At present, many websites that have high security requirements require users to use digital certificate products. According to a storage mode, the digital certificates may be classified into two types. One type is a digital certificate stored in hardware medium, such as USB Key, often referred to as a “hard certificate”; the other type is a digital certificate stored (installed) on a local client (such as desktop computer and notebook computer), often referred to as a “soft certificate.” With respect to an operation which has a high security requirement, a second verification is usually performed by adopting a digital certificate to guarantee the security of the user operation. However, as a digital certificate which is installed on the local client while the verification and processing logic of the certificate is located on the server side, before the execution of the operation which has a high security requirement, it is necessary to collect the certificate which is installed on the local client and then submit it to the server side for a certificate match verification. In such a mode, a great amount of data will be transmitted in the network, which causes a network traffic waste, and a certificate collection and submission step has to be added prior to each operation with high security requirement.
With regard to such problem, the existing solution is to collect and submit a certificate after a user logs in, then verify the certificate, and cache the verification result, as specifically shown in FIG. 1. FIG. 1 is a schematic diagram of an interaction between a browser and a corresponding server under the existing digital certificate verification solution. Since the digital certification verification needs to be carried out, the operations which need to be performed to complete the user's login include the following: requesting to log in at step 110, collecting certificate information at step 120, submitting the certificate information at step 130, verifying the certificate and caching the certificate verification result at step 140, initiating a corresponding service request in response to a user operation at step 150, and executing a service at step 160.
The existing solution shown in FIG. 1 has the following apparent defects: 1) the client terminal has to perform a certification collection and submission operation each time the user logs in, and if only 20% of users need to carry out a certificate verification to perform an operations with a high security requirement, this means that 80% of the certificate submission and verification operation are wasted; and 2) since the volume of digital certificates is relatively large, when the collected certificate content is submitted to a server for verification, generally the certificate will be placed in a format of form items and submitted to the server in a POST mode.