
Above-mentioned steps S210-S230 are respectively to local system, certification authority and certificate management server Certificate validity checking request is have sent, corresponding reception three's feedack in this step.
Step S250, if it is determined that receive three the state of validity in, any one the state of validity for lose Effect state, then targeted website described in denied access.
The certificate validity status of three's feedback are have received in previous step respectively, for three effective characters State, if judging, wherein any one the state of validity is failure state, targeted website described in denied access.
Three kinds of inquiry channels are provided in the present embodiment, by three kinds of inquiry modes of summary card is determined The state of validity of book, improves the safety of website visiting.
It should be noted that the execution sequence of above-mentioned steps S210-S230 is not limited to shown in Fig. 2, Three steps can be performed parallel or in other sequences, and this application is not defined.
Optionally, for preset certificate management server, certificate can periodically be carried out by attendant and is removed The renewal of pin list, the last state of certificate is updated in certificate management server, after guarantee The continuous accuracy that certificate validity status determination is carried out according to certificate management server.
It should be noted that in above-mentioned the third inquiry channel, sending out to preset certificate management server When sending certificate validity checking request, it is contemplated that the problem of communication overhead, we can not be by card to be verified The full detail of book all issues certificate management server, and only by the fingerprint of certificate, (fingerprint of certificate is The build-in attribute of identity certificate unique identities) it is sent to certificate management server.
Correspondingly, the fingerprint of failure certificate can also be only stored in certificate management server, card is being judged During book effectiveness, it is thus only necessary to search and the fingerprint of certificate still to be tested whether is stored in certificate revocation list i.e. Can, not only facilitated but also saved communication overhead.
In another embodiment of the application, we are with the angle of certificate management server to the application's Scheme is introduced.Referring to Fig. 3, Fig. 3 is another Website access method stream disclosed in the embodiment of the present application Cheng Tu.
As shown in figure 3, the method includes:
Step S300, the certification verification request for verifying certificate validity for receiving browser transmission, institute Certification verification request is stated comprising certificate to be verified;
The preset certificate revocation list of step S310, reading, the certificate revocation list is used to store failure Certificate;
Step S320, by verifying whether the certificate to be verified is stored in the certificate revocation list, Determine the state of validity of certificate to be verified;
Specifically, judge to whether there is the certificate to be verified in the certificate revocation list, if so, The state of validity for determining the certificate to be verified is failure, if it is not, determining having for the certificate to be verified Effect character state is effective.
Step S330, the state of validity of the certificate to be verified is fed back to into browser, for its basis The certificate validity status choose whether to continue to access website.
The present embodiment is described from the angle of certificate management server to scheme, certificate management server By the certificate revocation list of the local preset expression failure certificate of inquiry, the effective of certificate to be verified is determined Character state, and then browser is fed back to, so that browser chooses whether access target website, improve peace Quan Xing.
It should be noted that can only store the fingerprint of failure certificate in certificate management server.And In the certification verification request that browser end is sended over, carrying be certificate to be verified fingerprint.Judging During certificate validity, it is thus only necessary to search the fingerprint that certificate still to be tested whether is stored in certificate revocation list, If having, it is determined that certificate to be verified is failure certificate, otherwise, it determines certificate to be verified is valid certificate. This mode had not only facilitated but also had saved communication overhead.
On the basis of a upper embodiment, the present embodiment further discloses another Website access method, ginseng See that Fig. 4, Fig. 4 are another Website access method flow chart disclosed in the embodiment of the present application.
As shown in figure 4, the method includes:
Step S400, the certification verification request for verifying certificate validity for receiving browser transmission, institute Certification verification request is stated comprising certificate to be verified;
The preset certificate revocation list of step S410, reading, the certificate revocation list is used to store failure Certificate;
Step S420, by verifying whether the certificate to be verified is stored in the certificate revocation list, Determine the state of validity of certificate to be verified;
Specifically, judge to whether there is the certificate to be verified in the certificate revocation list, if so, The state of validity for determining the certificate to be verified is failure, if it is not, determining having for the certificate to be verified Effect character state is effective.
