CN-120915460-B - Method for measuring digital certificate and digital signature credibility based on feature vector algorithm

Abstract

The invention discloses a method for measuring the credibility of a digital certificate and a digital signature based on a feature vector algorithm, which relates to the technical field of computers and comprises the steps of analyzing a format field of the digital certificate, extracting field information, mapping the field information into credibility factors of multiple dimensions according to a mapping rule, and generating a credibility feature vector; the method comprises the steps of obtaining a digital signature verification, calculating the integrated characteristic intensity of a credibility characteristic vector by using Euclidean norms to obtain a quantized credibility value, carrying out credibility calculation on each digital certificate in a certificate chain formed by digital signature verification according to the quantized credibility value to generate a digital certificate credibility sequence, and distributing weight values which are gradually decreased to each digital certificate according to the digital certificate credibility sequence and the sequence position of the digital certificate in the chain to generate a weight corresponding set which is qualified in verification. The invention separates the measurement of the certificate link from the use operation, simplifies the design, improves the flexibility and expansibility, and integrally enhances the security assurance capability of digital signature verification.

Inventors

• ZHANG CHAO
• WU PING
• XIE QIAN
• XU JIAWU
• GAO LIMING
• FAN JIANFENG
• CAO SHENGMING
• YU YU

Assignees

• 南京百敖软件有限公司
• 江苏卓易信息科技股份有限公司
• 上海百之敖信息科技有限公司

Dates

Publication Date

20260508

Application Date

20250731

Claims (10)

1. 1. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm is characterized by comprising the following steps of, Analyzing the format field of the digital certificate, extracting field information, mapping the field information into credibility factors of multiple dimensions according to a mapping rule, and generating a credibility feature vector; Calculating the comprehensive characteristic intensity of the credibility characteristic vector by using the Euclidean norm to obtain a quantized credibility value; According to the quantized credibility value, performing credibility calculation on each digital certificate in a certificate chain formed by digital signature verification to generate a digital certificate credibility sequence; According to the digital certificate credibility sequence and the sequence position of the digital certificate in the link, sequentially decreasing weight values are distributed to each digital certificate, and a weight corresponding set qualified in verification is generated; based on the weight corresponding set which is qualified in verification, weighting and accumulating the weight value and the quantitative credibility value of the digital certificate one by one, adding a normalized compensation value, and generating a certificate chain credibility score; And performing reliability optimization on the digital signature set to be verified by using the certificate chain reliability score, and generating a digital signature reliability ordering result.
2. 2. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 1, wherein the steps of analyzing the format field of the digital certificate, extracting field information, mapping the field information into credibility factors of multiple dimensions according to a mapping rule, generating a credibility feature vector are as follows, Extracting an issuing mechanism, a country region where the issuing mechanism is located, certificate usage, algorithm type, key length and key hash value from the digital certificate to form a field information data set; based on the mapping rule, the field information data set is converted into a plurality of characteristic dimension values required by credibility evaluation, and the characteristic dimension values are combined into a multidimensional vector form to generate a credibility characteristic vector.
3. 3. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 2, wherein the step of calculating the comprehensive feature strength of the credibility feature vector by using the Euclidean norm to obtain the quantized credibility value comprises the following steps of, Squaring the reliability factors of each dimension in the reliability feature vector to obtain a square value sequence; summing the square value sequences to obtain a dimension contribution value sum, and performing evolution operation on the dimension contribution value sum to generate comprehensive characteristic intensity which is used as a quantitative credibility value of the digital certificate.
4. 4. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 3, wherein the steps of performing credibility calculation on each digital certificate in a certificate chain formed by digital signature verification according to the quantized credibility value to generate a digital certificate credibility sequence are as follows, Analyzing the digital signature structure, and extracting a certificate chain according to the verification dependency sequence; Combining the quantitative credibility value of each digital certificate in the certificate chain with the link sequence position of the digital certificate to form a structured scoring node; based on the structured scoring node, adjusting the credibility value of the digital certificate with the field missing to a corresponding reduced interval by using a fault tolerance mechanism, marking the digital certificate as low credibility, and outputting an updated structured scoring node; and according to the updated structured scoring nodes, all the quantized credibility values are orderly arranged according to the sequence of the digital certificate in the link, and the quantized credibility values are output to a digital certificate credibility sequence.
5. 5. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 4, wherein the steps of assigning successively decreasing weight values to each digital certificate according to the credibility sequence of the digital certificate and the sequence position of the digital certificate in the link to generate a weight corresponding set which is qualified for verification are as follows, Reading the sequence length of the digital certificate credibility sequence, generating a weight value which corresponds to the digital certificate credibility sequence length and is decreased progressively, and outputting a weight value list; and sequentially distributing the weight value list to each digital certificate in the digital certificate credibility sequence according to the link sequence, and generating a weight corresponding set qualified in verification by utilizing strict decrementing.
6. 6. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 5, wherein the method comprises the steps of performing weighted accumulation on the weight value and the quantized credibility value of the digital certificate one by one based on the corresponding set of the weights qualified by verification, adding a normalized compensation value to generate a certificate chain credibility score, Based on the qualified weight corresponding set, extracting the weight value and the corresponding quantized credibility value of each digital certificate, and outputting a weight and credibility pair list; Sequentially reading the weight value and the corresponding quantized credibility value of each pair of digital certificates in the weight and credibility pair list, calculating a weighted contribution value, and outputting a weighted contribution value sequence; And accumulating the weighted contribution value sequences and combining the normalized compensation values to generate a certificate chain credibility score.
7. 7. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 6, wherein the steps of sequentially reading the weight value and the corresponding quantized credibility value of each pair of digital certificates in the weight and credibility pair list, calculating a weighted contribution value, outputting a weighted contribution value sequence are as follows, Reading a weight and credibility pair list, extracting a weight value of each pair of digital certificates and a corresponding quantized credibility value, and calculating to obtain a weighted contribution value; and storing each pair of weighted contribution values into the ordered set in sequence, and outputting a weighted contribution value sequence.
8. 8. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm according to claim 6, wherein the reliability preference is carried out on the digital signature set to be verified by utilizing the certificate chain credibility score, a digital signature credibility sequencing result is generated by the following steps, Extracting digital signature information from a signature file and communication data uploaded by a user to obtain a digital signature set to be checked; The digital signature sets to be checked are sorted in descending order according to the certificate chain credibility score, and a preliminary sorting result is output; And carrying out secondary sorting on the digital signatures with the same scores in the primary sorting results by combining the time stamp checking characteristics to generate digital signature credibility sorting results.
9. 9. A computer device comprises a memory and a processor, wherein the memory stores a computer program, and the computer program is characterized in that the processor executes the computer program to implement the method for measuring the credibility of a digital certificate and a digital signature based on the eigenvector algorithm according to any one of claims 1-8.
10. 10. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor performs the steps of the method for measuring the trustworthiness of a digital certificate and a digital signature based on a feature vector algorithm as claimed in any one of claims 1 to 8.

Description

Method for measuring digital certificate and digital signature credibility based on feature vector algorithm Technical Field The invention relates to the technical field of computers, in particular to a method for measuring the credibility of a digital certificate and a digital signature based on a feature vector algorithm. Background With the rapid development of the digital age, public Key Infrastructure (PKI) has become a key technical system for guaranteeing network communication security and identity authentication. PKI realizes the verification of user identity and public key through digital certificate and key management, establishes a secure communication channel, and ensures confidentiality and integrity of data transmission. The core relies on the issuing, management and revocation of a digital certificate by a Certificate Authority (CA) to form a certificate chain consisting of a root certificate and an intermediate certificate, extends a trust boundary and realizes the hierarchical trust transfer from the root certificate to a terminal certificate. As the root of the PKI system, the CA certificate is not only a core element of digital security, but also is related to the security guarantee of national digital rights. The country reduces the dependence on external technology by establishing a local CA organization and a root certificate system, and ensures the autonomous controllability and the safety protection of the network infrastructure of the country. Although the existing PKI system plays a key role in the issuance and verification of digital certificates, the conventional verification method is still significantly insufficient when the actual conditions of various sources of certificates, complex link structures, field information deletion and the like are faced. The existing flow generally depends on signature validity, certificate revocation status and link integrity check, lacks quantization capability of multidimensional trusted factors in certificate fields, and fails to embody weight differences among nodes in links. Particularly, under the scene of abnormal fields or incomplete links, a flexible fault tolerance mechanism and a dynamic adjustment means are lacked, so that the reliability evaluation precision of the whole digital signature is insufficient. Disclosure of Invention The present invention has been made in view of the above-described problems occurring in the prior art. Therefore, the invention provides a method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm, which solves the problems that in the prior art, multidimensional trust factors are difficult to accurately quantify and weight differences of all certificates in a certificate chain are effectively reflected. In order to solve the technical problems, the invention provides the following technical scheme: The invention provides a method for measuring the credibility of a digital certificate and a digital signature based on a feature vector algorithm, which comprises the steps of analyzing format fields of the digital certificate, extracting field information, mapping the field information into credibility factors of multiple dimensions according to a mapping rule to generate a credibility feature vector, calculating the comprehensive feature intensity of the credibility feature vector by utilizing a Euclidean norm to obtain a quantized credibility value, carrying out credibility calculation on each digital certificate in a certificate chain formed by digital signature verification according to the quantized credibility value to generate a digital certificate credibility sequence, distributing weight values which are sequentially decreased to each digital certificate according to the digital certificate credibility sequence and the sequence position of the digital certificate in the chain to generate a weight corresponding set which is qualified in verification, carrying out weighted accumulation on the weight values and the quantized credibility values of the digital certificate one by one based on the weight corresponding set which is qualified in verification, generating a chain credibility score, carrying out credibility optimization on the digital signature to be verified set by utilizing the certificate chain credibility score to generate a digital signature sequencing result. The method for measuring the credibility of the digital certificate and the digital signature based on the feature vector algorithm is used as a preferable scheme, wherein the format field of the digital certificate is analyzed, field information is extracted, the field information is mapped into credibility factors with multiple dimensions according to a mapping rule, a credibility feature vector is generated, the specific steps are as follows, Extracting an issuing mechanism, a country region where the issuing mechanism is located, certificate usage, algorithm type