CN108737112A - A kind of system for the shield that Activates Phone - Google Patents

A kind of system for the shield that Activates Phone Download PDF

Info

Publication number
CN108737112A
CN108737112A CN201810566120.6A CN201810566120A CN108737112A CN 108737112 A CN108737112 A CN 108737112A CN 201810566120 A CN201810566120 A CN 201810566120A CN 108737112 A CN108737112 A CN 108737112A
Authority
CN
China
Prior art keywords
background server
shield
data
signed
personal information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810566120.6A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ai Pi Technology LLC
Original Assignee
Beijing Ai Pi Technology LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ai Pi Technology LLC filed Critical Beijing Ai Pi Technology LLC
Priority to CN201810566120.6A priority Critical patent/CN108737112A/en
Publication of CN108737112A publication Critical patent/CN108737112A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of systems for the shield that Activates Phone, including:Cellphone shield, background server, intelligent code key and Internetbank client;The hardware sequence number of cellphone shield and personal information data are sent to background server by cellphone shield, the personal information data for obtaining user;Background server, for receiving and storing hardware sequence number and personal information data;Internetbank client is used for viewing hardware sequence number and personal information data, receives the confirmation message of user;Background server, is additionally operable to after Internetbank client receives confirmation message, and data to be signed are sent to intelligent code key;Intelligent code key obtains signed data, and signed data is sent to background server for signing to data to be signed;Background server is additionally operable to carry out sign test to signed data, after sign test passes through, generates activation instruction, activation instruction is sent to cellphone shield;Cellphone shield is additionally operable to after receiving activation instruction, is operated into line activating.

