CN111970117A - Certificate downloading method, device and equipment - Google Patents
Certificate downloading method, device and equipment Download PDFInfo
- Publication number
- CN111970117A CN111970117A CN202010509114.4A CN202010509114A CN111970117A CN 111970117 A CN111970117 A CN 111970117A CN 202010509114 A CN202010509114 A CN 202010509114A CN 111970117 A CN111970117 A CN 111970117A
- Authority
- CN
- China
- Prior art keywords
- certificate
- user
- safety equipment
- sending
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The application provides a certificate downloading method, device and equipment, and relates to the technical field of information security. The method comprises the following steps: verifying user identity information corresponding to the safety equipment sent by the client, and determining whether the current user identity information meets a certificate downloading condition; if so, sending an identity authentication instruction to the client; acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification or not; if the security equipment passes the authentication, sending a certificate downloading instruction to the client, and judging whether a binding relationship exists between the security equipment and the user; and if the user certificate exists, the user certificate is encrypted and then sent to the client according to the certificate request. Compared with the prior art, the method and the device avoid the problem that the security device is possibly stolen by a non-corresponding user because the identity of the user using the security device is not verified.
Description
Technical Field
The present application relates to the technical field of information security, and in particular, to a method, an apparatus, and a device for downloading a certificate.
Background
In today's internet-driven society, online banking, also known as online banking, has become an integral part of the financial institution's overall development strategy. The number of users using internet banking has grown enormously and has kept a steady trend every year.
At present, some related certificates of a user do not need to be downloaded from a certificate of validity to a business hall, and can be provided for the user as a safety device when the user opens an account or the user subsequently needs the certificate, the safety device is a safety device bound with user information, so that when the user needs to download the user certificate, the user can directly connect the bound safety device with a client (a mobile phone, a notebook computer, a tablet and the like) through binding, the access and the download of the user certificate can be realized, and the convenience of the user in the ordinary use process is greatly improved.
However, in the manner of directly accessing and downloading the user certificate through the security device, since the identity of the user currently using the security device is not verified, the security device may be stolen by a non-corresponding user, and the security during the use process cannot be ensured.
Disclosure of Invention
An object of the present application is to provide a method, an apparatus, and a device for downloading a certificate, so as to solve the problem that the user currently using a security device is not authenticated in the prior art, so that the security device may be stolen by a non-corresponding user.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a certificate downloading method, which is applied to a server side, and the method includes:
verifying user identity information corresponding to the safety equipment sent by the client, and determining whether the current user identity information meets a certificate downloading condition;
if so, sending an identity authentication instruction to the client; acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification;
if the security equipment passes the authentication, sending a certificate downloading instruction to the client, and judging whether a binding relationship exists between the security equipment and the user;
and if the user certificate exists, the user certificate is encrypted and then sent to the client according to the certificate request.
Optionally, if the security device passes the authentication request, sending a certificate downloading instruction to the client, and determining whether a binding relationship exists between the security device and the user, where the method includes:
if the user passes the security equipment, acquiring and storing the binding relationship between the security equipment and the user;
sending a certificate downloading instruction to the client, and acquiring the certificate request returned by the client;
and judging whether a binding relationship exists between the safety equipment and the user.
Optionally, the certificate request includes: a secure device certificate; the encrypting the user certificate according to the certificate request and then issuing the encrypted user certificate to the client includes:
and encrypting the user certificate according to the safety equipment certificate, and issuing the encrypted user certificate to the client.
Optionally, the secure device certificate information includes at least one of: the serial number corresponding to the safety equipment and the service usage corresponding to the equipment certificate.
In a second aspect, another embodiment of the present application provides a certificate downloading method, applied to a client side, where the method includes:
sending user identity information corresponding to the safety equipment to a server, and acquiring a verification result;
if the verification is passed, sending the user identity information and the safety equipment information corresponding to the safety equipment to the server together, and acquiring an authentication result;
if the authentication is passed, sending a certificate request to the server according to a certificate downloading instruction sent by the server;
obtaining a verification result of the certificate request, and if the certificate request passes the verification of the server, sending a user certificate write-in instruction to the safety equipment according to a user certificate sent by the server;
the user certificate is encrypted according to a safety equipment certificate; and the write-in instruction is used for decrypting the encrypted user certificate by the security equipment and writing the decrypted user certificate into the security equipment.
