CN101227276A - Method and system for public key safety transfer of digital mobile certificate - Google Patents
Method and system for public key safety transfer of digital mobile certificate Download PDFInfo
- Publication number
- CN101227276A CN101227276A CNA2007100629032A CN200710062903A CN101227276A CN 101227276 A CN101227276 A CN 101227276A CN A2007100629032 A CNA2007100629032 A CN A2007100629032A CN 200710062903 A CN200710062903 A CN 200710062903A CN 101227276 A CN101227276 A CN 101227276A
- Authority
- CN
- China
- Prior art keywords
- pki
- encryption
- digital mobile
- mobile certificate
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method and a system for safely transferring public keys of digital moving certifications, which comprises: adopting an encryption key which is arranged to process the public keys which are generated by the digital moving certifications through encryption, then, sending the public keys after processing through encryption to a certificate authority, finally, adopting a corresponding decryption key to process the public key by the certificate authority, and storing the public key which is passed through decryption checks as a legal public key. The safety for applying the digital moving certifications is increased, which can safely transfer the public keys in the digital moving certifications to the certificate authority. The method is simple and convenient and is convenient for popularization.
Description
Technical field
The present invention relates to the application of electronic technology field, relate in particular to a kind of method and system of public key safety transmission of digital mobile certificate.
Background technology
At present, many users need pass through the bank system of web transacting business, along with the legislation of digital certificates (electronic signature), also have many users to use individual digital mobile certificate (such as USBKEY etc.) in daily application practice.The individual digital mobile certificate can be encrypted, sign, authenticate data, has improved fail safe when network payment and online transaction greatly.
The security system that is based on public key algorithm that digital mobile certificate adopts mostly, according to the public key safety algorithm, use the private key result calculated, can only use the verification of PKI ability, use public-key and to derive private key, also just can't copy the private key result calculated, this just makes the calculating of private key have non repudiation.Present digital mobile certificate is normally when the user uses for the first time, portion generates public private key pair within it, and private key is left in the digital mobile certificate, and is externally not open, PKI is sent to authentication center, be used for the data that digital mobile certificate uses private key to carry out signature calculation are authenticated.
For the safety that guarantees that digital mobile certificate uses, after use after a while, certificate need be changed upgrading, is exactly to generate public private key pair again in digital mobile certificate, newer PKI is sent to authentication center and replaces original PKI.
Usually all be to be connected on the computer to use at digital mobile certificate at present; after PKI generates; when in digital mobile certificate, taking out; all be directly to obtain by publicity pattern; without any other safeguard measure; and all PKI being sent to authentication center by the Internet, this has brought hidden danger with regard to the application security of giving digital mobile certificate.
For example, when digital mobile certificate sends PKI, if intermediary interface is controlled by others, use another PKI PKI that digital mobile certificate is real to replace, so, after this " vacation " PKI was sent to authentication center, others just can pretend to be the owner of digital mobile certificate to use " vacation " private key of " vacation " PKI correspondence to carry out malfeasance.
Summary of the invention
In view of the above problems, the purpose of this invention is to provide a kind of method and system of public key safety transmission of digital mobile certificate,
The objective of the invention is to be achieved through the following technical solutions:
The method that a kind of public key safety of digital mobile certificate transmits comprises,
The PKI that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption;
PKI after the encryption is sent to authentication center;
Authentication center adopts corresponding decruption key that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
Described encryption and deciphering checking treatment process comprise,
Adopt the encryption key of setting that PKI is carried out encryption, and authentication center adopt corresponding decruption key to be decrypted checking treatment; Perhaps,
Calculation check sign indicating number and the PKI of the PKI that the encryption key that will adopt set generates send in the lump, and authentication center adopts the calculation check sign indicating number of the PKI of corresponding decruption key generation that PKI is decrypted checking treatment; Perhaps,
The compute signature and the PKI that adopt the encryption key of setting to generate PKI are sent in the lump, and the compute signature that authentication center adopts the decruption key of described correspondence to generate PKI is decrypted checking treatment to PKI.
The encryption key of described setting sets in advance in digital mobile certificate, and sets in advance corresponding decruption key in authentication center.
Described method also comprises,
The PKI that verification is not passed through is not done to preserve as legal PKI and is handled.
The dispensing device that a kind of public key safety of digital mobile certificate transmits comprises,
Encryption processing module, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption;
The PKI sending module is used for the PKI after the encryption is sent to authentication center.
Described encryption processing module comprises,
Encrypting module adopts the encryption key of setting that PKI is encrypted; Or,
The calculation check sign indicating number is provided with module, adopts the encryption key of setting that the calculation check sign indicating number of PKI is set; Or,
The compute signature generation module adopts the encryption key of setting to generate the compute signature of PKI.
The receiving system that a kind of public key safety of digital mobile certificate transmits is located at authentication center, and this device comprises,
The PKI receiver module is used to receive the PKI through after the encryption;
Deciphering checking treatment module is used to adopt decruption key that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
The system that a kind of public key safety of digital mobile certificate transmits comprises,
The dispensing device that the public key safety of digital mobile certificate transmits, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption; And the PKI after the encryption is sent to authentication center;
The receiving system that the public key safety of digital mobile certificate transmits is located at authentication center, adopts corresponding decryption policy that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
As seen from the above technical solution provided by the invention, the method and system that the public key safety of this described a kind of digital mobile certificate transmits, at first, the PKI that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption; Then, the PKI after the encryption is sent to authentication center; At last, authentication center adopts corresponding decryption policy that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.Increase the fail safe that digital mobile certificate is used, can safely the PKI in the digital mobile certificate have been passed to authentication center.Simple and convenient, be convenient to popularize.
Description of drawings
Fig. 1 is the structural representation of the system that transmits of the public key safety of digital mobile certificate of the present invention.
Embodiment
The method that the public key safety of a kind of digital mobile certificate of the present invention transmits, it specifically comprises,
At first, the PKI that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption.The encryption key of described setting sets in advance and deposits in the digital mobile certificate, specifically before digital mobile certificate is given user's use, the encryption key of a secret is set in inside in advance, this encryption key leaves in and do not allow in the digital mobile certificate to be obtained by the external world, and is just covert, secret.Be provided with corresponding decryption policy in authentication center simultaneously, can determine corresponding decruption key according to corresponding decryption policy, so that the PKI after the encryption is decrypted checking treatment.This can use symmetric key algorithm to encryption key and decruption key, also can use asymmetric key algorithm.
After digital mobile certificate generates public private key pair, after the encryption key of this secret of use carries out encryption to PKI in digital mobile certificate, disclose out again.
Secondly, the PKI after the encryption is sent to authentication center; This process is consistent with prior art, repeats no more.
Once more, authentication center adopts corresponding decruption key that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.The PKI that verification is not passed through is not done to preserve as legal PKI and is handled.Be specially after PKI is delivered to authentication center, have only use corresponding decruption key to be decrypted or verification errorless after, just confirm the legitimacy of PKI and deposit.So just can prevent that the interior PKI of digital mobile certificate is by illegal replacement.Thereby guarantee the fail safe of application.
Previously described encryption and deciphering checking treatment process comprise following three kinds of modes,
1, adopt the encryption key of setting that PKI is carried out encryption, and authentication center adopt corresponding decruption key to be decrypted checking treatment; Perhaps,
2, will adopt the calculation check sign indicating number and the PKI of the PKI of the encryption key generation of setting to send in the lump, and authentication center adopt the calculation check sign indicating number of the PKI of corresponding decruption key generation that PKI is decrypted checking treatment; Perhaps,
3, the compute signature and the PKI that will adopt the encryption key of setting to generate PKI sends in the lump, and the compute signature that authentication center adopts the decruption key of described correspondence to generate PKI is decrypted checking treatment to PKI.
Concrete encrypt and decrypt can adopt symmetric key algorithm and asymmetric key algorithm respectively, and actual application comprises:
1, adopts symmetric key algorithm
First kind of mode, digital mobile certificate adopts the encryption key of setting to encrypt to public key data, uses private key to calculate a signature simultaneously, after authentication center decrypts PKI, with PKI signature is carried out verification, the public key data that verification is received by explanation is errorless, and PKI is legal;
The second way, digital mobile certificate calculates a check code to public key data, use private key to calculate a signature simultaneously, authentication center is also to public key data calculation check sign indicating number, the check code that result and digital mobile certificate are calculated compares, and consistent this public key data that illustrates of result is that digital mobile certificate to be verified sends, and with PKI signature is carried out verification again, verification is errorless by the explanation data, and PKI is legal;
2, asymmetric key algorithm
First kind of mode, digital mobile certificate is signed to the summary of public key data, use private key to calculate a signature simultaneously, authentication center authenticates the digest of PKI, after being confirmed to be the summary of public key data, with PKI signature is carried out verification, verification is errorless by the public key data that explanation receives, and PKI is legal;
The second way, digital mobile certificate adopt the encryption key of setting that public key data is encrypted, and use private key to calculate a signature simultaneously, after authentication center decrypts PKI, with PKI signature are carried out verification, and verification is errorless by the explanation data, and PKI is legal.
In order to realize said method, as shown in Figure 1, the system that the present invention also provides a kind of public key safety of digital mobile certificate to transmit comprises the receiving system of dispensing device that the public key safety of digital mobile certificate transmits and the public key safety transmission of digital mobile certificate, wherein
The dispensing device that the public key safety of digital mobile certificate transmits, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption; And the PKI after the encryption is sent to authentication center; The dispensing device of the public key safety transmission of described digital mobile certificate specifically comprises encryption processing module and PKI sending module, wherein,
Encryption processing module, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption; Described encryption processing module comprises that encrypting module, calculation check sign indicating number are provided with module or compute signature generation module, and,
Encrypting module adopts the encryption key of setting that PKI is encrypted;
The calculation check sign indicating number is provided with module, adopts the encryption key of setting that the calculation check sign indicating number of PKI is set;
The compute signature generation module adopts the encryption key of setting to generate the compute signature of PKI.
The PKI sending module is used for the PKI after the encryption is sent to authentication center.
The receiving system that the public key safety of digital mobile certificate transmits is arranged at authentication center, comprising:
The PKI receiver module is used to receive that the dispensing device of the public key safety transmission of digital mobile certificate sends through the PKI after the encryption;
Deciphering checking treatment module is used to adopt corresponding decruption key that the PKI that the PKI receiver module receives is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
In sum, use the inventive method and system, it mainly has following several advantage:
1, is easy to realize: only need original bank system of web is carried out less change; As add deciphering checking treatment module, and realize corresponding deciphering checking procedure, just can satisfy requirement of the present invention;
2, cost is low: only need carry out suitable function improvement to the software in the digital mobile certificate and get final product.For example, the software in the digital mobile certificate need have the function that PKI is encrypted increases accordingly.
3, highly versatile: this method does not have any special requirement for digital mobile certificate, is applicable to the digital mobile certificate of any kind in principle.
4, practical, be convenient to popularize: because of what adopt all are mature technique, implement simple, easy to utilize.
5, safe: as to have solved existing digital mobile certificate and carried out the potential safety hazard of PKI when transmitting, reduced risk as the bank system of web transaction.
In a word, use the inventive method, increased the fail safe that digital mobile certificate is used, simple and convenient, be convenient to popularize.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (8)
1. the method for the public key safety of digital mobile certificate transmission is characterized in that, comprise,
The PKI that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption;
PKI after the encryption is sent to authentication center;
Authentication center adopts corresponding decruption key that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
2. the method transmitted of the public key safety of digital mobile certificate according to claim 1 is characterized in that, described encryption and deciphering checking treatment process comprise,
Adopt the encryption key of setting that PKI is carried out encryption, and authentication center adopt corresponding decruption key to be decrypted checking treatment; Perhaps,
Calculation check sign indicating number and the PKI of the PKI that the encryption key that will adopt set generates send in the lump, and authentication center adopts the calculation check sign indicating number of the PKI of corresponding decruption key generation that PKI is decrypted checking treatment; Perhaps,
The compute signature and the PKI that adopt the encryption key of setting to generate PKI are sent in the lump, and the compute signature that authentication center adopts the decruption key of described correspondence to generate PKI is decrypted checking treatment to PKI.
3. the method for the public key safety of digital mobile certificate according to claim 1 and 2 transmission is characterized in that the encryption key of described setting sets in advance in digital mobile certificate, and sets in advance corresponding decruption key in authentication center.
4. the method transmitted of the public key safety of digital mobile certificate according to claim 1 is characterized in that, described method also comprises,
The PKI that verification is not passed through is not done to preserve as legal PKI and is handled.
5. the dispensing device of the public key safety of digital mobile certificate transmission is characterized in that, comprise,
Encryption processing module, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption;
The PKI sending module is used for the PKI after the encryption is sent to authentication center.
6. the dispensing device that transmits of the public key safety of digital mobile certificate according to claim 5 is characterized in that, described encryption processing module comprises,
Encrypting module adopts the encryption key of setting that PKI is encrypted; Or,
The calculation check sign indicating number is provided with module, adopts the encryption key of setting that the calculation check sign indicating number of PKI is set; Or,
The compute signature generation module adopts the encryption key of setting to generate the compute signature of PKI.
7. the receiving system that transmits of the public key safety of a digital mobile certificate is characterized in that, this device of being located at authentication center comprises,
The PKI receiver module is used to receive the PKI through after the encryption;
Deciphering checking treatment module is used to adopt decruption key that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
8. the system of the public key safety of digital mobile certificate transmission is characterized in that, comprise,
The dispensing device that the public key safety of digital mobile certificate transmits, the PKI that is used for that digital mobile certificate is generated adopts the encryption key of setting to carry out encryption; And the PKI after the encryption is sent to authentication center;
The receiving system that the public key safety of digital mobile certificate transmits is located at authentication center, adopts corresponding decryption policy that PKI is decrypted checking treatment, and will decipher PKI that verification passes through as legal PKI preservation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100629032A CN101227276B (en) | 2007-01-19 | 2007-01-19 | Method and system for public key safety transfer of digital mobile certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100629032A CN101227276B (en) | 2007-01-19 | 2007-01-19 | Method and system for public key safety transfer of digital mobile certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101227276A true CN101227276A (en) | 2008-07-23 |
| CN101227276B CN101227276B (en) | 2010-09-01 |
Family
ID=39859049
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100629032A Active CN101227276B (en) | 2007-01-19 | 2007-01-19 | Method and system for public key safety transfer of digital mobile certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101227276B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281908A (en) * | 2014-07-23 | 2016-01-27 | 阿里巴巴集团控股有限公司 | USB Key and USB Key digital certificate write-in method and device |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
| CN105989497A (en) * | 2016-03-07 | 2016-10-05 | 李明 | Payment method and system |
| CN106792665A (en) * | 2016-12-19 | 2017-05-31 | 华东师范大学 | Wireless sensor network security small data distribution method based on short and small public-key cryptosystem |
| CN110192194A (en) * | 2017-01-11 | 2019-08-30 | 锡克拜控股有限公司 | System and method for authenticating safety certificate |
| CN112433742A (en) * | 2020-11-26 | 2021-03-02 | 中电金融设备系统(深圳)有限公司 | Secure firmware updating method, device, equipment and storage medium |
| CN113742760A (en) * | 2021-11-04 | 2021-12-03 | 武汉泰乐奇信息科技有限公司 | Big data calling method and device for preventing data increase |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404119B (en) * | 2011-10-27 | 2016-03-16 | 深圳市文鼎创数据科技有限公司 | The method to set up of cryptographic key factors of dynamic tokens, dynamic token and server |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7925878B2 (en) * | 2001-10-03 | 2011-04-12 | Gemalto Sa | System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials |
| CN1534936A (en) * | 2003-03-31 | 2004-10-06 | 华为技术有限公司 | Key distribution method in radio local network based on public key certificate mechanism |
-
2007
- 2007-01-19 CN CN2007100629032A patent/CN101227276B/en active Active
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281908A (en) * | 2014-07-23 | 2016-01-27 | 阿里巴巴集团控股有限公司 | USB Key and USB Key digital certificate write-in method and device |
| CN105281908B (en) * | 2014-07-23 | 2019-08-06 | 阿里巴巴集团控股有限公司 | USB Key, USB Key digital certificate wiring method and device |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
| CN105323070B (en) * | 2015-02-09 | 2018-12-21 | 北京中油瑞飞信息技术有限责任公司 | A kind of safety E-mail implementation method based on digital envelope |
| CN105989497A (en) * | 2016-03-07 | 2016-10-05 | 李明 | Payment method and system |
| CN106792665A (en) * | 2016-12-19 | 2017-05-31 | 华东师范大学 | Wireless sensor network security small data distribution method based on short and small public-key cryptosystem |
| CN110192194A (en) * | 2017-01-11 | 2019-08-30 | 锡克拜控股有限公司 | System and method for authenticating safety certificate |
| CN110192194B (en) * | 2017-01-11 | 2023-07-18 | 锡克拜控股有限公司 | System and method for authenticating security certificates |
| CN112433742A (en) * | 2020-11-26 | 2021-03-02 | 中电金融设备系统(深圳)有限公司 | Secure firmware updating method, device, equipment and storage medium |
| CN113742760A (en) * | 2021-11-04 | 2021-12-03 | 武汉泰乐奇信息科技有限公司 | Big data calling method and device for preventing data increase |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101227276B (en) | 2010-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666428B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
| CN103714639B (en) | A kind of method and system that realize the operation of POS terminal security | |
| CN101227276B (en) | Method and system for public key safety transfer of digital mobile certificate | |
| CN101662469B (en) | Method and system based on USBKey online banking trade information authentication | |
| CN101848090B (en) | Authentication device and system and method using same for on-line identity authentication and transaction | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| CN102801730B (en) | Information protection method and device for communication and portable devices | |
| US20060280297A1 (en) | Cipher communication system using device authentication keys | |
| US10089627B2 (en) | Cryptographic authentication and identification method using real-time encryption | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| EP1999680A2 (en) | Method and system for obtaining assurance that a content control key is securely stored in a remote security module for further secure communications between a content provider and said security module. | |
| CN101393628A (en) | Novel network safe transaction system and method | |
| CN101335754B (en) | Method for information verification using remote server | |
| US20120124378A1 (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN107104795A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
| KR100468031B1 (en) | Publication and settlement of account for an electronic check | |
| KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
| KR20140071775A (en) | Cryptography key management system and method thereof | |
| KR20070010874A (en) | Method of transfering payment key among electronic cash systems using public key certificate | |
| KR102475434B1 (en) | Security method and system for crypto currency | |
| JPH11231776A (en) | Method and device for issuing certificate | |
| CN117714066B (en) | Key processing method, device and readable storage medium | |
| JP4148465B2 (en) | Electronic value distribution system and electronic value distribution method | |
| CN114548986A (en) | Payment method, payment security code generation method, device, equipment and storage medium | |
| Landrock | New PKI protocols using tamper resistant hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING TENDYRON TECHNOLOGY CO Free format text: FORMER OWNER: LI DONGSHENG Effective date: 20100623 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20100623 Address after: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Applicant after: Beijing Tendyron Technology Co., Ltd. Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Applicant before: Li Dongsheng |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 102211 Beijing city Changping District Baishan town 100 Ge Road No. 9 Building No. 2 hospital Patentee after: Tendyron Technology Co., Ltd. Address before: 100083, B, block 17, golden building, No. 1810 Qinghua East Road, Beijing, Haidian District Patentee before: Beijing Tendyron Technology Co., Ltd. |