Description

A kind of system for the shield that Activates Phone
Technical field
The present invention relates to field of communication security more particularly to a kind of systems for the shield that Activates Phone.
Background technology
Universal with mobile terminal device and the Internet, applications service, mobile terminal device increasingly obtains safely weight Depending on.Cellphone shield safety certification product based on PKI technologies (includes the hard shield based on TEE and safety chip SE, based on the soft of TEE Shield and the soft shield of distribution for operating in REE environment) use on a large scale.Currently, user is using new cellphone shield product Before, it needs bank counter to handle relevant formality, to open/Activate Phone shield, great inconvenience is brought to user.Cause This, how cellphone shield product is safely bound, i.e., shield is opened to safe and convenient/Activate Phone, by very big shadow with user Ring the universal of cellphone shield.
Invention content
In view of the deficiencies of the prior art, the present invention intends to provide a kind of system for the shield that Activates Phone, with solution Certainly the problem of above-mentioned background technology.
In order to achieve the above objectives, the present invention realizes by following technical solution:
The present invention provides a kind of system for the shield that Activates Phone, system includes:Cellphone shield, background server, intelligent cipher Key and Internetbank client, wherein intelligent code key built-in security chip;Cellphone shield is pacified for being established with background server Full connection, and after establishing secure connection, auxiliary security domain is created, download application program, initialization application from background server Program is downloaded from background server after the completion of application initialization and stores digital certificates;Cellphone shield is additionally operable to obtain The hardware sequence number of cellphone shield and personal information data are sent to background server by the personal information data of user;Backstage takes Business device, for receiving and storing hardware sequence number and personal information data;Internetbank client, for being obtained simultaneously from background server Viewing hardware sequence number and personal information data, and the confirmation message of user is received, after receiving confirmation message, it will confirm that letter Breath is sent to background server;Background server is additionally operable to after receiving confirmation message, and data to be signed are sent to intelligence Cipher key, wherein data to be signed include at least hardware sequence number and personal information data;Intelligent code key, for pair Data to be signed are signed, and obtain signed data, and signed data is sent to background server;Background server is also used Sign test is carried out in reception signed data, and to signed data, after sign test passes through, activation instruction is generated, activation instruction is sent To cellphone shield;Cellphone shield is additionally operable to after receiving activation instruction, is operated into line activating.Optionally, cellphone shield, be additionally operable to Background server establishes secure connection, and completes initialization operation.
Optionally, personal information data include:User identity card number and/or user mobile phone number.
Optionally, hardware sequence number includes:The equipment Serial Number SN of cellphone shield, alternatively, the safety chip of cellphone shield is hard Part ID number.
Using technical solution provided by the invention, the unique identification information of user mobile phone shield is tied up with user information It is fixed, user is then shown to by Internetbank client, user uses the intelligent code key pair of oneself after confirmation message is errorless It is confirmed that cellphone shield in user activate after confirmation operation.After user takes new cellphone shield product as a result, nothing Bank counter need to be gone to handle corresponding entries again, to open/Activate Phone shield, and the intelligent code key of oneself can be used direct By cellphone shield into line activating, to open/Activate Phone shield with reaching safe and convenient, the universal of cellphone shield thus will be greatly improved Degree.
Description of the drawings
Fig. 1 is a kind of schematic diagram of the system for the shield that Activates Phone provided in an embodiment of the present invention.
Specific implementation mode
To facilitate the understanding of the present invention, in the following with reference to the drawings and specific embodiments, the present invention will be described in more detail. The preferred embodiment of the present invention is given in attached drawing.But the present invention can realize in many different forms, however it is not limited to This specification described embodiment.Make reason to the disclosure on the contrary, purpose of providing these embodiments is It solves more thorough and comprehensive.
It should be noted that when element is referred to as " being fixed on " another element, it can be directly on another element Or there may also be elements placed in the middle.When an element is considered as " connection " another element, it can be directly connected to To another element or it may be simultaneously present centering elements.Term used in this specification " vertical ", " horizontal ", "left", "right" and similar statement are for illustrative purposes only.
Unless otherwise defined, technical and scientific term all used in this specification is led with the technology for belonging to the present invention The normally understood meaning of technical staff in domain is identical.Used term is only in the description of the invention in this specification The purpose of description specific embodiment is not intended to the limitation present invention.Term "and/or" used in this specification includes one Any and all combinations of a or multiple relevant Listed Items.
Fig. 1 is a kind of schematic diagram of the system for the shield that Activates Phone provided in this embodiment.The present embodiment is carried in conjunction with Fig. 1 The system of confession is described in detail.
The present invention provides a kind of system for the shield that Activates Phone, which includes:Cellphone shield 1, background server 2, intelligence Cipher key 3 and Internetbank client 4.
In the present embodiment, cellphone shield 1 can be the hardware shield being connect by interface with mobile phone, or be built in mobile phone In software shield.3 built-in security chip of intelligent code key, has the function of electronic signature, data encrypting and deciphering etc..
As an alternative embodiment, cellphone shield 1, the personal information data for obtaining user, by cellphone shield 1 Hardware sequence number and personal information data are sent to background server 2;Background server 2, for receiving and storing hardware sequence Number and personal information data;Internetbank client 4, for obtaining simultaneously viewing hardware sequence number and personal information from background server 2 Data, and receive the confirmation message of user;Background server 2 is additionally operable to after Internetbank client 4 receives confirmation message, will Data to be signed are sent to intelligent code key 3, wherein data to be signed include at least hardware sequence number and personal information number According to;Intelligent code key 3 obtains signed data, and signed data is sent to backstage for signing to data to be signed Server 2;Background server 2 is additionally operable to receive signed data, and carries out sign test to signed data, after sign test passes through, generates Activation instruction is sent to cellphone shield 1 by activation instruction;Cellphone shield 1, is additionally operable to after receiving activation instruction, is grasped into line activating Make.
Using technical solution provided by the invention, the unique identification information of user mobile phone shield 1 is tied up with user information It is fixed, user is then shown to by Internetbank client 4, user uses the intelligent code key 3 of oneself after confirmation message is errorless It is confirmed, cellphone shield 1 in user activate after confirmation operation.User takes new 1 product of cellphone shield as a result, Afterwards, it no longer needs to bank counter and handles corresponding entries, to open/Activate Phone shield 1, and the intelligent cipher key of oneself can be used Directly by cellphone shield 1 into line activating, to open/Activate Phone shield 1 with reaching safe and convenient, hand thus will be greatly improved in spoon 3 The popularization degree of machine shield 1.
As an alternative embodiment, cellphone shield 1, is additionally operable to establish secure connection with background server 2, and complete Initialization operation.Specifically, cellphone shield 1, for establishing secure connection with background server 2, and after establishing secure connection, wound Auxiliary security domain is built, application APP let is downloaded from background server 2, initializes the application program, it is initial in application program After the completion of change, is downloaded from background server 2 and store digital certificates in itself memory space.Cellphone shield 1 is by initial as a result, Change operation, the digital certificates of itself can be got.In use, user can be soft by logging in the application of 1 product of cellphone shield Part establishes the operation of secure connection to complete cellphone shield 1 with TSM servers.Optionally, personal information data include:User identity Card number and/or user mobile phone number.Certainly, personal information data can also include other users data, such as address name, birth Date etc..User can input above-mentioned after the application software for logging in 1 product of cellphone shield in the interactive interface of application software People's information data.Cellphone shield 1 can obtain the personal information data of user as a result,.
As an alternative embodiment, personal information data include:User identity card number and/or user mobile phone number. That is, hardware sequence number is the unique identifier of cellphone shield 1.Cellphone shield 1 is by the hardware sequence number of itself and acquisition as a result, To personal information data be sent to background server 2 together, provide base for the information bindings of follow-up background server 2 Plinth.
As an alternative embodiment, hardware sequence number includes:The equipment Serial Number SN of cellphone shield 1, alternatively, mobile phone The hardware ID number of the safety chip of shield 1.
As an alternative embodiment, user can confirm and be bundled in together according to the display of Internetbank client 4 Hardware sequence number and personal information data it is whether correct, if correctly, user can Internetbank client 4 interactive interface it is defeated Enter confirmation message, such as clicks " confirmation " button.
As an alternative embodiment, Internetbank client 4, is additionally operable to after receiving confirmation message, by the confirmation Information is sent to background server 2, and background server 2 is additionally operable to according to the confirmation message, by itself storage and the user couple The hardware sequence number and personal information data format answered turn to the format of the support of intelligent code key 3, that is, generate data to be signed, And data to be signed are sent to intelligent code key 3, it is grasped so that user carries out subsequent confirmation using intelligent code key 3 Make.
As an alternative embodiment, intelligent code key 3 itself is stored with private key, intelligent code key 3 is also used It signs to the data to be signed received in the private key using itself.As a result, user can by intelligent code key 3 into Row electronic signature, to show the confirmation to data to be signed content, simultaneously as the uniqueness of private key, background server 2, also For being operated by subsequent sign test, to confirm the identity of user.In addition, intelligent code key 3 is also provided with display screen, Before signing to data to be signed, intelligent code key 3 is additionally operable to display data to be signed, and user is to the display Data to be signed confirm and after input validation instructions (such as press acknowledgement key) on intelligent code key 3, intelligent cipher Key 3 is additionally operable to sign to the data to be signed.Thus, it is possible to prevent data to be signed from being transmitted from background server 2 To being tampered during intelligent code key 3.
As an alternative embodiment, background server 2, is additionally operable to obtain the public key of intelligent code key 3, utilize The public key carries out sign test to the signed data received.Background server 2 can be by way of sign test, to user's as a result, Identity is confirmed.It, can be with it should be noted that background server 2 is after the public key for the intelligent code key 3 for getting user By public key storage corresponding with the other information of the user, that is to say, that the cellphone shield 1 and intelligent code key 3 of user is to close It is associated under the same user account, thus user can activate new equipment using existing equipment.
It should be noted that above-mentioned each technical characteristic continues to be combined with each other, the various embodiments not being enumerated above are formed, It is accordingly to be regarded as the range of description of the invention record;Also, for those of ordinary skills, it can add according to the above description To improve or convert, and all these modifications and variations should all belong to the protection domain of appended claims of the present invention.

