CN101369885A - Method and system for security transmission of certificate document - Google Patents
Method and system for security transmission of certificate document Download PDFInfo
- Publication number
- CN101369885A CN101369885A CNA2008101988821A CN200810198882A CN101369885A CN 101369885 A CN101369885 A CN 101369885A CN A2008101988821 A CNA2008101988821 A CN A2008101988821A CN 200810198882 A CN200810198882 A CN 200810198882A CN 101369885 A CN101369885 A CN 101369885A
- Authority
- CN
- China
- Prior art keywords
- certificate file
- module
- radio access
- authentication server
- wireless terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for safely transferring a certificate file and a system. The method is based on a system comprising a wireless terminal module, a wireless access module and an identification server. The wireless terminal module accesses network through the wireless access module. The method comprises the following steps: identifying whether the server and the wireless access module are in the same device, if true, the identification server generates an access certificate file of the wireless access module and transfers the access certificate file to the wireless access module; the identification server generates a terminal certificate file of the wireless terminal module according to the data request information transferred by the wireless terminal module and transfers the terminal certificate file to the wireless terminal module. According to the method for safely transferring the certificate file of the invention, the identification server can automatically generate the terminal certificate file or the access certificate file based on the data request information transferred by the wireless terminal module or the wireless access module without the operation of the collocation equipment such as a computer, then the implementation is very simply and convenient.
Description
Technical field
The present invention relates to the communications field, relate in particular to the method and the system thereof of a kind of certificate file safe transfer in the communication process.
Background technology
WLAN (Wireless Local Access Network, WLAN (wireless local area network)) provides a kind of wireless data access service of high speed, and WLAN is one of relatively more popular technology of present IT industry.The safety standard of WLAN mainly contains (the Institute of Electrical and ElectronicsEngineers by IEEE at present, U.S. electric and electronics engineers) the IEEE 802.11i of proposition and the WAPI (WLAN Authentication and Privacy Infrastructure, WAPI) that China has independent intellectual property rights.
802.11i authentication can adopt 802.1X or shared key mode.IEEE802.1x 2001 has defined overLANs, the i.e. framework of EAPoL based on Extensible Authentication Protocol (EAP, Extensible Authentication Protocol).Authenticate by the EAP agreement between requestor and the certificate server, encapsulation certificate file data in the EAP protocol package adopt the EAPoL agreement that EAP is sealed and are contained on the LAN between requestor and the authenticator.The authenticator is encapsulated into the EAP protocol data in other upper-layer protocols, as RADIUS.When using 802.1X server (AS), between authenticator and AS, need to make up an escape way, requestor and AS carry out two-way authentication by this escape way.
WAPI is a security system framework of realizing that communication node and network are accepted the two-way authentication between the node and maintained secrecy, be applicable to main flow network physical topology form, is a kind of access control method of differentiating based on ternary structural and equity.WLAN authentication and privacy infrastructure (being also referred to as WAPI) is the application of this security system framework in WLAN (wireless local area network).WAPI adopts the certificate mechanism based on the public key cryptography system, realizes the two-way discriminating between subscriber station STA and WAP (wireless access point) (AP).Be that the digital certificate that authentication server (AS) is issued all is installed on subscriber station STA and the wireless access point AP, as the digital identity voucher of oneself.Before subscriber station STA is by wireless access point AP use or accesses network, must be by authentication server AS checking both sides identity.According to checking result (authentication is by the back), the subscriber station STA that holds legal certificate just can insert the wireless access point AP of holding legal certificate.Can prevent that so not only the disabled user STA that stands from inserting legal AP, can also protect wireless network resource, and can prevent that validated user station STA from inserting rogue AP and causing leakage of information.
No matter be to adopt IEEE 802.11i or WAPI standard, to certificate file carry out relating in the verification process certificate file generation, issue, series of complex operations such as importing, these operations all need the user to go operation to finish by configuration devices such as computers, implement more complicated, also may cause the potential potential safety hazard of system.
Summary of the invention
The invention provides a kind of method and system thereof of certificate file safe transfer, its method realizes fairly simple convenience, guarantees the convenience that network security and increase system use.
Technical scheme of the present invention is: a kind of method of certificate file safe transfer, based on the system that contains wireless terminal module, radio access module and authentication server, described wireless terminal module is by described radio access module access network, and described method comprises step:
Judge whether authentication server and radio access module are positioned at same equipment, if described authentication server generates the access certificate file of described radio access module and sends to described radio access module;
The request of data information that described authentication server transmits according to the wireless terminal module generates the terminal certificate file of wireless terminal module, and passes to described wireless terminal module.
The present invention has also disclosed a kind of system of certificate file safe transfer, comprising:
Authentication server is used to judge whether described radio access module is positioned at same equipment with it, if generate the access certificate file of described radio access module and send to described radio access module; Receive the request of data information that the wireless terminal module is transmitted, generate the terminal certificate file of wireless terminal module according to this request of data information, and pass to described wireless terminal module;
Radio access module is used to receive the access certificate file that described authentication server sends;
The wireless terminal module is used for to described authentication server Data transmission solicited message, receives the terminal certificate file that described authentication server transmits.
The method of certificate file safe transfer of the present invention, authentication server can generate the terminal certificate file according to the request of data information of wireless terminal module or radio access module transmission automatically or insert certificate file and pass to wireless terminal module or radio access module again, do not need the user to go operation to finish by configuration devices such as computers, implement fairly simple convenience, can also improve the fail safe that certificate file transmits.The system of further certificate file safe transfer of the present invention, authentication server can generate the terminal certificate file automatically according to the request of data information of wireless terminal module or radio access module transmission or insert certificate file, do not need the user to go operation to finish by configuration devices such as computers yet, implement fairly simple convenience, can also improve the fail safe that certificate file transmits.
Description of drawings
Fig. 1 is the flow chart of an embodiment of certificate file safety transmitting method of the present invention;
Fig. 2 is the flow chart of an embodiment of certificate file safety transmitting method of the present invention;
Fig. 3 is the structured flowchart of an embodiment of certificate file safety transfer system of the present invention;
Fig. 4 is the structured flowchart of an embodiment of certificate file safety transfer system of the present invention;
Fig. 5 is the structured flowchart of an embodiment of certificate file safety transfer system of the present invention;
Fig. 6 is the structured flowchart of an embodiment of certificate file safety transfer system of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is done a detailed elaboration.
Embodiment one
The method of certificate file safe transfer of the present invention, based on the system that contains wireless terminal module, radio access module and authentication server, described wireless terminal module is by described radio access module access network, the safe transfer of certificate file in the wireless terminal module access network process when being applicable to communication, it comprises step, as Fig. 1, S101, judge whether radio access module and authentication server are arranged in same equipment.If execution in step S102, authentication server generate the access certificate file of radio access module and send to radio access module, afterwards execution in step S105.Radio access module can be a wireless access point AP.The wireless terminal module can be wireless terminal devices such as mobile phone.
If authentication server and radio access module be not in same equipment, execution in step S103, radio access module are to authentication server Data transmission solicited message; S104, authentication server generate the access certificate file and pass to radio access module according to the request of data information of radio access module transmission, afterwards execution in step S105.
S105, wireless terminal module are to authentication server Data transmission solicited message; S106, authentication server generate the terminal certificate file and pass to the wireless terminal module according to the request of data information of wireless terminal module transmission.The certificate file transmission finishes.
Inserting certificate file and terminal certificate file can be pure certificate file, and promptly common digital certificate is as digital certificate X.509 etc.; Can also be the certificate file after encapsulation, promptly common digital certificate encapsulates, and adds the certificate file of extra control information, as, X.509 adding the additional attribute of control information increase in the certificate file to wireless terminal module accesses network.
This shows, the method of certificate file safe transfer of the present invention, authentication server can generate the terminal certificate file automatically according to the request of data information of wireless terminal module or radio access module transmission or insert certificate file, do not need the user to go operation to finish by configuration devices such as computers, implement fairly simple convenience, can also improve the fail safe that certificate file transmits simultaneously.
Wherein in this embodiment, described request of data information can be the Generate Certificate solicited message or the certificate file parameter information of file.
Embodiment two
Implement in one general wireless terminal module or radio access module and connect by mode such as network and authentication server, there is unsafe factor in this mode.This embodiment is a kind of embodiment after improving.
The method of certificate file safe transfer of the present invention comprises step, as Fig. 2, S201, judges whether radio access module and authentication server are arranged in same equipment.If execution in step S202, authentication server generate the access certificate file of radio access module and send to radio access module, afterwards execution in step S205.Radio access module can be a wireless access point AP.
If authentication server and radio access module be not in same equipment, execution in step S203, radio access module pass to authentication server by mobile memory medium with the request of data information of radio access module; S204, authentication server generate the access certificate file according to the request of data information of radio access module, and pass to radio access module by mobile memory medium, afterwards execution in step S205.
S205, wireless terminal module are transmitted its request of data information by mobile memory medium to authentication server; S206, authentication server generate the terminal certificate file according to the request of data information of wireless terminal module, and pass to the wireless terminal module by mobile memory medium.The certificate file transmission finishes.
This certificate file parameter information can be the model or the characteristic information of radio access module or wireless terminal module.Mobile memory medium can be physical medias such as flash disk or SD storage card.Request of data information can be the Generate Certificate solicited message or the certificate file parameter information of file.
The method of certificate file safe transfer of the present invention, authentication server can also generate the terminal certificate file automatically or insert certificate file according to the wireless terminal module of mobile memory medium transmission or the certificate file parameter information of radio access module, do not need the user to go operation to finish by configuration devices such as computers yet, implement fairly simple convenience, and can avoid the unsafe factor that transmits by modes such as networks by mobile memory medium, improved the fail safe that certificate file transmits.
Embodiment three
Disclosed a kind of system of certificate file safe transfer among this embodiment, as Fig. 3, it comprises:
Authentication server is used to judge whether described radio access module is positioned at same equipment with it, if generate the access certificate file of described radio access module and send to described radio access module; Receive the request of data information that the wireless terminal module sends, generate the terminal certificate file of wireless terminal module according to this request of data information, and pass to described wireless terminal module;
Radio access module is used to receive the access certificate file that described authentication server sends;
The wireless terminal module is used for sending request of data information to described authentication server, receives the terminal certificate file that described authentication server sends.
When described authentication server and described radio access module are not in same equipment, as Fig. 4, radio access module sends request of data information to authentication server, and authentication server generates according to this request of data information and inserts certificate file and send to radio access module.Radio access module receives the access certificate file that described authentication server sends.
This certificate file parameter information can be the model or the characteristic information of radio access module or wireless terminal module.In addition in one embodiment, on radio access module, wireless terminal module, authentication server, can have certain physical interface, as USB interface, 1394 interfaces etc.When the wireless terminal module need be when authentication server sends request of data information, the wireless terminal module can directly be connected with the physical interface of authentication server by its physical interface; When radio access module need be when authentication server sends request of data information, radio access module also can be connected with the physical interface of authentication server by its physical interface.
Embodiment four
Implement in three general wireless terminal module or radio access module and connect by mode such as network and authentication server, there is unsafe factor in this mode.This embodiment is a kind of embodiment after improving.
The present invention has also disclosed a kind of system of certificate file safe transfer, as Fig. 5, comprising:
Authentication server is used to judge whether described radio access module is positioned at same equipment with it, if generate the access certificate file of described radio access module and send to described radio access module; Receive the request of data information of the wireless terminal module of mobile memory medium transmission, generate terminal certificate file and pass to described wireless terminal module by mobile memory medium according to this request of data information;
Radio access module is used to receive the access certificate file that described authentication server sends;
The wireless terminal module is used for writing request of data information to described mobile memory medium, receives the terminal certificate file of described mobile memory medium storage;
Mobile memory medium is used for giving authentication server with described request of data message transmission, transmits the terminal certificate file that described authentication server generates.
When described radio access module and described authentication server during not at same equipment, as Fig. 6, this moment, radio access module was delivered to authentication server with its request of data information by mobile memory medium, authentication server generates according to this request of data information and inserts certificate file, and passes to radio access module by mobile memory medium.
This certificate file parameter information can be the model or the characteristic information of radio access module or wireless terminal module.Mobile memory medium can be physical medias such as flash disk or SD storage card.Request of data information can be the Generate Certificate solicited message or the certificate file parameter information of file.
At radio access module, the wireless terminal module, can have certain physical interface on authentication server and the mobile memory medium, as USB interface, 1394 interfaces etc., when practical operation, if authentication server and radio access module are when same equipment, mobile memory medium is inserted into the wireless terminal module, the wireless terminal module with its request of data information stores on mobile memory medium, mobile memory medium is inserted into authentication server again, authentication server promptly generates the terminal certificate file storage on mobile memory medium according to this request of data information, last mobile memory medium is inserted on the wireless terminal module again, described terminal certificate file is existed on the wireless terminal module, promptly finish the safe transfer of terminal certificate file.
If authentication server and radio access module be not when same equipment, the safety transmitting method of the access certificate file of radio access module is the same with the transmission method of the terminal certificate file of wireless terminal module.
This shows by mobile memory medium and come the safe transfer certificate file, can improve the fail safe of system, avoid being subjected to the influence of potential unsafe factor such as network.
In sum, authentication server of the present invention can generate the terminal certificate file automatically according to the request of data information of wireless terminal module or radio access module transmission or insert certificate file, do not need the user to go operation to finish, implement fairly simple convenience by configuration devices such as computers.Further, authentication server of the present invention can also generate the terminal certificate file automatically or insert certificate file according to the wireless terminal module of mobile memory medium transmission or the request of data information of radio access module, do not need the user to go operation to finish by configuration devices such as computers yet, implement fairly simple convenience, and can avoid the unsafe factor that transmits by modes such as networks by mobile memory medium, improved the fail safe that certificate file transmits.
Above-described embodiment of the present invention does not constitute the qualification to protection range of the present invention.Any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection range of the present invention.
Claims (10)
1. the method for a certificate file safe transfer, based on the system that contains wireless terminal module, radio access module and authentication server, described wireless terminal module is characterized in that by described radio access module access network, comprises step:
Judge whether authentication server and radio access module are positioned at same equipment, if described authentication server generates the access certificate file of described radio access module and sends to described radio access module;
The request of data information that described authentication server transmits according to the wireless terminal module generates the terminal certificate file of wireless terminal module, and passes to described wireless terminal module.
2. the method for certificate file safe transfer according to claim 1, it is characterized in that: if described authentication server and described radio access module not at same equipment, then described authentication server generates described access certificate file and passes to described radio access module according to the request of data information of described radio access module transmission.
3. the method for certificate file safe transfer according to claim 1, it is characterized in that: described wireless terminal module is to transmit described request of data information by mobile memory medium, and receives the described terminal certificate file that described authentication server transmits by this mobile memory medium.
4. the method for certificate file safe transfer according to claim 2, it is characterized in that: described radio access module is to transmit described request of data information by mobile memory medium, and receives the described access certificate file that described authentication server transmits by this mobile memory medium.
5. according to the method for the described certificate file safe transfer of the arbitrary claim of claim 1 to 4, it is characterized in that: described request of data information is the Generate Certificate solicited message or the certificate file parameter information of file.
6. the system of a certificate file safe transfer is characterized in that, comprising:
Authentication server is used to judge whether described radio access module is positioned at same equipment with it, if generate the access certificate file of described radio access module and send to described radio access module; Receive the request of data information that the wireless terminal module is transmitted, generate the terminal certificate file of wireless terminal module according to this request of data information, and pass to described wireless terminal module;
Radio access module is used to receive the access certificate file that described authentication server transmits;
The wireless terminal module is used for to described authentication server Data transmission solicited message, receives the terminal certificate file that described authentication server transmits.
7. the system of certificate file safe transfer according to claim 6, it is characterized in that: also comprise mobile memory medium, described wireless terminal module is passed through this mobile memory medium Data transmission solicited message, and receives the described terminal certificate file that described authentication server transmits by this mobile memory medium.
8. the system of certificate file safe transfer according to claim 6, it is characterized in that: described authentication server is at described radio access module and described authentication server during not at same equipment, also be used to receive the request of data information that described radio access module transmits, generate described access certificate file and pass to described radio access module according to this request of data information.
9. the system of certificate file safe transfer according to claim 8, it is characterized in that: also comprise mobile memory medium, described radio access module passes through this mobile memory medium Data transmission solicited message, and receives the described access certificate file that authentication server transmits by this mobile memory medium.
10. according to the system of the described certificate file safe transfer of claim 6 to 8, it is characterized in that: described request of data information is for generating the solicited message or the certificate file parameter information of certificate file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101988821A CN101369885A (en) | 2008-09-27 | 2008-09-27 | Method and system for security transmission of certificate document |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101988821A CN101369885A (en) | 2008-09-27 | 2008-09-27 | Method and system for security transmission of certificate document |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101369885A true CN101369885A (en) | 2009-02-18 |
Family
ID=40413535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101988821A Pending CN101369885A (en) | 2008-09-27 | 2008-09-27 | Method and system for security transmission of certificate document |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101369885A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827094A (en) * | 2010-04-01 | 2010-09-08 | 北京数码视讯科技股份有限公司 | Method for sending down digital certificate, device and system |
| CN107864038A (en) * | 2017-10-25 | 2018-03-30 | 中国平安人寿保险股份有限公司 | Certificate management method, device, equipment and computer-readable recording medium |
-
2008
- 2008-09-27 CN CNA2008101988821A patent/CN101369885A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827094A (en) * | 2010-04-01 | 2010-09-08 | 北京数码视讯科技股份有限公司 | Method for sending down digital certificate, device and system |
| CN101827094B (en) * | 2010-04-01 | 2014-03-19 | 北京数码视讯科技股份有限公司 | Method for sending down digital certificate, device and system |
| CN107864038A (en) * | 2017-10-25 | 2018-03-30 | 中国平安人寿保险股份有限公司 | Certificate management method, device, equipment and computer-readable recording medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105379190B (en) | The system and method for being used to indicate service set identifier | |
| JP4506856B2 (en) | Communication apparatus and communication method | |
| US8924716B2 (en) | Communication device and communication method | |
| EP1972125B1 (en) | Apparatus and method for protection of management frames | |
| KR101438243B1 (en) | Sim based authentication | |
| JP5120417B2 (en) | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM | |
| CN108322902A (en) | A kind of data transmission method and data transmission system | |
| CN107005927A (en) | Cut-in method, equipment and the system of user equipment (UE) | |
| CN104982021A (en) | Authenticating a wireless dockee to a wireless docking service | |
| JP2009212732A5 (en) | ||
| TW201123763A (en) | Key generation in a communication system | |
| CN103945369A (en) | Internet access configuration method for WIFI device by checking length of WIFI data packets | |
| CN102090093A (en) | Method and device for establishing security mechanism of air interface link | |
| CN104660567B (en) | D2D terminal access authentications method, D2D terminals and server | |
| CN103457724B (en) | Method and system for point-to-point data safe transmission | |
| US10152587B2 (en) | Device pairing method | |
| CN100571460C (en) | The method and apparatus of secure roaming | |
| CN104661171A (en) | Small data secure-transmission method and system for MTC device group | |
| US20180083777A1 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
| CN101977379A (en) | Authentication method and device of mobile terminal | |
| WO2019085659A1 (en) | Information interaction method and device | |
| WO2022134089A1 (en) | Method and apparatus for generating security context, and computer-readable storage medium | |
| CN101369885A (en) | Method and system for security transmission of certificate document | |
| CN102056168A (en) | Access method and device | |
| CN103945379B (en) | A kind of method that access authentication and data communication are realized in access network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20090218 |