| 主权项 |
1. A computer implemented method to promptly detect digital certificate misuse, the method comprising:
signing, by a software distributor via a first server, at least one software file using a digital certificate with a digital signature identifying said software distributor; and acquiring, by at least one user via a computing device, a copy of said at least one signed software file, wherein said digital certificate to be used for said signing is previously recorded in a second server in communication with said first server, the digital certificate to be recorded being provided by the software distributor upon a registration of the software distributer in said second server and the digital certificate including information obtained from a trust certificate chain associated to the digital certificate when performing said registration, wherein the second server, upon a request made by the software distributor, generates a hashstamp of the at least one signed software file, wherein said registration comprises checking, by the second server, data included in the provided digital certificate including at least a domain and/or an electronic address, and; performing, by the second server, a second authentication of said digital certificate by performing the following steps:
generating a one-time password (OTP);sending said generated OTP to the software distributor through a communication channel including at least a text message, an electronic message or an instant message; andcertifying, upon receiving said OTP from the software distributor, that the received OTP matches with said generated OTP. |