Optionally, the sending, to the server, the user identity information and the security device information corresponding to the security device together, and obtaining an authentication result includes:
sending the identity authentication instruction to the safety equipment according to the identity authentication instruction sent by the server;
acquiring user identity information corresponding to the safety equipment returned by the safety equipment;
and sending the user identity information corresponding to the safety equipment and the safety equipment information to the server together, and acquiring an authentication result.
Optionally, the submitting a certificate request according to a certificate downloading instruction sent by the server includes:
according to a certificate downloading instruction sent by the server, sending the certificate downloading instruction to the safety equipment;
acquiring the certificate request and the safety equipment certificate returned by the safety equipment;
and sending the certificate request and the safety equipment certificate to the server together.
In a third aspect, another embodiment of the present application provides a certificate downloading apparatus, including: verification module, judgement module and sending module, wherein:
the verification module is used for verifying the user identity information corresponding to the safety equipment sent by the client and determining whether the current user identity information meets the certificate downloading condition;
the judging module is used for sending an identity authentication instruction to the client if the identity authentication instruction is met; acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification or not;
the judging module is also used for sending a certificate downloading instruction to the client side if the security equipment passes the authentication request, and judging whether the security equipment and the user have a binding relationship;
and the sending module is used for encrypting the user certificate and sending the encrypted user certificate to the client according to the certificate request if the user certificate exists.
Optionally, the apparatus further comprises: the obtaining module is used for obtaining and storing the binding relationship between the safety equipment and the user if the user passes the obtaining module;
the acquisition module is further configured to send a certificate downloading instruction to the client, and acquire the certificate request returned by the client;
the judging module is used for judging whether a binding relationship exists between the safety equipment and the user.
In a fourth aspect, another embodiment of the present application provides a certificate downloading apparatus, applied to a client side, the apparatus including: the device comprises an acquisition module and a sending module, wherein:
the acquisition module is used for sending the user identity information corresponding to the safety equipment to the server and acquiring a verification result;
the sending module is used for sending the user identity information and the safety equipment information corresponding to the safety equipment to the server together and obtaining an authentication result if the verification is passed;
the sending module is further configured to send a certificate request to the server according to a certificate downloading instruction sent by the server if the authentication is passed;
the sending module is further configured to obtain a verification result of the certificate request, and send the user certificate write instruction to the security device according to a user certificate sent by the server if the certificate request passes the verification of the server;
the user certificate is the user certificate encrypted according to the safety equipment certificate; and the write-in instruction is used for decrypting the encrypted user certificate by the security equipment and writing the decrypted user certificate into the security equipment.
Optionally, the sending module is further configured to send the identity authentication instruction to the security device according to the identity authentication instruction sent by the server;
the acquisition module is further configured to acquire user identity information corresponding to the security device returned by the security device;
the sending module is further configured to send the user identity information corresponding to the security device and the security device information to the server together, and obtain an authentication result.
In a fifth aspect, another embodiment of the present application provides a certificate downloading apparatus, including: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the certificate downloading apparatus is run, the processor executing the machine-readable instructions to perform the steps of the method according to any one of the first or second aspects.
In a sixth aspect, another embodiment of the present application provides a storage medium having a computer program stored thereon, where the computer program is executed by a processor to perform the steps of the method according to any one of the first or second aspects.