Step S430, the state of validity of the certificate to be verified is fed back to into browser, for its basis The certificate validity status choose whether to continue to access website;
Step S440, the failure card issued according to predetermined policy, acquisition operating system manufacturer and security firm Book list;
Step S450, local preset certificate revocation list is updated using the failure list of cert.
It is understood that the execution sequence of above-mentioned steps S440 and step S450 is not limited to shown in Fig. 4 Situation, it may be located at the optional position in step S400-S430.
Wherein, predetermined policy can be the acquisition time, for example, obtain at predetermined time intervals once, Huo Zheshi When obtain etc..For operating system manufacturer, it is probably the issue failure list of cert of variable interval, And for terminal operating system, due to artificial origin or network reason, possibility can not be timely Get the fresh information, be unable to the locally stored certificate revocation list that upgrades in time.This reality Apply certificate management server in example and efficiently solve this problem.Additionally, except operating system manufacturer, certain A little security firms can also disclose some unsafe certificates, such as Kingsoft antivirus etc..The certificate of the present embodiment Management server can also be monitored acquisition to the failure list of cert that security firm announces, and utilize it Certificate revocation list is updated.
The website visiting device that the embodiment of the present application is provided is described below, website described below is visited Ask that device can be mutually to should refer to above-described Website access method.
This application provides a kind of website visiting device, in being applied to browser, as shown in figure 5, the device Including:
Certificate acquisition unit 51, for obtaining the certificate of targeted website transmission, the certificate and the target Website correspondence;
Status poll unit 52, for choosing at least one preset inquiry channel, to inquiry channel correspondence Server send certification verification request for verifying certificate validity, wherein, it is corresponding with inquiry channel Server in be stored with represent failure certificate certificate revocation list;
Access process unit 53, the state of validity of the certificate fed back for the reception server, and root Choose whether to access the targeted website according to the state of validity of the certificate.
Optionally, Fig. 6 illustrates another kind of structure of the application website visiting device, as shown in fig. 6, Wherein, the status poll unit 52 can include:
First state inquires about subelement 521, for inquiring about local system more new file, to determine the certificate The state of validity, wherein, in the local system more new file record have represent failure certificate certificate Revocation list;
Second status poll subelement 522, for according to OCSP protocol (Online Certificate Status Protocol, online certificate status protocol), send for verifying that certificate has to the issuing organization of the certificate The certification verification request of effect property, wherein, the certification authority record has the certificate for representing failure certificate Revocation list;
The third state inquires about subelement 523, for sending for verifying card to preset certificate management server It is stored with the certification verification request of book effectiveness, wherein certificate management server and represents the card of failure certificate Book revocation list;
The access process unit 53 can include:
The state of validity receiving unit 531, for receiving local system, the issuing organization of the certificate and institute State the state of validity of the certificate of each self feed back of certificate management server three;
The state of validity judging unit 532, for it is determined that receive three the state of validity in, it is any one When individual the state of validity is failure state, targeted website described in denied access.
Optionally, the certificate revocation list for storing in the certificate management server is according to the fingerprint of certificate Stored, then as shown in fig. 7, third state inquiry subelement 523 can include:
Fingerprint queries unit 5231, for sending to preset certificate management server the certificate is carried Fingerprint certificate validity checking request.
The website visiting device that the embodiment of the present application is provided, after the certificate that targeted website sends is obtained, choosing At least one preset inquiry channel is taken, is sent for verifying that certificate has to the corresponding server of inquiry channel The certification verification request of effect property, wherein, be stored with expression failure card in server corresponding with inquiry channel The certificate revocation list of book, the state of validity of the certificate of the reception server feedback, and according to described The state of validity of certificate chooses whether to access the targeted website.The device of the application, is provided with least One inquiry channel and its corresponding server, and in the server storage failure list of cert, by with The information interaction of browser determine will access target website certificate effectiveness, and then decide whether to visit Targeted website is asked, the safety of website visiting is improve.