Claims (4)

1. a kind of system for the shield that Activates Phone, which is characterized in that the system comprises:Cellphone shield, background server, intelligent cipher Key and Internetbank client, wherein the intelligent code key built-in security chip;
The cellphone shield creates auxiliary peace for establishing secure connection with the background server, and after establishing secure connection Universe downloads application program from the background server, initializes the application program, is completed in the application initialization Afterwards, it is downloaded from the background server and stores digital certificates;
The cellphone shield is additionally operable to obtain the personal information data of user, by the hardware sequence number of the cellphone shield and described People's information data is sent to the background server;
The background server, for receiving and storing the hardware sequence number and the personal information data;
The Internetbank client, for being obtained from the background server and showing the hardware sequence number and the personal information Data, and the confirmation message of user is received, after receiving the confirmation message, the confirmation message is sent to the backstage Server;
The background server is additionally operable to after receiving the confirmation message, and it is close that data to be signed are sent to the intelligence Code key, wherein the data to be signed include at least the hardware sequence number and the personal information data;
The intelligent code key obtains signed data for signing to the data to be signed, and by the number of signature According to being sent to the background server;
The background server is additionally operable to receive the signed data, and carries out sign test to the signed data, passes through in sign test Afterwards, activation instruction is generated, the activation instruction is sent to the cellphone shield;
The cellphone shield is additionally operable to after receiving the activation instruction, is operated into line activating.
2. system according to claim 1, which is characterized in that
The cellphone shield is additionally operable to establish secure connection with the background server, and completes initialization operation.
3. system according to claim 1 or 2, which is characterized in that
The personal information data include:User identity card number and/or user mobile phone number.
4. system according to claim 1 or 2, which is characterized in that
The hardware sequence number includes:The equipment Serial Number SN of the cellphone shield, alternatively, the safety chip of the cellphone shield is hard Part ID number.
CN201810566120.6A 2018-06-04 2018-06-04 A kind of system for the shield that Activates Phone Pending CN108737112A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810566120.6A CN108737112A (en) 2018-06-04 2018-06-04 A kind of system for the shield that Activates Phone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810566120.6A CN108737112A (en) 2018-06-04 2018-06-04 A kind of system for the shield that Activates Phone

Publications (1)

Publication Number Publication Date
CN108737112A true CN108737112A (en) 2018-11-02

Family

ID=63932137

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810566120.6A Pending CN108737112A (en) 2018-06-04 2018-06-04 A kind of system for the shield that Activates Phone

Country Status (1)

Country Link
CN (1) CN108737112A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951524A (en) * 2019-02-15 2019-06-28 飞天诚信科技股份有限公司 Key devices Activiation method, electronic equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127111A (en) * 2006-08-18 2008-02-20 中信银行 Internet bank U disc KEY ciphering, authentication device and method
CN101414909A (en) * 2008-11-28 2009-04-22 中国移动通信集团公司 System, method and mobile communication terminal for verifying network application user identification
US20110239120A1 (en) * 2010-03-26 2011-09-29 Avaya, Inc. On-demand feature server activation in the cloud
CN103873241A (en) * 2012-12-11 2014-06-18 中国银联股份有限公司 Safety shield, and digital-certificate management system and method
CN107231343A (en) * 2017-04-25 2017-10-03 广东网金控股股份有限公司 A kind of U-shield Activiation method, client and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127111A (en) * 2006-08-18 2008-02-20 中信银行 Internet bank U disc KEY ciphering, authentication device and method
CN101414909A (en) * 2008-11-28 2009-04-22 中国移动通信集团公司 System, method and mobile communication terminal for verifying network application user identification
US20110239120A1 (en) * 2010-03-26 2011-09-29 Avaya, Inc. On-demand feature server activation in the cloud
CN103873241A (en) * 2012-12-11 2014-06-18 中国银联股份有限公司 Safety shield, and digital-certificate management system and method
CN107231343A (en) * 2017-04-25 2017-10-03 广东网金控股股份有限公司 A kind of U-shield Activiation method, client and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951524A (en) * 2019-02-15 2019-06-28 飞天诚信科技股份有限公司 Key devices Activiation method, electronic equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN109472166B (en) Electronic signature method, device, equipment and medium
CN107453870A (en) Mobile terminal authentication management method, device and corresponding mobile terminal based on block chain
CN101414909B (en) System, method and mobile communication terminal for verifying network application user identification
EP1840814A1 (en) Verification system
CN100477579C (en) Method for registering and enabling PKI functionalities
CN103095662A (en) Online transaction safety certificate method and online transaction safety certificate system
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
CN103747012A (en) Security verification method, device and system of network transaction
US20070208947A1 (en) Portable telephone and program for sending and receiving electronic mail
CN109992949A (en) A kind of equipment authentication method, air card-writing method and apparatus authentication device
CN104202163A (en) Password system based on mobile terminal
CN103237305A (en) Password protection method for smart card on mobile terminals
CN111178884A (en) Information processing method, device, equipment and readable storage medium
CN103929411A (en) Information displaying method, terminal, safety server and system
CN105741116B (en) A kind of quick payment method, apparatus and system
WO2012037886A1 (en) Method and system for secure access to protected resource
CN110113355A (en) The cut-in method and device in Internet of Things cloud
CN109257416A (en) A kind of block chain cloud service network information management system
CN109547196B (en) Watch token system implementation method, watch token system and device
JP2017516343A (en) Address book protection method, apparatus and communication system
CN105897722B (en) Pass through the method, system and mobile terminal of client quick release
US9277403B2 (en) Authentication method and device
CN108737112A (en) A kind of system for the shield that Activates Phone
JP2012181716A (en) Authentication method using color password and system
CN106302698B (en) The method and system of order business

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181102

WD01 Invention patent application deemed withdrawn after publication