The beneficial effect of this application is: by adopting the certificate downloading method provided by the application, after the user identity information and the safety equipment information are verified, the binding relationship between the current user and the safety equipment still needs to be verified, and the arrangement avoids the situation that a non-safety equipment owner uses the safety equipment to download the certificate under the condition that the safety equipment owner is not authorized; and after receiving the certificate request, the user certificate is encrypted and then sent to the client, so that the setting mode avoids the risk of illegal interception or storage in the certificate writing link, and improves the protection of the certificate writing link, thereby effectively improving the safety in the certificate downloading process and ensuring that the user information is not stolen or falsely used by using the certificate downloading method provided by the application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is an interaction diagram of a certificate downloading system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a certificate downloading method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a certificate downloading method according to another embodiment of the present application;
fig. 4 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application;
fig. 5 is a schematic diagram illustrating a manufacturing process of a security device certificate according to an embodiment of the present application;
fig. 6 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application;
fig. 7 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application;
fig. 8 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application;
fig. 9 is a schematic structural diagram of a certificate downloading apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a certificate downloading apparatus according to another embodiment of the present application;
fig. 11 is a schematic structural diagram of a certificate downloading apparatus according to another embodiment of the present application;
fig. 12 is a schematic structural diagram of a certificate downloading apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments.
In order to solve the problems in the prior art, the application provides a certificate downloading method, which ensures the safety of a user in the process of using the safety equipment and the safety of certificate downloading, and avoids the situation that the safety equipment is possibly stolen by a non-corresponding user because the identity of the user using the safety equipment at present is not verified. The certificate downloading method provided by the embodiment of the present application is explained below with reference to a plurality of specific application examples.
In order to enable those skilled in the art to use the present disclosure, the following embodiments are given by taking the downloading of the certificate in the banking system in a specific application scenario as an example. It will be apparent to those skilled in the art that the general principles defined herein may be applied to other embodiments and application scenarios without departing from the spirit and scope of the present application, such as: government or enterprise certificate downloads, and the like, and the application is not limited in any way herein. It should be noted that in the embodiments of the present application, the term "comprising" is used to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
One aspect of the present application provides a certificate downloading system, and fig. 1 is an interaction schematic diagram of the certificate downloading system provided in an embodiment of the present application, as shown in fig. 1, in a certificate downloading process of the system, an interaction process between each part is as follows:
after the security equipment is connected with the client, the client sends login information acquired from the security equipment to the server, wherein the login information comprises user identity information of the security equipment currently held and is used for enabling the server to verify whether the current user meets a certificate downloading condition or not, if so, the server sends an identity authentication instruction to the client, and after receiving the identity authentication instruction, the client initiates identity authentication to the security equipment and sends the acquired security equipment information and user identity information returned by the security equipment to the server; the server verifies the safety equipment information and the user identity information, stores the binding relationship between the user and the safety equipment after the verification is passed, and issues a certificate downloading instruction to the client, the client sends the certificate downloading instruction to the safety equipment, and sends a certificate request returned by the safety equipment and a safety equipment certificate to the server, the server judges whether the binding relationship exists between the safety equipment and the user according to the received information, if so, the server sends the user certificate encrypted by the safety equipment certificate to the client, the client initiates a user certificate writing request to the safety equipment after receiving the encrypted user certificate, and the encrypted user certificate is decrypted by the safety equipment to complete the writing operation of writing the user certificate.
It is worth noting that before the application is provided in the present application, in the prior art, after the security device and the client establish a connection, only the information of the security device is verified, and after the verification is passed, relevant operations, such as a certificate request, etc., can be performed.
Fig. 2 is a schematic flowchart of a certificate downloading method provided in an embodiment of the present application, and is applied to a server side, as shown in fig. 2, the method includes:
s101: and verifying the user identity information corresponding to the safety equipment sent by the client, and determining whether the current user identity information meets the certificate downloading condition.
By way of example, the security device may be a hardware device having a Universal Serial Bus (USB) interface, including but not limited to: the first generation USBKey, the second generation USBKey, the Bluetooth USBKey, the audio USBKey, the SIM Key and the like.
If the certificate downloading condition is not met, the certificate downloading is finished, and an indication of downloading failure is returned.