Present invention also provides a kind of website visiting device, in being applied to certificate management server, such as Fig. 8 institutes Show, the device includes:
Checking request receiving unit 81, for receiving the card for verifying certificate validity of browser transmission Book checking request, the certification verification request includes certificate to be verified;
List reading unit 82, for reading preset certificate revocation list, the certificate revocation list is used In the certificate of storage failure;
List query unit 83, for judging in the certificate revocation list with the presence or absence of described to be verified Certificate;
Certificate status determining unit 84, for the judged result of list query unit 83 for be when, really The state of validity of the fixed certificate to be verified is failure, is in the judged result of list query unit 83 When no, the state of validity for determining the certificate to be verified is effective;
Certificate status feedback unit 85, browses for the state of validity of the certificate to be verified to be fed back to Device, so that it chooses whether to continue to access website according to the certificate validity status.
Optionally, what is included in the certification verification request that the checking request receiving unit 81 is received is to be tested The fingerprint of card certificate, the fingerprint for the certificate that fails stored in the certificate revocation list, then such as Fig. 9 institutes Show, the list query unit 83 can include:
First list inquires about subelement 831, for judging in the certificate revocation list with the presence or absence of to be tested The fingerprint of card certificate.
Optionally, Figure 10 illustrates another kind of structure of the application website visiting device, with reference to Fig. 8 and Figure 10 Understand, the device can also include:
Failure certificate monitoring unit 86, it is public for according to predetermined policy, obtaining operating system manufacturer and safety The failure list of cert that department issues;
List update unit 87, for being arranged local preset certificate revocation using the failure list of cert Table is updated.
The website visiting device that the application is provided is applied in certificate management server, by receiving browser The certification verification request of the certificate to be verified for sending, inquires about preset certificate revocation list, and then Determine the effectiveness of certificate to be verified, and feed back to browser end, however, it is determined that certificate to be verified is failure card Book, then browser end is optional selects denied access targeted website, improves safety.
The embodiment of the present application also provides a kind of terminal, and the terminal can carry out website visiting control, such as flat board Computer etc.;The terminal can include above-mentioned website visiting device, can for the description of website visiting device With reference to the description of corresponding part above, here is omitted.
The hardware configuration of the terminal for providing the embodiment of the present application below is described, and is related in being described below The part of call Website access method can refer to corresponding part description above.Figure 11 is carried for the embodiment of the present application For terminal hardware architecture diagram, with reference to Figure 11, the terminal can include:
Processor 1, communication interface 2, memorizer 3, communication bus 4, and display screen 5;
Wherein processor 1, communication interface 2, memorizer 3 and display screen 5 complete phase by communication bus 4 Communication between mutually;
Optionally, communication interface 2 can be the interface of communication module, the such as interface of gsm module;
Processor 1, for configuration processor;
Memorizer 3, for depositing program;
Program can include program code, and described program code includes the operational order of processor.
The possibly central processor CPU of processor 1, or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the embodiment of the present application One or more integrated circuits.
Memorizer 3 may include high-speed RAM memorizer, it is also possible to also including nonvolatile memory (non-volatile memory), for example, at least one disk memory.
Wherein, program can be specifically for:
The certificate that targeted website sends is obtained, the certificate is corresponding with the targeted website;
At least one preset inquiry channel is chosen, is sent for verifying to the corresponding server of inquiry channel The certification verification request of certificate validity, wherein, be stored with expression in server corresponding with inquiry channel The certificate revocation list of failure certificate;
The state of validity of the certificate of the reception server feedback, and according to the effective character of the certificate State chooses whether to access the targeted website.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms It is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily requires Either to imply and there is any this actual relation or order between these entities or operation.And, art Language " including ", "comprising" or its any other variant are intended to including for nonexcludability, so as to So that a series of process, method, article or equipment including key elements not only includes those key elements, and Also include other key elements for being not expressly set out, or also include for this process, method, article or The intrinsic key element of person's equipment.In the absence of more restrictions, by sentence "including a ..." The key element of restriction, it is not excluded that also deposit in the process including the key element, method, article or equipment In other identical element.
Each embodiment is described by the way of progressive in this specification, and each embodiment is stressed The difference with other embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or use The application.Various modifications to these embodiments will be for those skilled in the art aobvious and easy See, generic principles defined herein can in the case of without departing from spirit herein or scope, Realize in other embodiments.Therefore, the application is not intended to be limited to the embodiments shown herein, And it is to fit to the most wide scope consistent with principles disclosed herein and features of novelty.

Claims (12)

1. a kind of Website access method, it is characterised in that be applied to browser, the method includes:
The certificate that targeted website sends is obtained, the certificate is corresponding with the targeted website;
At least one preset inquiry channel is chosen, is sent for verifying to the corresponding server of inquiry channel The certification verification request of certificate validity, wherein, be stored with expression in server corresponding with inquiry channel The certificate revocation list of failure certificate;
The state of validity of the certificate of the reception server feedback, and according to the effective character of the certificate State chooses whether to access the targeted website.
2. method according to claim 1, it is characterised in that the selection it is preset at least one Inquiry channel, the certification authentication sent for verifying certificate validity to the corresponding server of inquiry channel please Ask, including:
Inquiry local system more new file, to determine the state of validity of the certificate, wherein, described Record has the certificate revocation list for representing failure certificate in ground system update file;
According to OCSP protocol (Online Certificate Status Protocol, online certificate status protocol), The certification verification request for verifying certificate validity is sent to the issuing organization of the certificate, wherein, institute Stating certification authority record has the certificate revocation list for representing failure certificate;
The certification verification request for verifying certificate validity is sent to preset certificate management server, its It is stored with middle certificate management server and represents the certificate revocation list of failure certificate;
The state of validity of the certificate of the reception server feedback, and according to the effective of the certificate Character state chooses whether to access the targeted website, including:
Receive local system, the issuing organization of the certificate and the certificate management server three each reflexive The state of validity of the certificate of feedback;
If it is determined that in three the state of validity for receiving, any one the state of validity is failure state, then Targeted website described in denied access.
3. method according to claim 2, it is characterised in that deposit in the certificate management server The certificate revocation list of storage is stored according to the fingerprint of certificate, then described to take to preset certificate management Business device sends the certification verification request for verifying certificate validity, including:
The certificate validity checking of the fingerprint for carrying the certificate is sent to preset certificate management server Request.
4. a kind of Website access method, it is characterised in that be applied to certificate management server, the method bag Include:
Receive the certification verification request for verifying certificate validity that browser sends, the certification authentication Request bag contains certificate to be verified;
Preset certificate revocation list is read, the certificate revocation list is used for the certificate of storage failure;
Judge in the certificate revocation list with the presence or absence of the certificate to be verified, if so, determine described The state of validity of certificate to be verified is failure, if it is not, determining the state of validity of the certificate to be verified For effective;
The state of validity of the certificate to be verified is fed back to into browser, it is effective according to the certificate for it Character state chooses whether to continue to access website.
5. method according to claim 4, it is characterised in that include in the certification verification request Be certificate to be verified fingerprint, in the certificate revocation list store for fail certificate fingerprint, then The judgement whether there is the certificate to be verified in the certificate revocation list, including:
Judge with the presence or absence of the fingerprint of certificate to be verified in the certificate revocation list, if, it is determined that There is the certificate to be verified in the certificate revocation list, if not, it is determined that the certificate revocation list In there is no the certificate to be verified.
6. method according to claim 4, it is characterised in that also include:
According to predetermined policy, the failure list of cert that operating system manufacturer and security firm issue is obtained;
Local preset certificate revocation list is updated using the failure list of cert.
7. a kind of website visiting device, it is characterised in that be applied to browser, the device includes:
Certificate acquisition unit, for obtaining the certificate of targeted website transmission, the certificate and the target network Stand corresponding;
Status poll unit, it is corresponding to inquiry channel for choosing at least one preset inquiry channel Server sends the certification verification request for verifying certificate validity, wherein, it is corresponding with inquiry channel It is stored with server and represents the certificate revocation list of failure certificate;
Access process unit, for the state of validity of the certificate of the reception server feedback, and according to The state of validity of the certificate chooses whether to access the targeted website.
8. device according to claim 7, it is characterised in that the status poll unit includes:
First state inquires about subelement, for inquiring about local system more new file, to determine the certificate The state of validity, wherein, record has the certificate for representing failure certificate to remove in the local system more new file Pin list;
Second status poll subelement, for according to OCSP protocol (Online Certificate Status Protocol, online certificate status protocol), send for verifying that certificate has to the issuing organization of the certificate The certification verification request of effect property, wherein, the certification authority record has the certificate for representing failure certificate Revocation list;
The third state inquires about subelement, for sending for verifying certificate to preset certificate management server It is stored with the certification verification request of effectiveness, wherein certificate management server and represents the certificate of failure certificate Revocation list;
The access process unit includes:
The state of validity receiving unit, for receiving local system, the issuing organization of the certificate and described The state of validity of the certificate of each self feed back of certificate management server three;
The state of validity judging unit, for it is determined that receive three the state of validity in, any one When the state of validity is failure state, targeted website described in denied access.
9. device according to claim 8, it is characterised in that deposit in the certificate management server The certificate revocation list of storage is stored according to the fingerprint of certificate, then the third state inquires about subelement Including:
Fingerprint queries unit, for sending the finger for carrying the certificate to preset certificate management server The certificate validity checking request of stricture of vagina.
10. a kind of website visiting device, it is characterised in that be applied to server, the device includes:
Checking request receiving unit, for receiving the certificate for verifying certificate validity of browser transmission Checking request, the certification verification request includes certificate to be verified;
List reading unit, for reading preset certificate revocation list, the certificate revocation list is used for The certificate of storage failure;
List query unit, for judging to whether there is the card to be verified in the certificate revocation list Book;
Certificate status determining unit, for when the list query unit judges result is to be, determining institute The state of validity for stating certificate to be verified is failure, when the list query unit judges result is no, The state of validity for determining the certificate to be verified is effective;
Certificate status feedback unit, for the state of validity of the certificate to be verified to be fed back to into browser, So that it chooses whether to continue to access website according to the certificate validity status.
11. devices according to claim 10, it is characterised in that the checking request receiving unit What is included in the certification verification request of reception is the fingerprint of certificate to be verified, is deposited in the certificate revocation list Storage for fail certificate fingerprint, then the list query unit include:
First list inquires about subelement, for judging in the certificate revocation list with the presence or absence of to be verified The fingerprint of certificate.
12. devices according to claim 10, it is characterised in that also include:
Failure certificate monitoring unit, for according to predetermined policy, obtaining operating system manufacturer and security firm The failure list of cert of issue;
List update unit, for using the failure list of cert to local preset certificate revocation list It is updated.
CN201510407842.3A 2015-07-13 2015-07-13 Website access method and device Active CN106656455B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510407842.3A CN106656455B (en) 2015-07-13 2015-07-13 Website access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510407842.3A CN106656455B (en) 2015-07-13 2015-07-13 Website access method and device

Publications (2)

Publication Number Publication Date
CN106656455A true CN106656455A (en) 2017-05-10
CN106656455B CN106656455B (en) 2020-11-03

Family

ID=58815004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510407842.3A Active CN106656455B (en) 2015-07-13 2015-07-13 Website access method and device

Country Status (1)

Country Link
CN (1) CN106656455B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508682A (en) * 2017-08-16 2017-12-22 努比亚技术有限公司 Browser certificate authentication method and mobile terminal
CN108092777A (en) * 2017-12-26 2018-05-29 北京奇虎科技有限公司 The monitoring and managing method and device of digital certificate
CN109921910A (en) * 2019-03-21 2019-06-21 平安科技(深圳)有限公司 Verification method and device, storage medium, the electronic device of certificate status
CN111291369A (en) * 2020-01-20 2020-06-16 北京无限光场科技有限公司 Information detection method and electronic equipment
CN114143034A (en) * 2021-11-01 2022-03-04 清华大学 Network access security detection method and device
CN116455633A (en) * 2023-04-17 2023-07-18 清华大学 Digital certificate verification method and device, electronic equipment and storage medium
CN116827648A (en) * 2023-07-07 2023-09-29 亚数信息科技(上海)有限公司 Website effectiveness detection method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101002420A (en) * 2003-12-19 2007-07-18 摩托罗拉公司(在特拉华州注册的公司) Mobile device and method for providing certificate based cryptography
CN101212465A (en) * 2006-12-26 2008-07-02 中兴通讯股份有限公司 Method for authenticating validity of IKE V2 certificate
CN101848218A (en) * 2010-05-14 2010-09-29 山东泰信电子有限公司 Method for secure access of Internet television terminal to Internet
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
CN102571770A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Man-in-the-middle attack detection method, device, server and system
CN102647394A (en) * 2011-02-16 2012-08-22 中兴通讯股份有限公司 Routing device identity authentication method and routing device identity authentication device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101002420A (en) * 2003-12-19 2007-07-18 摩托罗拉公司(在特拉华州注册的公司) Mobile device and method for providing certificate based cryptography
CN101212465A (en) * 2006-12-26 2008-07-02 中兴通讯股份有限公司 Method for authenticating validity of IKE V2 certificate
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
CN101848218A (en) * 2010-05-14 2010-09-29 山东泰信电子有限公司 Method for secure access of Internet television terminal to Internet
CN102647394A (en) * 2011-02-16 2012-08-22 中兴通讯股份有限公司 Routing device identity authentication method and routing device identity authentication device
CN102571770A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Man-in-the-middle attack detection method, device, server and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
M. MYERS: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", 《IETF 2560》 *
徐文娟: "OCSP在CA安全认证系统中的应用实现", 《计算机工程与应用》 *
陈亨斌: "基于 OCSP 协议的证书状态查询系统", 《微计算机信息》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508682A (en) * 2017-08-16 2017-12-22 努比亚技术有限公司 Browser certificate authentication method and mobile terminal
CN108092777A (en) * 2017-12-26 2018-05-29 北京奇虎科技有限公司 The monitoring and managing method and device of digital certificate
CN108092777B (en) * 2017-12-26 2021-08-24 北京奇虎科技有限公司 Method and device for supervising digital certificate
CN109921910A (en) * 2019-03-21 2019-06-21 平安科技(深圳)有限公司 Verification method and device, storage medium, the electronic device of certificate status
CN111291369A (en) * 2020-01-20 2020-06-16 北京无限光场科技有限公司 Information detection method and electronic equipment
CN111291369B (en) * 2020-01-20 2022-05-20 北京无限光场科技有限公司 Information detection method and electronic equipment
CN114143034A (en) * 2021-11-01 2022-03-04 清华大学 Network access security detection method and device
CN116455633A (en) * 2023-04-17 2023-07-18 清华大学 Digital certificate verification method and device, electronic equipment and storage medium
CN116455633B (en) * 2023-04-17 2024-01-30 清华大学 Digital certificate verification method and device, electronic equipment and storage medium
CN116827648A (en) * 2023-07-07 2023-09-29 亚数信息科技(上海)有限公司 Website effectiveness detection method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN106656455B (en) 2020-11-03

Similar Documents

Publication Publication Date Title
CN106656455A (en) Website access method and device
EP3432541B1 (en) Web site login method and apparatus
EP3639496B1 (en) Improved network access point
CN103597494B (en) Method and apparatus for managing digital usage rights of a document
JP5522307B2 (en) System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines
CN102281286B (en) Flexible end-point compliance and strong authentication method and system for distributed hybrid enterprises
CN100573402C (en) Code signing system and method
JP6949064B2 (en) Authentication and approval method and authentication server
CN112912880A (en) Container builder for personalized web services
WO2018228950A1 (en) Home network access
WO2018228952A1 (en) Expendable network access
CN105052108A (en) Automatic fraudulent digital certificate detection
CN109617933A (en) Utilize the network-based single-sign-on of form filling agent application
JP4533935B2 (en) License authentication system and authentication method
CN110149328A (en) Interface method for authenticating, device, equipment and computer readable storage medium
JP2016521932A (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
EP2622534B1 (en) Trustworthy device claims as a service
CN109617926A (en) Control method, device and the storage medium of service authority
CN105939362A (en) User account management method and device
CN104753944A (en) Account security verifying method and system
WO2019011187A1 (en) Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account
CN110516173A (en) A kind of illegal website recognition methods, device, equipment and medium
CN105959293B (en) The management method and device of electronic account
US20080046750A1 (en) Authentication method
CN109818965B (en) Personal identity verification device and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant