CN108737112A - A kind of system for the shield that Activates Phone - Google Patents
A kind of system for the shield that Activates Phone Download PDFInfo
- Publication number
- CN108737112A CN108737112A CN201810566120.6A CN201810566120A CN108737112A CN 108737112 A CN108737112 A CN 108737112A CN 201810566120 A CN201810566120 A CN 201810566120A CN 108737112 A CN108737112 A CN 108737112A
- Authority
- CN
- China
- Prior art keywords
- background server
- shield
- data
- signed
- personal information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of systems for the shield that Activates Phone, including:Cellphone shield, background server, intelligent code key and Internetbank client;The hardware sequence number of cellphone shield and personal information data are sent to background server by cellphone shield, the personal information data for obtaining user;Background server, for receiving and storing hardware sequence number and personal information data;Internetbank client is used for viewing hardware sequence number and personal information data, receives the confirmation message of user;Background server, is additionally operable to after Internetbank client receives confirmation message, and data to be signed are sent to intelligent code key;Intelligent code key obtains signed data, and signed data is sent to background server for signing to data to be signed;Background server is additionally operable to carry out sign test to signed data, after sign test passes through, generates activation instruction, activation instruction is sent to cellphone shield;Cellphone shield is additionally operable to after receiving activation instruction, is operated into line activating.
Description
Technical field
The present invention relates to field of communication security more particularly to a kind of systems for the shield that Activates Phone.
Background technology
Universal with mobile terminal device and the Internet, applications service, mobile terminal device increasingly obtains safely weight
Depending on.Cellphone shield safety certification product based on PKI technologies (includes the hard shield based on TEE and safety chip SE, based on the soft of TEE
Shield and the soft shield of distribution for operating in REE environment) use on a large scale.Currently, user is using new cellphone shield product
Before, it needs bank counter to handle relevant formality, to open/Activate Phone shield, great inconvenience is brought to user.Cause
This, how cellphone shield product is safely bound, i.e., shield is opened to safe and convenient/Activate Phone, by very big shadow with user
Ring the universal of cellphone shield.
Invention content
In view of the deficiencies of the prior art, the present invention intends to provide a kind of system for the shield that Activates Phone, with solution
Certainly the problem of above-mentioned background technology.
In order to achieve the above objectives, the present invention realizes by following technical solution:
The present invention provides a kind of system for the shield that Activates Phone, system includes:Cellphone shield, background server, intelligent cipher
Key and Internetbank client, wherein intelligent code key built-in security chip;Cellphone shield is pacified for being established with background server
Full connection, and after establishing secure connection, auxiliary security domain is created, download application program, initialization application from background server
Program is downloaded from background server after the completion of application initialization and stores digital certificates;Cellphone shield is additionally operable to obtain
The hardware sequence number of cellphone shield and personal information data are sent to background server by the personal information data of user;Backstage takes
Business device, for receiving and storing hardware sequence number and personal information data;Internetbank client, for being obtained simultaneously from background server
Viewing hardware sequence number and personal information data, and the confirmation message of user is received, after receiving confirmation message, it will confirm that letter
Breath is sent to background server;Background server is additionally operable to after receiving confirmation message, and data to be signed are sent to intelligence
Cipher key, wherein data to be signed include at least hardware sequence number and personal information data;Intelligent code key, for pair
Data to be signed are signed, and obtain signed data, and signed data is sent to background server;Background server is also used
Sign test is carried out in reception signed data, and to signed data, after sign test passes through, activation instruction is generated, activation instruction is sent
To cellphone shield;Cellphone shield is additionally operable to after receiving activation instruction, is operated into line activating.Optionally, cellphone shield, be additionally operable to
Background server establishes secure connection, and completes initialization operation.
Optionally, personal information data include:User identity card number and/or user mobile phone number.
Optionally, hardware sequence number includes:The equipment Serial Number SN of cellphone shield, alternatively, the safety chip of cellphone shield is hard
Part ID number.
Using technical solution provided by the invention, the unique identification information of user mobile phone shield is tied up with user information
It is fixed, user is then shown to by Internetbank client, user uses the intelligent code key pair of oneself after confirmation message is errorless
It is confirmed that cellphone shield in user activate after confirmation operation.After user takes new cellphone shield product as a result, nothing
Bank counter need to be gone to handle corresponding entries again, to open/Activate Phone shield, and the intelligent code key of oneself can be used direct
By cellphone shield into line activating, to open/Activate Phone shield with reaching safe and convenient, the universal of cellphone shield thus will be greatly improved
Degree.
Description of the drawings
Fig. 1 is a kind of schematic diagram of the system for the shield that Activates Phone provided in an embodiment of the present invention.
Specific implementation mode
To facilitate the understanding of the present invention, in the following with reference to the drawings and specific embodiments, the present invention will be described in more detail.
The preferred embodiment of the present invention is given in attached drawing.But the present invention can realize in many different forms, however it is not limited to
This specification described embodiment.Make reason to the disclosure on the contrary, purpose of providing these embodiments is
It solves more thorough and comprehensive.
It should be noted that when element is referred to as " being fixed on " another element, it can be directly on another element
Or there may also be elements placed in the middle.When an element is considered as " connection " another element, it can be directly connected to
To another element or it may be simultaneously present centering elements.Term used in this specification " vertical ", " horizontal ",
"left", "right" and similar statement are for illustrative purposes only.
Unless otherwise defined, technical and scientific term all used in this specification is led with the technology for belonging to the present invention
The normally understood meaning of technical staff in domain is identical.Used term is only in the description of the invention in this specification
The purpose of description specific embodiment is not intended to the limitation present invention.Term "and/or" used in this specification includes one
Any and all combinations of a or multiple relevant Listed Items.
Fig. 1 is a kind of schematic diagram of the system for the shield that Activates Phone provided in this embodiment.The present embodiment is carried in conjunction with Fig. 1
The system of confession is described in detail.
The present invention provides a kind of system for the shield that Activates Phone, which includes:Cellphone shield 1, background server 2, intelligence
Cipher key 3 and Internetbank client 4.
In the present embodiment, cellphone shield 1 can be the hardware shield being connect by interface with mobile phone, or be built in mobile phone
In software shield.3 built-in security chip of intelligent code key, has the function of electronic signature, data encrypting and deciphering etc..
As an alternative embodiment, cellphone shield 1, the personal information data for obtaining user, by cellphone shield 1
Hardware sequence number and personal information data are sent to background server 2;Background server 2, for receiving and storing hardware sequence
Number and personal information data;Internetbank client 4, for obtaining simultaneously viewing hardware sequence number and personal information from background server 2
Data, and receive the confirmation message of user;Background server 2 is additionally operable to after Internetbank client 4 receives confirmation message, will
Data to be signed are sent to intelligent code key 3, wherein data to be signed include at least hardware sequence number and personal information number
According to;Intelligent code key 3 obtains signed data, and signed data is sent to backstage for signing to data to be signed
Server 2;Background server 2 is additionally operable to receive signed data, and carries out sign test to signed data, after sign test passes through, generates
Activation instruction is sent to cellphone shield 1 by activation instruction;Cellphone shield 1, is additionally operable to after receiving activation instruction, is grasped into line activating
Make.
Using technical solution provided by the invention, the unique identification information of user mobile phone shield 1 is tied up with user information
It is fixed, user is then shown to by Internetbank client 4, user uses the intelligent code key 3 of oneself after confirmation message is errorless
It is confirmed, cellphone shield 1 in user activate after confirmation operation.User takes new 1 product of cellphone shield as a result,
Afterwards, it no longer needs to bank counter and handles corresponding entries, to open/Activate Phone shield 1, and the intelligent cipher key of oneself can be used
Directly by cellphone shield 1 into line activating, to open/Activate Phone shield 1 with reaching safe and convenient, hand thus will be greatly improved in spoon 3
The popularization degree of machine shield 1.
As an alternative embodiment, cellphone shield 1, is additionally operable to establish secure connection with background server 2, and complete
Initialization operation.Specifically, cellphone shield 1, for establishing secure connection with background server 2, and after establishing secure connection, wound
Auxiliary security domain is built, application APP let is downloaded from background server 2, initializes the application program, it is initial in application program
After the completion of change, is downloaded from background server 2 and store digital certificates in itself memory space.Cellphone shield 1 is by initial as a result,
Change operation, the digital certificates of itself can be got.In use, user can be soft by logging in the application of 1 product of cellphone shield
Part establishes the operation of secure connection to complete cellphone shield 1 with TSM servers.Optionally, personal information data include:User identity
Card number and/or user mobile phone number.Certainly, personal information data can also include other users data, such as address name, birth
Date etc..User can input above-mentioned after the application software for logging in 1 product of cellphone shield in the interactive interface of application software
People's information data.Cellphone shield 1 can obtain the personal information data of user as a result,.
As an alternative embodiment, personal information data include:User identity card number and/or user mobile phone number.
That is, hardware sequence number is the unique identifier of cellphone shield 1.Cellphone shield 1 is by the hardware sequence number of itself and acquisition as a result,
To personal information data be sent to background server 2 together, provide base for the information bindings of follow-up background server 2
Plinth.
As an alternative embodiment, hardware sequence number includes:The equipment Serial Number SN of cellphone shield 1, alternatively, mobile phone
The hardware ID number of the safety chip of shield 1.
As an alternative embodiment, user can confirm and be bundled in together according to the display of Internetbank client 4
Hardware sequence number and personal information data it is whether correct, if correctly, user can Internetbank client 4 interactive interface it is defeated
Enter confirmation message, such as clicks " confirmation " button.
As an alternative embodiment, Internetbank client 4, is additionally operable to after receiving confirmation message, by the confirmation
Information is sent to background server 2, and background server 2 is additionally operable to according to the confirmation message, by itself storage and the user couple
The hardware sequence number and personal information data format answered turn to the format of the support of intelligent code key 3, that is, generate data to be signed,
And data to be signed are sent to intelligent code key 3, it is grasped so that user carries out subsequent confirmation using intelligent code key 3
Make.
As an alternative embodiment, intelligent code key 3 itself is stored with private key, intelligent code key 3 is also used
It signs to the data to be signed received in the private key using itself.As a result, user can by intelligent code key 3 into
Row electronic signature, to show the confirmation to data to be signed content, simultaneously as the uniqueness of private key, background server 2, also
For being operated by subsequent sign test, to confirm the identity of user.In addition, intelligent code key 3 is also provided with display screen,
Before signing to data to be signed, intelligent code key 3 is additionally operable to display data to be signed, and user is to the display
Data to be signed confirm and after input validation instructions (such as press acknowledgement key) on intelligent code key 3, intelligent cipher
Key 3 is additionally operable to sign to the data to be signed.Thus, it is possible to prevent data to be signed from being transmitted from background server 2
To being tampered during intelligent code key 3.
As an alternative embodiment, background server 2, is additionally operable to obtain the public key of intelligent code key 3, utilize
The public key carries out sign test to the signed data received.Background server 2 can be by way of sign test, to user's as a result,
Identity is confirmed.It, can be with it should be noted that background server 2 is after the public key for the intelligent code key 3 for getting user
By public key storage corresponding with the other information of the user, that is to say, that the cellphone shield 1 and intelligent code key 3 of user is to close
It is associated under the same user account, thus user can activate new equipment using existing equipment.
It should be noted that above-mentioned each technical characteristic continues to be combined with each other, the various embodiments not being enumerated above are formed,
It is accordingly to be regarded as the range of description of the invention record;Also, for those of ordinary skills, it can add according to the above description
To improve or convert, and all these modifications and variations should all belong to the protection domain of appended claims of the present invention.
Claims (4)
1. a kind of system for the shield that Activates Phone, which is characterized in that the system comprises:Cellphone shield, background server, intelligent cipher
Key and Internetbank client, wherein the intelligent code key built-in security chip;
The cellphone shield creates auxiliary peace for establishing secure connection with the background server, and after establishing secure connection
Universe downloads application program from the background server, initializes the application program, is completed in the application initialization
Afterwards, it is downloaded from the background server and stores digital certificates;
The cellphone shield is additionally operable to obtain the personal information data of user, by the hardware sequence number of the cellphone shield and described
People's information data is sent to the background server;
The background server, for receiving and storing the hardware sequence number and the personal information data;
The Internetbank client, for being obtained from the background server and showing the hardware sequence number and the personal information
Data, and the confirmation message of user is received, after receiving the confirmation message, the confirmation message is sent to the backstage
Server;
The background server is additionally operable to after receiving the confirmation message, and it is close that data to be signed are sent to the intelligence
Code key, wherein the data to be signed include at least the hardware sequence number and the personal information data;
The intelligent code key obtains signed data for signing to the data to be signed, and by the number of signature
According to being sent to the background server;
The background server is additionally operable to receive the signed data, and carries out sign test to the signed data, passes through in sign test
Afterwards, activation instruction is generated, the activation instruction is sent to the cellphone shield;
The cellphone shield is additionally operable to after receiving the activation instruction, is operated into line activating.
2. system according to claim 1, which is characterized in that
The cellphone shield is additionally operable to establish secure connection with the background server, and completes initialization operation.
3. system according to claim 1 or 2, which is characterized in that
The personal information data include:User identity card number and/or user mobile phone number.
4. system according to claim 1 or 2, which is characterized in that
The hardware sequence number includes:The equipment Serial Number SN of the cellphone shield, alternatively, the safety chip of the cellphone shield is hard
Part ID number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810566120.6A CN108737112A (en) | 2018-06-04 | 2018-06-04 | A kind of system for the shield that Activates Phone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810566120.6A CN108737112A (en) | 2018-06-04 | 2018-06-04 | A kind of system for the shield that Activates Phone |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108737112A true CN108737112A (en) | 2018-11-02 |
Family
ID=63932137
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810566120.6A Pending CN108737112A (en) | 2018-06-04 | 2018-06-04 | A kind of system for the shield that Activates Phone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737112A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109951524A (en) * | 2019-02-15 | 2019-06-28 | 飞天诚信科技股份有限公司 | Key devices Activiation method, electronic equipment and computer readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
CN101414909A (en) * | 2008-11-28 | 2009-04-22 | 中国移动通信集团公司 | System, method and mobile communication terminal for verifying network application user identification |
US20110239120A1 (en) * | 2010-03-26 | 2011-09-29 | Avaya, Inc. | On-demand feature server activation in the cloud |
CN103873241A (en) * | 2012-12-11 | 2014-06-18 | 中国银联股份有限公司 | Safety shield, and digital-certificate management system and method |
CN107231343A (en) * | 2017-04-25 | 2017-10-03 | 广东网金控股股份有限公司 | A kind of U-shield Activiation method, client and system |
-
2018
- 2018-06-04 CN CN201810566120.6A patent/CN108737112A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
CN101414909A (en) * | 2008-11-28 | 2009-04-22 | 中国移动通信集团公司 | System, method and mobile communication terminal for verifying network application user identification |
US20110239120A1 (en) * | 2010-03-26 | 2011-09-29 | Avaya, Inc. | On-demand feature server activation in the cloud |
CN103873241A (en) * | 2012-12-11 | 2014-06-18 | 中国银联股份有限公司 | Safety shield, and digital-certificate management system and method |
CN107231343A (en) * | 2017-04-25 | 2017-10-03 | 广东网金控股股份有限公司 | A kind of U-shield Activiation method, client and system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109951524A (en) * | 2019-02-15 | 2019-06-28 | 飞天诚信科技股份有限公司 | Key devices Activiation method, electronic equipment and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109472166B (en) | Electronic signature method, device, equipment and medium | |
CN107453870A (en) | Mobile terminal authentication management method, device and corresponding mobile terminal based on block chain | |
CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
EP1840814A1 (en) | Verification system | |
CN100477579C (en) | Method for registering and enabling PKI functionalities | |
CN103095662A (en) | Online transaction safety certificate method and online transaction safety certificate system | |
US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
CN103747012A (en) | Security verification method, device and system of network transaction | |
US20070208947A1 (en) | Portable telephone and program for sending and receiving electronic mail | |
CN109992949A (en) | A kind of equipment authentication method, air card-writing method and apparatus authentication device | |
CN104202163A (en) | Password system based on mobile terminal | |
CN103237305A (en) | Password protection method for smart card on mobile terminals | |
CN111178884A (en) | Information processing method, device, equipment and readable storage medium | |
CN103929411A (en) | Information displaying method, terminal, safety server and system | |
CN105741116B (en) | A kind of quick payment method, apparatus and system | |
WO2012037886A1 (en) | Method and system for secure access to protected resource | |
CN110113355A (en) | The cut-in method and device in Internet of Things cloud | |
CN109257416A (en) | A kind of block chain cloud service network information management system | |
CN109547196B (en) | Watch token system implementation method, watch token system and device | |
JP2017516343A (en) | Address book protection method, apparatus and communication system | |
CN105897722B (en) | Pass through the method, system and mobile terminal of client quick release | |
US9277403B2 (en) | Authentication method and device | |
CN108737112A (en) | A kind of system for the shield that Activates Phone | |
JP2012181716A (en) | Authentication method using color password and system | |
CN106302698B (en) | The method and system of order business |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181102 |
|
WD01 | Invention patent application deemed withdrawn after publication |