Optionally, the following user identity information is all the user identity information currently holding the security device, and in an embodiment of the present application, the user identity information may be: the user name and password, the user face image information, the user voice information or the user fingerprint information, etc. only need to prove the information of the unique identity of the user, and can be flexibly adjusted according to the user requirements, which is not limited to the embodiments.
If yes, executing S102: and sending an identity authentication instruction to the client, and acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification or not.
Optionally, in an embodiment of the present application, the security device certificate information may include at least one of the following: the serial number corresponding to the safety equipment and the service usage corresponding to the safety equipment certificate. The serial number corresponding to the security device is used to indicate a uniquely matched user corresponding to the current security device, and the service usage corresponding to the security device certificate is used to indicate a usage of the current security device certificate, for example: transfer accounts, manage money, view, etc.
If the certificate fails to pass the verification, the certificate downloading is finished, and an indication of downloading failure is returned.
If so, executing S103: and sending a certificate downloading instruction to the client, and judging whether a binding relationship exists between the safety equipment and the user.
The method comprises the steps that whether a user currently holding the safety equipment is a user bound with the safety equipment or not can be judged according to user identity information returned by a client and user identity information prestored in the safety equipment, and if the user currently holding the safety equipment is the same user, the binding relationship between the user currently holding the safety equipment and the safety equipment is determined; and if the judgment result indicates that the users are not the same, determining that no binding relationship exists between the user currently holding the safety equipment and the safety equipment.
If yes, executing S104: and encrypting the user certificate according to the certificate request and then sending the user certificate to the client.
If not, ending the certificate downloading and returning the indication of downloading failure.
By adopting the certificate downloading method provided by the application, after the user identity information and the safety equipment information are verified, the binding relationship between the current user and the safety equipment still needs to be verified, and the arrangement avoids the situation that a non-safety equipment owner uses the safety equipment to download the certificate under the condition that the safety equipment owner is not authorized; and after receiving the certificate request, the user certificate is encrypted and then sent to the client, so that the setting mode avoids the risk of illegal interception or storage in the certificate writing link, and improves the protection of the certificate writing link, thereby effectively improving the safety in the certificate downloading process and ensuring that the user information is not stolen or falsely used by using the certificate downloading method provided by the application.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a certificate downloading method, which is described below with reference to the accompanying drawings. Fig. 3 is a certificate downloading method according to another embodiment of the present application, and as shown in fig. 3, S103 includes:
s105: and acquiring and storing the binding relationship between the security equipment and the user.
The owner identity information pre-stored in the security device is acquired and stored.
S106: and sending a certificate downloading instruction to the client, and acquiring a certificate request returned by the client.
S107: and judging whether a binding relationship exists between the safety equipment and the user.
Judging whether a binding relationship exists between the safety equipment and the user according to whether the identity information of the owner is consistent with the identity information of the user currently holding the safety equipment, and if so, indicating that the binding relationship exists; if not, it indicates that no binding relationship exists.
In an embodiment of the present application, the security device certificate includes binding information of a security device owner, and in a certificate downloading stage, the certificate request information may be signed according to the information of the bound security device owner; the server verifies the signature result after acquiring the certificate request with the signature returned by the client, verifies the certificate request only if the verification of the signature verification result and the verification of the binding relationship are passed, and executes S104 if the verification is passed; if the verification fails, the certificate downloading is finished, and an indication of downloading failure is returned.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a certificate downloading method, which is described below with reference to the accompanying drawings. Fig. 4 is a certificate downloading method according to another embodiment of the present application, where the certificate request includes: a secure device certificate; as shown in fig. 4, S104 may include:
s108: and encrypting the user certificate according to the safety equipment certificate, and issuing the encrypted user certificate to the client.
The setting mode enables the hacker to not view the content of the certificate even if the hacker acquires the certificate because the user certificate is encrypted even if the hacker invades to acquire the certificate in the writing process, and further ensures the safety of the user in the using process.
For example, in an embodiment of the present application, a security device certificate is previously manufactured and stored in a security device, fig. 5 is a schematic diagram of a manufacturing process of the security device certificate according to an embodiment of the present application, and as shown in fig. 5, a specific manufacturing process of the security device certificate is as follows:
a. manufacturing an equipment certificate root certificate: the manager of the server makes a root certificate of the security device certificate and a certificate chain thereof, the root certificate being used for issuing the security device certificate. The root certificate and the certificate chain thereof are used for verifying the legality of the safety equipment certificate in the subsequent use process.
b. Providing a device certificate root certificate: the administrator of the server provides the root certificate of the security device certificate to the security device vendor.
c. Manufacturing an equipment certificate: when the safety equipment leaves a factory, a safety equipment manufacturer worker uses a root certificate of a safety equipment certificate to issue a unique safety equipment certificate for each safety equipment, and the safety equipment certificate comprises user information related to a safety equipment owner.
By adopting the certificate downloading method provided by the application, as each process needs to verify the identity of the user currently holding the safety equipment and judge whether the current user has no safety equipment owner bound with the safety equipment in advance, the condition that the safety equipment is stolen is avoided; in the process of downloading the certificate, the user certificates transmitted among the server, the client and the security device are all encrypted user certificates, and the total information security of the user in the process of using the security device is further improved.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a certificate downloading method, which is described below with reference to the accompanying drawings. Fig. 6 is a flowchart of a certificate downloading method according to another embodiment of the present application, which is applied to a client side, optionally, in an embodiment of the present application, a client may be any smart device having an interface matching with a security device, such as a smart phone, a palmtop computer, a notebook computer, and the like, and the present application is not limited thereto, and is not limited to the examples given in the foregoing embodiments, and in the following embodiments, a client is taken as a smart phone, as shown in fig. 6, the method includes:
s201: and sending the user identity information corresponding to the safety equipment to a server, and acquiring a verification result.
The following user identity information is the user identity information currently holding the security device.
Alternatively, for the example that the security device is a bluetooth usb key and the client is a smart phone, the user starts the bluetooth function of the smart phone before downloading the certificate, the smart phone is connected with the Bluetooth USBKey through Bluetooth, then a user clicks an online banking application program on the smart phone, the online banking application pops up a login interface, a user can input user identity information on the login interface, and sends the identity information to the server for verification and obtains a verification result, wherein the verification result is used for indicating whether the current user information is legal or not, i.e., whether the current user information satisfies the certificate download condition, wherein, the user can download the certificate by the username and password, or the application program is logged in by means of face recognition, fingerprint authentication, or voiceprint recognition, and the specific login manner may be designed according to the user requirement, and is not limited to the several manners provided in the above embodiments.
If the verification is passed, executing S202: and sending the user identity information and the safety equipment information corresponding to the safety equipment to the server together, and acquiring an authentication result.
If the verification fails, the certificate downloading is finished, and an indication of downloading failure is returned.
If the authentication is passed, executing S203: and sending a certificate request to the server according to the certificate downloading instruction sent by the server.
If the authentication is not passed, the certificate downloading is finished, and an indication of downloading failure is returned.
S204: and obtaining a verification result of the certificate request, and if the certificate request passes the verification of the server, sending a user certificate write-in instruction to the safety equipment according to the user certificate sent by the server.
The user certificate is encrypted according to the safety equipment certificate; after receiving the write-in instruction, the security device decrypts the encrypted user certificate in the security device, verifies the decrypted user certificate, and writes the user certificate after verifying that the current user certificate is the user certificate corresponding to the current security device.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a certificate downloading method, which is described below with reference to the accompanying drawings. Fig. 7 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application, where as shown in fig. 7, S202 may include:
s205: and sending an identity authentication instruction to the safety equipment according to the identity authentication instruction sent by the server.
S206: and acquiring user identity information corresponding to the safety equipment returned by the safety equipment.
Then, S202 is executed, the user identity information and the security device information corresponding to the security device are sent to the server together, and the authentication result is obtained.
Optionally, on the basis of the foregoing embodiment, an embodiment of the present application may further provide a certificate downloading method, which is described below with reference to the accompanying drawings. Fig. 8 is a flowchart illustrating a certificate downloading method according to another embodiment of the present application, where as shown in fig. 8, S203 may include:
s208: and sending a certificate downloading instruction to the safety equipment according to the certificate downloading instruction sent by the server.
S209: and acquiring the certificate request and the certificate of the security equipment returned by the security equipment.
S210: and sending the certificate request and the safety equipment certificate to a server together.
The above embodiment is an opposite method to the method provided in fig. 1 to 5, and therefore, the beneficial effects are the same as those of the method provided in fig. 1 to 5, and the description of the present application is omitted.
Fig. 9 is a schematic structural diagram of a certificate downloading apparatus according to an embodiment of the present application, applied to a server side, as shown in fig. 9, the apparatus includes: an authentication module 301, a determination module 302, and a sending module 303, wherein:
the verification module 301 is configured to verify user identity information corresponding to the security device sent by the client, and determine whether the current user identity information meets a certificate downloading condition.
The judging module 302 is configured to send an identity authentication instruction to the client if the identity authentication request is met; and acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass the verification.
The determining module 302 is further configured to send a certificate downloading instruction to the client if the security device passes the authentication request, and determine whether a binding relationship exists between the security device and the user.
And a sending module 303, configured to encrypt the user certificate according to the certificate request and send the encrypted user certificate to the client if the user certificate exists.
Fig. 10 is a schematic structural diagram of a certificate downloading apparatus according to another embodiment of the present application, applied to a server side, as shown in fig. 10, the apparatus further includes: an obtaining module 304, configured to obtain and store a binding relationship between the security device and the user if the user passes the access request.
The obtaining module 304 is further configured to send a certificate downloading instruction to the client, and obtain a certificate request returned by the client.
A determining module 302, configured to determine whether a binding relationship exists between the security device and the user.
Fig. 11 is a schematic structural diagram of a certificate downloading apparatus according to an embodiment of the present application, applied to a client side, as shown in fig. 11, the apparatus includes: an obtaining module 401 and a sending module 402, wherein:
the obtaining module 401 is configured to send user identity information corresponding to the security device to the server, and obtain a verification result.
A sending module 402, configured to send the user identity information and the security device information corresponding to the security device to the server if the verification is passed, and obtain an authentication result.
The sending module 402 is further configured to send a certificate request to the server according to a certificate downloading instruction sent by the server if the authentication is passed.
The sending module 402 is further configured to obtain a verification result of the certificate request, and send a user certificate write instruction to the security device according to the user certificate sent by the server if the certificate request passes the verification of the server.
The user certificate is encrypted according to the safety equipment certificate; and the write-in instruction is used for the security equipment to decrypt the encrypted user certificate and write the decrypted user certificate into the security equipment.
Optionally, the sending module 402 is further configured to send an identity authentication instruction to the security device according to the identity authentication instruction sent by the server.
The obtaining module 401 is further configured to obtain user identity information corresponding to the security device returned by the security device.
The sending module 401 is further configured to send the user identity information and the security device information corresponding to the security device to the server, and obtain an authentication result.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 12 is a schematic structural diagram of a certificate downloading device according to an embodiment of the present application, where the certificate downloading device may be integrated in a terminal device or a chip of the terminal device.
The certificate downloading apparatus includes: a processor 501, a storage medium 502, and a bus 503.
The processor 501 is used for storing a program, and the processor 501 calls the program stored in the storage medium 502 to execute the method embodiment corresponding to fig. 1-8. The specific implementation and technical effects are similar, and are not described herein again.
Optionally, the present application also provides a program product, such as a storage medium, on which a computer program is stored, including a program, which, when executed by a processor, performs embodiments corresponding to the above-described method.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to perform some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Claims (10)
1. A certificate downloading method is applied to a server side, and is characterized by comprising the following steps:
verifying user identity information corresponding to the safety equipment sent by the client, and determining whether the current user identity information meets a certificate downloading condition;
if so, sending an identity authentication instruction to the client; acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification;
if the security equipment passes the authentication, sending a certificate downloading instruction to the client, and judging whether a binding relationship exists between the security equipment and the user;
and if the user certificate exists, the user certificate is encrypted and then sent to the client according to the certificate request.
2. The method of claim 1, wherein sending a certificate download instruction to the client and determining whether a binding relationship exists between the secure device and a user comprises:
acquiring and storing a binding relationship between the security device and the user;
sending a certificate downloading instruction to the client, and acquiring the certificate request returned by the client;
and judging whether a binding relationship exists between the safety equipment and the user.
3. The method of claim 1, wherein the certificate request comprises: a secure device certificate; the encrypting the user certificate according to the certificate request and then sending the encrypted user certificate to the client comprises:
and encrypting the user certificate according to the safety equipment certificate, and issuing the encrypted user certificate to the client.
4. A method according to any one of claims 1-3, wherein the secure device certificate information includes at least one of: the serial number corresponding to the safety equipment and the service usage corresponding to the equipment certificate.
5. A certificate downloading method applied to a client side, the method comprising:
sending user identity information corresponding to the safety equipment to a server, and acquiring a verification result;
if the verification is passed, sending the user identity information and the safety equipment information corresponding to the safety equipment to the server together, and acquiring an authentication result;
if the authentication is passed, sending a certificate request to the server according to a certificate downloading instruction sent by the server;
obtaining a verification result of the certificate request, and if the certificate request passes the verification of the server, sending a user certificate write-in instruction to the safety equipment according to a user certificate sent by the server;
the user certificate is encrypted according to a safety equipment certificate; and the write-in instruction is used for decrypting the encrypted user certificate by the security equipment and writing the decrypted user certificate into the security equipment.
6. The method of claim 5, wherein sending the user identity information and the security device information corresponding to the security device to the server together and obtaining the authentication result comprises:
sending the identity authentication instruction to the safety equipment according to the identity authentication instruction sent by the server;
acquiring user identity information corresponding to the safety equipment returned by the safety equipment;
and sending the user identity information corresponding to the safety equipment and the safety equipment information to the server together, and acquiring an authentication result.
7. The method of claim 5, wherein submitting a certificate request according to a certificate download instruction sent by the server comprises:
according to a certificate downloading instruction sent by the server, sending the certificate downloading instruction to the safety equipment;
acquiring the certificate request and the safety equipment certificate returned by the safety equipment;
and sending the certificate request and the safety equipment certificate to the server together.
8. A certificate downloading apparatus applied to a server side, the apparatus comprising: verification module, judgement module and sending module, wherein:
the verification module is used for verifying the user identity information corresponding to the safety equipment sent by the client and determining whether the current user identity information meets the certificate downloading condition;
the judging module is used for sending an identity authentication instruction to the client if the identity authentication instruction is met; acquiring and judging whether the user identity information and the safety equipment certificate information returned by the client pass verification or not;
the judging module is also used for sending a certificate downloading instruction to the client side if the security equipment passes the authentication request, and judging whether the security equipment and the user have a binding relationship;
and the sending module is used for encrypting the user certificate and sending the encrypted user certificate to the client according to the certificate request if the user certificate exists.
9. A certificate downloading apparatus applied to a client side, the apparatus comprising: the device comprises an acquisition module and a sending module, wherein:
the acquisition module is used for sending the user identity information corresponding to the safety equipment to the server and acquiring a verification result;
the sending module is used for sending the user identity information and the safety equipment information corresponding to the safety equipment to the server together and obtaining an authentication result if the verification is passed;
the sending module is further configured to send a certificate request to the server according to a certificate downloading instruction sent by the server if the authentication is passed;
the sending module is further configured to obtain a verification result of the certificate request, and send the user certificate write instruction to the security device according to a user certificate sent by the server if the certificate request passes the verification of the server;
the user certificate is the user certificate encrypted according to the safety equipment certificate; and the write-in instruction is used for decrypting the encrypted user certificate by the security equipment and writing the decrypted user certificate into the security equipment.
10. A certificate downloading device, comprising: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the certificate downloading device is operating, the processor executing the machine-readable instructions to perform the method of any of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010509114.4A CN111970117B (en) | 2020-06-07 | 2020-06-07 | Certificate downloading method, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010509114.4A CN111970117B (en) | 2020-06-07 | 2020-06-07 | Certificate downloading method, device and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111970117A true CN111970117A (en) | 2020-11-20 |
CN111970117B CN111970117B (en) | 2022-09-30 |
Family
ID=73360493
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010509114.4A Active CN111970117B (en) | 2020-06-07 | 2020-06-07 | Certificate downloading method, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111970117B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114650140A (en) * | 2020-12-21 | 2022-06-21 | 国民科技(深圳)有限公司 | Mobile terminal, server, and method of executing electronic signature |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106302550A (en) * | 2016-10-21 | 2017-01-04 | 成都智达电力自动控制有限公司 | A kind of information security method for intelligent substation automatization and system |
WO2018157247A1 (en) * | 2017-02-28 | 2018-09-07 | Bioconnect Inc. | System and method for securing communications with remote security devices |
CN109462572A (en) * | 2018-09-13 | 2019-03-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Multi-factor authentication method and system based on encryption card and UsbKey and security gateway |
CN110445614A (en) * | 2019-07-05 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Certificate request method, apparatus, terminal device, gateway and server |
-
2020
- 2020-06-07 CN CN202010509114.4A patent/CN111970117B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106302550A (en) * | 2016-10-21 | 2017-01-04 | 成都智达电力自动控制有限公司 | A kind of information security method for intelligent substation automatization and system |
WO2018157247A1 (en) * | 2017-02-28 | 2018-09-07 | Bioconnect Inc. | System and method for securing communications with remote security devices |
CN109462572A (en) * | 2018-09-13 | 2019-03-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Multi-factor authentication method and system based on encryption card and UsbKey and security gateway |
CN110445614A (en) * | 2019-07-05 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Certificate request method, apparatus, terminal device, gateway and server |
Non-Patent Citations (1)
Title |
---|
徐茹枝等: "智能电网中电力调度数字证书系统", 《中国电力》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114650140A (en) * | 2020-12-21 | 2022-06-21 | 国民科技(深圳)有限公司 | Mobile terminal, server, and method of executing electronic signature |
Also Published As
Publication number | Publication date |
---|---|
CN111970117B (en) | 2022-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
EP3457344B1 (en) | Payment authentication method, apparatus and system for onboard terminal | |
US9426134B2 (en) | Method and systems for the authentication of a user | |
CN111917773B (en) | Service data processing method and device and server | |
AU2011205391B2 (en) | Anytime validation for verification tokens | |
US8387119B2 (en) | Secure application network | |
US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
US9055061B2 (en) | Process of authentication for an access to a web site | |
CN109474437B (en) | Method for applying digital certificate based on biological identification information | |
US9065806B2 (en) | Internet based security information interaction apparatus and method | |
EP1886204B1 (en) | Transaction method and verification method | |
US20200196143A1 (en) | Public key-based service authentication method and system | |
TWM595792U (en) | Authorization system for cross-platform authorizing access to resources | |
WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
CN109496443A (en) | Mobile authentication method and system for it | |
KR20150025392A (en) | System for securiting mobile and method therefor | |
CN113872989A (en) | Authentication method and device based on SSL protocol, computer equipment and storage medium | |
CN111970117B (en) | Certificate downloading method, device and equipment | |
KR20110122432A (en) | Authentication system and method using smart card web server | |
CN103929310A (en) | Mobile phone client side password unified authentication method and system | |
JP2010117995A (en) | System, device and method for issuing application | |
CN106533685B (en) | Identity authentication method, device and system | |
CN111242613B (en) | Wallet information management method and device based on online banking system and electronic equipment | |
CN107491967B (en) | Method and system for inputting password through network payment | |
KR20170042137A (en) | A authentication server and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |