CN101399666A - Safety control method and system for digital certificate of file - Google Patents
Safety control method and system for digital certificate of file Download PDFInfo
- Publication number
- CN101399666A CN101399666A CNA2007100468134A CN200710046813A CN101399666A CN 101399666 A CN101399666 A CN 101399666A CN A2007100468134 A CNA2007100468134 A CN A2007100468134A CN 200710046813 A CN200710046813 A CN 200710046813A CN 101399666 A CN101399666 A CN 101399666A
- Authority
- CN
- China
- Prior art keywords
- identification code
- digital certificate
- equipment identification
- eic equipment
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for controlling the security of a document digital certificate and a system thereof, which solves the problems that the existing document digital certificates has low security and is easy to be stolen. The method comprises the following steps: unique equipment identification code is generated at client of digital certificate and transmitted to a server; the server identifies that whether the equipment identification code is the same as the registered equipment identification code or not, if so, the identification is passed; if not, the server verifies the identity of a digital certificate user, if the verification is passed, a new corresponding relationship between the equipment identification code and the digital certificate is established once more; if the verification is not passed, the process of verification is failed. The invention improves the security of the document digital certificate, and can effectively prevent lawless persons from stealing document certificates of other persons. Moreover, the invention has small effect on operating flow of the document digital certificate of a user.
Description
Technical field
The present invention relates to digital certificate technique, particularly relate to a kind of digital certificate of file method of controlling security and system.
Background technology
At present, in order to improve the reliability of authentication, extensively adopted the digital certificate mode identification information user's of system legal identity in the Internet service.Digital certificate generally adopts dual mode storage: a kind of is (to be a kind of intelligent storage equipment with hardware USB Key, can be used for depositing the Net silver certificate, can carry out the computing of digital signature and signature verification) as the mobile certificate of storage medium, a kind of is the digital certificate of file that is stored in document form in the common storage such as hard disk.
Wherein, mobile certificate is by the safety of the security control chip among the USB Key with hardware mode protection digital certificate; under normal circumstances; the lawless person can't copy digital certificate from USB Key; unless steal user's USB Key, other people generally can't falsely use user's digital certificate identity information puppet and emit user's identity to carry out fraudulent activities.Therefore, the reliability of mobile certificate is higher relatively.
And digital certificate of file is kept in the user's computer with document form usually, relies on safety control system (as IE browser, client software etc.) to protect its safety with software mode.Because digital certificate of file is kept in the subscriber computer, mobile application is relatively poor, therefore use in other computers for ease of the user, described security control software provides the digital certificate of file export function, do not carry out under the situation of security limitations the user, the lawless person can utilize this function to steal user's digital certificate of file easily.Therefore, the fail safe of digital certificate of file is relatively low.
With the digital certificate management in the IE browser is example, specifies the process that the lawless person steals digital certificate of file.The user downloads the back with digital certificate and imports in the IE browser, and whether selected by the user during importing can backup keys.In order can to use in other computers, great majority that is to say that with select per family can backup keys the user can derive the digital certificate in the IE browser (comprising key), copies in other computers.Therefore, the lawless person can by wooden horse or the viral certificate export function of calling the IE browser, illegally obtain user's digital certificate by implant wooden horse or virus in subscriber computer, then digital certificate is imported in other computers and use, steal user's account fund.
By last example as can be known, digital certificate of file very easily is stolen, and there is hidden danger in safety problem.Though the fail safe of mobile certificate is higher relatively, because mobile certificate uses USB Key to preserve certificate, the user need buy USB Key hardware device separately, has increased user's use cost but in actual applications; Simultaneously, need install driver when most of USB Key use, user's ease for use is relatively poor relatively.From the operating position of present digital certificate, most of users still are extensive use of the digital certificate of file in the common storage such as being stored in hard disk.Therefore, the safety issue of digital certificate of file is anxious to be solved.
Summary of the invention
Technical problem to be solved by this invention provides a kind of digital certificate of file method of controlling security and system, and is low to solve present digital certificate of file fail safe, the problem that easily is stolen.
For solving the problems of the technologies described above,, the invention discloses following technical scheme according to specific embodiment provided by the invention:
The digital certificate of file method of controlling security comprises:
Generate unique EIC equipment identification code in the digital certificate client, send to server;
Whether the described EIC equipment identification code of server authentication is identical with the EIC equipment identification code of registration, if identical, then checking is passed through;
If different, server is examined digital certificate user's identity, if examine by, then rebulid the new EIC equipment identification code and the corresponding relation of digital certificate; If examine and do not pass through, then proof procedure failure.
Preferably, described method also comprises: server generates random key, sends to the client of application checking; Client sends to server after utilizing described key that EIC equipment identification code is encrypted again; Accordingly, after the server deciphering obtains EIC equipment identification code, verify again.
Wherein, the step of described server registers EIC equipment identification code comprises: when client generates EIC equipment identification code for the first time and sends to server, server with this EIC equipment identification code with to digital certificate of file binding that should client.
Wherein, the step that described digital certificate client generates unique EIC equipment identification code comprises: obtain the identification information of at least one computer equipment, the line character conversion of going forward side by side; Character string after the conversion is shifted and xor operation; Adopt md5-challenge calculating character string, generate EIC equipment identification code.
Perhaps, the step that described digital certificate client generates unique EIC equipment identification code comprises: obtain the identification information of at least one computer equipment, the line character conversion of going forward side by side; Adopt Secure Hash Algorithm calculating character string, generate eap-message digest; Described eap-message digest is shifted and xor operation; Carry out character transformation once more, generate EIC equipment identification code.
Wherein, the identification information of described computer equipment comprises CPU sequence number, hard disk sequence number and MAC Address of Network Card.
Wherein, described identity verification comprises name, identification card number and the telephone number of examining the digital certificate user.
The digital certificate of file safety control system comprises:
Computer equipment is used to preserve digital certificate of file;
Custom plug-in is installed on described computer equipment, is used to generate unique EIC equipment identification code, and sends to authentication server by computer equipment;
Authentication server is used to verify whether the EIC equipment identification code that described computer equipment sends is identical with the EIC equipment identification code of registration, if identical, then checking is passed through; If different, then digital certificate user's identity is examined, if examine by, then rebulid the new EIC equipment identification code and the corresponding relation of digital certificate; If examine and do not pass through, then proof procedure failure.
Preferably, described custom plug-in comprises the process that EIC equipment identification code sends to authentication server: custom plug-in sends the Authentication devices identity request by computer equipment to authentication server; Authentication server generates random key, sends to custom plug-in by computer equipment; Custom plug-in utilizes described key that EIC equipment identification code is encrypted, and sends to authentication server; After the authentication server deciphering obtains EIC equipment identification code, verify again.
Wherein, described authentication server when for the first time receiving the EIC equipment identification code that computer equipment is sent, with this EIC equipment identification code with to digital certificate of file binding that should computer equipment.
Wherein, described custom plug-in utilizes CPU sequence number, hard disk sequence number and the MAC Address of Network Card of computer equipment to calculate and generates unique EIC equipment identification code.
A kind of client terminal device that is used for the digital certificate of file security control comprises:
Collecting unit is used to collect the identification information of subscriber computer;
Computing unit is used for described identification information is calculated the unique EIC equipment identification code of generation;
Ciphering unit is used for described EIC equipment identification code is carried out encryption.
Wherein, the described ciphering unit random key that utilizes authentication server to send is encrypted EIC equipment identification code.
Wherein, the computer identification of described collecting unit collection comprises CPU sequence number, hard disk sequence number and MAC Address of Network Card.
Wherein, described computing unit is preserved the character transformation table, is used in the process that generates EIC equipment identification code computer identification being carried out character transformation.
According to specific embodiment provided by the invention, the invention discloses following technique effect:
The embodiment of the invention provides a kind of digital certificate of file burglary-resisting system and method based on EIC equipment identification code, utilize computer equipment of EIC equipment identification code unique identification, the digital certificate of file of user's use and the EIC equipment identification code of its computer are bound, and when authentication document certificate combined with this EIC equipment identification code and verify: the EIC equipment identification code of subscriber computer is at first differentiated by authentication mechanism, whether the computer checking of initiating digital certificate of file checking request is changed, if change then the authentication that needs the user to add, thereby after preventing that effectively the lawless person from stealing other people document certificate, certificate is imported the pseudo-fraudulent activities of emitting validated user to carry out in other computers.The present invention has improved the fail safe of digital certificate of file.
And, after adopting described verification technique, proof procedure to EIC equipment identification code carries out on the backstage, the user uses the flow process of digital certificate of file identical with original flow process, only digital certificate of file is imported other computer and use the authentication that just need add when perhaps changing the critical piece (as parts such as CPU, hard disk, network interface cards) that is used for the computing equipment identification code in the computer the user.Therefore, use the operating process influence of digital certificate of file very little to the user.
Description of drawings
Fig. 1 is the flow chart of steps of digital certificate of file method of controlling security embodiment of the present invention;
Fig. 2 is the structure chart of the described digital certificate of file safety control system of the embodiment of the invention;
Fig. 3 is that the data interaction of plug-in unit and user computer equipment 10 and authentication server 20 concerns schematic diagram;
Fig. 4 is a kind of structural representation that is used for the client terminal device of digital certificate of file security control of the present invention.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, the present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
The embodiment of the invention proposes a kind of digital certificate of file method of controlling security and system based on EIC equipment identification code, utilizes computer equipment of EIC equipment identification code unique identification, and the digital certificate of file of user's use and the EIC equipment identification code of its computer are bound.When the user carries out operational line, the EIC equipment identification code of subscriber computer is at first differentiated by authentication mechanism, whether the computer checking of initiating digital certificate of file checking request is changed, if change then the authentication that needs the user to add, thereby prevent that the lawless person from using the digital certificate of file of stealing under the unwitting situation of user on other computers.
Owing to the parts (as hard disk, CPU, mainboard, network interface card etc.) in every computer all have its specific identifier, therefore, can produce unique EIC equipment identification code by certain calculation.Do not change at computer under the situation of above-mentioned parts, can utilize EIC equipment identification code to distinguish different computers.The embodiment of the invention is with computer equipment identification code and the binding of user file digital certificate, the use of control documents digital certificate on other computer.
With reference to Fig. 1, be the flow chart of steps of digital certificate of file method of controlling security embodiment of the present invention.The system environments of described method embodiment comprises digital certificate client and authentication server, client is the computer that the user uses, the user preserves digital certificate of file on this computer, when using this document digital certificate, authentication server verifies whether this computer changes.To be that example describes below with Internet-based banking services.
Present embodiment provides two kinds of methods that generate EIC equipment identification code, also can adopt additive method to generate certainly, but needs to guarantee that the identification code that generates is unique.
Method one is as follows:
(1) sets in advance a character transformation table, comprise all ASII (America Standard Codefor Information Interchange, ASCII) the correspondent transform character of character, as character A be transformed to character C, character D is transformed to character P etc., each character all has corresponding conversion character, and the conversion character is all inequality;
(2) obtain CPU sequence number, hard disk sequence number and the MAC Address of Network Card of computer, and above-mentioned Info Link is become a character string;
(3) use the character transformation table that character string is carried out character transformation one time;
(4) character string is carried out shifting function, the character string end is moved to character string head;
(5) get the 3rd character of CPU sequence number, use this character respectively with character string in each character carry out XOR;
(6) use the above-mentioned character string of MD5 algorithm computation, generate EIC equipment identification code.
Wherein, the full name of MD5 is Message-Digest Algorithm 5, it is md5-challenge, through MD2, MD3 and MD4 development, its effect is to allow big capacity information be become a kind of secret form (being exactly the big integer that the byte serial of a random length is transformed into a fixed length) by " compression " before signing private secret key with digital signature software.It is that a segment information is produced informative abstract that the typical case of MD5 uses, and is distorted preventing; It is technical that MD5 also is widely used in encryption and decryption.
Method two is as follows:
(1) sets in advance a character transformation table, comprise all ASII (America Standard Codefor Information Interchange, ASCII) the correspondent transform character of character, as character A be transformed to character C, character D is transformed to character P etc., each character all has corresponding conversion character, and the conversion character is all inequality;
(2) obtain CPU sequence number, hard disk sequence number and the MAC Address of Network Card of computer, and above-mentioned Info Link is become a character string;
(3) use the above-mentioned character string of SHA1 algorithm computation, generate 160 eap-message digest;
Wherein, the full name of SHA1 is Secure Hash Algorithm, be Secure Hash Algorithm, mainly be applicable to the Digital Signature Algorithm (Digital Signature Algorithm DSA) of DSS (Digital Signature Standard DSS) the inside definition.For the message of length less than the 2-64 position, SHA1 can produce one 160 eap-message digest, and when receiving message, described eap-message digest can be used for the integrality of verification msg.In the process of transmission, data change possibly, therefore can produce different eap-message digests.SHA1 has following characteristic: cannot be from eap-message digest recovery information; Two different message can not produce same eap-message digest.
(4) the eap-message digest character string is carried out shifting function, dual number digits character position last with it character is exchanged;
(5) get position, hard disk sequence number end character, use each character in this character and the character string to carry out XOR;
(6) use the character transformation table that character string is carried out character transformation one time, generate EIC equipment identification code.
Above-mentioned steps 102-104 is the preferred process of present embodiment, and client sends server to after with the recognition of devices code encryption again, guarantees safety of data transmission.Client can adopt symmetry, multiple mode such as asymmetric that EIC equipment identification code is encrypted, and present embodiment does not limit concrete cipher mode, if adopt the symmetric cryptography mode, then described random key is identical with the decruption key of authentication server end; If adopt the asymmetric encryption mode, the key that then sends to client is a PKI, and authentication server keeps private key and is used for deciphering.
Further preferred, client in the present embodiment is used the cryptographic algorithm of maintaining secrecy, this cryptographic algorithm can adopt cryptographic algorithm such as symmetrical or asymmetric, but do not adopt DES (Data Encryption Standard, be DEA), RSA present widely used cryptographic algorithm such as (a kind of asymmetric cryptographic algorithms), purpose is that puppet is emitted EIC equipment identification code for the information after guaranteeing to encrypt is difficult for being deciphered by the lawless person.
The holder carries out in the process of operational line at follow-up use digital certificate of file, authentication server all needs the computer at digital certificate of file place is verified at every turn, proof procedure is: continue step 104, the binding situation of server lookup digital certificate of file and EIC equipment identification code, the EIC equipment identification code of deciphering acquisition and the EIC equipment identification code of registration are compared, if the EIC equipment identification code of discovering device identification code when this digital certificate was verified last time is different, then variation has taken place and (has perhaps changed computer in the use machine of this digital certificate, perhaps changed the critical piece that is used for the computing equipment identification code in the computer, as CPU, hard disk, parts such as network interface card), change the exception processing procedure of step 106 over to; If identical, then checking is passed through.
Above-mentioned proof procedure will greatly increase the difficulty that the lawless person usurps the user file digital certificate.Suppose that the lawless person has obtained the user file digital certificate, need to import other computer and just can use, and the CPU sequence number of this computer, hard disk sequence number and MAC Address of Network Card and subscriber computer is different, therefore, can generate different EIC equipment identification codes.The lawless person is when using digital certificate of file to carry out authentication, different when authentication server finds that the EIC equipment identification code of machine that this certificate uses was verified with last time, change exception processing procedure over to, the authentication that adds, and the lawless person generally can't provide other authentication information of user.Therefore, can prevent effectively that the lawless person from utilizing wooden horse or Virus to duplicate user's digital certificate of file, implement fraudulent act after importing other computer.
And, after adopting described verification technique, proof procedure to EIC equipment identification code carries out on the backstage, the user uses the digital certificate of file flow process identical with original flow process, only digital certificate of file is imported other computer and use, the authentication that just need add when perhaps changing critical piece such as computer CPU, hard disk, network interface card the user.Therefore, use the operating process influence of digital certificate of file very little to the user.
The present invention also provides the system embodiment that realizes above-mentioned verification method, with reference to shown in Figure 2, is the structure chart of the described digital certificate of file safety control system of embodiment.Described system comprises computer equipment 10 and the authentication server 20 that uses as client, and the custom plug-in that is installed in operation on the computer equipment 10.As shown in the figure, preserve user's digital certificate of file on the computer equipment 10, every computer all has unique identify label, i.e. EIC equipment identification code is calculated by special algorithm by CPU sequence number, hard disk sequence number and the MAC Address of Network Card of computer.Authentication server 20 is used for the EIC equipment identification code on user's digital certificate of file and the certificate place computer equipment 10 is bound, and the computer equipment 10 of each use digital certificate verified, if variation has taken place in the use machine of digital certificate, then change exception processing procedure over to, further identifying user identity, thus guarantee the safety in utilization of digital certificate of file.
Described custom plug-in is a client terminal device with specific function, functions such as the main safety encipher communication port of realizing collecting 20 of subscriber computer identification information, computing equipment identification code, foundation and authentication servers, encryption device identification code.Custom plug-in is downloaded on the computer equipment 10 when using digital certificate of file for the first time automatically by the user, when the user uses digital certificate of file at every turn, and the EIC equipment identification code of the place computer equipment 10 that Generates Certificate automatically.The data interaction of custom plug-in and user computer equipment 10 and authentication server 20 concerns as shown in Figure 3:
1. CPU sequence number, hard disk sequence number, the MAC Address of Network Card information of custom plug-in 30 collection computers 10 adopt special algorithm to generate EIC equipment identification code (its generation method is not described in detail in this as previously mentioned);
2. custom plug-in 30 sends connection request by subscriber computer 10 to authentication server 20;
3. 10 in authentication server 20 and computer are set up secured communication channel;
4. custom plug-in 30 sends the request of Authentication devices identification code to authentication server 20 by subscriber computer 10;
5. authentication server 20 generates a random key, sends to plug-in unit 30 by subscriber computer 10;
6. custom plug-in 30 adopts described random key encryption device identification code, sends to authentication server 20 by subscriber computer 10;
7. authentication server 20 is decrypted, and obtains EIC equipment identification code, verifies then.
Because above-mentioned custom plug-in can be used as a separate modular and is independent of system shown in Figure 2, so the present invention also provides a kind of embodiment of client terminal device that the structure of plug-in unit independently is described.Described client terminal device is installed on the computer that the user uses digital certificate of file, is mainly used in the proof procedure of digital certificate of file and generates EIC equipment identification code, and communicate by computer and service end.With reference to Fig. 4, be the structural representation of described client terminal device, mainly comprise collecting unit 401, computing unit 402 and ciphering unit 403.
Wherein, collecting unit 401 is used to collect the identification information of digital certificate of file place computer, as CPU sequence number, hard disk sequence number and MAC Address of Network Card etc., when the user used digital certificate at every turn, collecting unit 401 all can be collected the identification information of certificate place computer.
The part that does not describe in detail in Fig. 2, system shown in Figure 3 and the device shown in Figure 4 can be considered for length referring to the relevant portion of method shown in Figure 1, is not described in detail in this.
More than to digital certificate of file method of controlling security provided by the present invention and system, be described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (15)
1, the digital certificate of file method of controlling security is characterized in that, comprising:
Generate unique EIC equipment identification code in the digital certificate client, send to server;
Whether the described EIC equipment identification code of server authentication is identical with the EIC equipment identification code of registration, if identical, then checking is passed through;
If different, server is examined digital certificate user's identity, if examine by, then rebulid the new EIC equipment identification code and the corresponding relation of digital certificate; If examine and do not pass through, then proof procedure failure.
2, method according to claim 1 is characterized in that, also comprises: server generates random key, sends to the client of application checking; Client sends to server after utilizing described key that EIC equipment identification code is encrypted again;
Accordingly, after the server deciphering obtains EIC equipment identification code, verify again.
3, method according to claim 1, it is characterized in that, the step of described server registers EIC equipment identification code comprises: when client generates EIC equipment identification code for the first time and sends to server, server with this EIC equipment identification code with to digital certificate of file binding that should client.
4, method according to claim 1 is characterized in that, the step that described digital certificate client generates unique EIC equipment identification code comprises:
Obtain the identification information of at least one computer equipment, the line character conversion of going forward side by side;
Character string after the conversion is shifted and xor operation;
Adopt md5-challenge calculating character string, generate EIC equipment identification code.
5, method according to claim 1 is characterized in that, the step that described digital certificate client generates unique EIC equipment identification code comprises:
Obtain the identification information of at least one computer equipment, the line character conversion of going forward side by side;
Adopt Secure Hash Algorithm calculating character string, generate eap-message digest;
Described eap-message digest is shifted and xor operation;
Carry out character transformation once more, generate EIC equipment identification code.
6, according to claim 4 or 5 described methods, it is characterized in that: the identification information of described computer equipment comprises CPU sequence number, hard disk sequence number and MAC Address of Network Card.
7, method according to claim 1 is characterized in that: described identity verification comprises name, identification card number and the telephone number of examining the digital certificate user.
8, the digital certificate of file safety control system is characterized in that, comprising:
Computer equipment is used to preserve digital certificate of file;
Custom plug-in is installed on described computer equipment, is used to generate unique EIC equipment identification code, and sends to authentication server by computer equipment;
Authentication server is used to verify whether the EIC equipment identification code that described computer equipment sends is identical with the EIC equipment identification code of registration, if identical, then checking is passed through; If different, then digital certificate user's identity is examined, if examine by, then rebulid the new EIC equipment identification code and the corresponding relation of digital certificate; If examine and do not pass through, then proof procedure failure.
9, system according to claim 8 is characterized in that, described custom plug-in comprises the process that EIC equipment identification code sends to authentication server:
Custom plug-in sends the Authentication devices identity request by computer equipment to authentication server;
Authentication server generates random key, sends to custom plug-in by computer equipment;
Custom plug-in utilizes described key that EIC equipment identification code is encrypted, and sends to authentication server;
After the authentication server deciphering obtains EIC equipment identification code, verify again.
10, system according to claim 8 is characterized in that: described authentication server when for the first time receiving the EIC equipment identification code that computer equipment is sent, with this EIC equipment identification code with to digital certificate of file binding that should computer equipment.
11, system according to claim 8 is characterized in that: described custom plug-in utilizes CPU sequence number, hard disk sequence number and the MAC Address of Network Card of computer equipment to calculate and generates unique EIC equipment identification code.
12, a kind of client terminal device that is used for the digital certificate of file security control is characterized in that, comprising:
Collecting unit is used to collect the identification information of subscriber computer;
Computing unit is used for described identification information is calculated the unique EIC equipment identification code of generation;
Ciphering unit is used for described EIC equipment identification code is carried out encryption.
13, client terminal device according to claim 12 is characterized in that: the random key that described ciphering unit utilizes authentication server to send is encrypted EIC equipment identification code.
14, client terminal device according to claim 12 is characterized in that: the computer identification that described collecting unit is collected comprises CPU sequence number, hard disk sequence number and MAC Address of Network Card.
15, client terminal device according to claim 12 is characterized in that: described computing unit is preserved the character transformation table, is used in the process that generates EIC equipment identification code computer identification being carried out character transformation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100468134A CN101399666A (en) | 2007-09-28 | 2007-09-28 | Safety control method and system for digital certificate of file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100468134A CN101399666A (en) | 2007-09-28 | 2007-09-28 | Safety control method and system for digital certificate of file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101399666A true CN101399666A (en) | 2009-04-01 |
Family
ID=40517948
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100468134A Pending CN101399666A (en) | 2007-09-28 | 2007-09-28 | Safety control method and system for digital certificate of file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101399666A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101980233A (en) * | 2010-10-15 | 2011-02-23 | 上海聚力传媒技术有限公司 | Method and equipment for authenticating service based on equipment identifier |
| CN102314566A (en) * | 2010-07-07 | 2012-01-11 | 上鋐科技股份有限公司 | Machine-machine authentication method and human-machine authentication method applied to cloud computing |
| CN102402857A (en) * | 2011-11-30 | 2012-04-04 | 江苏奇异点网络有限公司 | Network-oriented traffic platform interaction control method |
| CN102663309A (en) * | 2012-05-11 | 2012-09-12 | 辽宁省电力有限公司盘锦供电公司 | Method for authenticating universal serial bus (USB) key utilized by computer equipment |
| CN102681844A (en) * | 2012-03-12 | 2012-09-19 | 成都金亚科技股份有限公司 | Method for identifying legality of terminal software of set-top box |
| CN102710740A (en) * | 2011-03-17 | 2012-10-03 | 微软公司 | Device identification using device functions |
| CN102843358A (en) * | 2012-07-31 | 2012-12-26 | 北京世纪联成科技有限公司 | Vehicle-mounted terminal identity recognition method |
| CN103714470A (en) * | 2014-01-14 | 2014-04-09 | 陈树鑫 | Method and device for preventing commodities from being stolen and lost |
| CN103914520A (en) * | 2014-03-18 | 2014-07-09 | 小米科技有限责任公司 | Data query method, terminal equipment and server |
| CN104751042A (en) * | 2015-01-16 | 2015-07-01 | 西安电子科技大学 | Credibility detection method based on password hash and biometric feature recognition |
| CN105281908A (en) * | 2014-07-23 | 2016-01-27 | 阿里巴巴集团控股有限公司 | USB Key and USB Key digital certificate write-in method and device |
| CN105653951A (en) * | 2014-12-02 | 2016-06-08 | 卡巴斯基实验室股份制公司 | System and method of anti-virus inspection files on the basis of trust level of digital centrificate |
| CN105912947A (en) * | 2016-03-31 | 2016-08-31 | 宇龙计算机通信科技(深圳)有限公司 | File processing method and device based on external equipment |
| CN105933467A (en) * | 2016-04-27 | 2016-09-07 | 浪潮电子信息产业股份有限公司 | Client host information change periodic detection method |
| CN106155663A (en) * | 2015-04-15 | 2016-11-23 | 中兴通讯股份有限公司 | The method and apparatus of application program loading code signature |
| CN106657429A (en) * | 2016-10-24 | 2017-05-10 | 珠海市魅族科技有限公司 | Equipment identifier generating method and device |
| CN107635221A (en) * | 2017-08-23 | 2018-01-26 | 上海车音智能科技有限公司 | A kind of car-mounted terminal identifying processing method and device |
| CN109981259A (en) * | 2017-12-27 | 2019-07-05 | 航天信息股份有限公司 | A kind of method, apparatus and system of digital certificate key |
| CN110971609A (en) * | 2019-12-10 | 2020-04-07 | 北京数码视讯软件技术发展有限公司 | Anti-cloning method of DRM client certificate, storage medium and electronic equipment |
| CN114697117A (en) * | 2022-04-07 | 2022-07-01 | 中国工商银行股份有限公司 | Verification method, device, scrambler and system based on positioning information |
-
2007
- 2007-09-28 CN CNA2007100468134A patent/CN101399666A/en active Pending
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102314566A (en) * | 2010-07-07 | 2012-01-11 | 上鋐科技股份有限公司 | Machine-machine authentication method and human-machine authentication method applied to cloud computing |
| CN101980233A (en) * | 2010-10-15 | 2011-02-23 | 上海聚力传媒技术有限公司 | Method and equipment for authenticating service based on equipment identifier |
| CN101980233B (en) * | 2010-10-15 | 2013-11-06 | 上海聚力传媒技术有限公司 | Method and equipment for authenticating service based on equipment identifier |
| CN102710740A (en) * | 2011-03-17 | 2012-10-03 | 微软公司 | Device identification using device functions |
| CN102402857A (en) * | 2011-11-30 | 2012-04-04 | 江苏奇异点网络有限公司 | Network-oriented traffic platform interaction control method |
| CN102681844B (en) * | 2012-03-12 | 2015-04-22 | 成都金亚科技股份有限公司 | Method for identifying legality of terminal software of set-top box |
| CN102681844A (en) * | 2012-03-12 | 2012-09-19 | 成都金亚科技股份有限公司 | Method for identifying legality of terminal software of set-top box |
| CN102663309A (en) * | 2012-05-11 | 2012-09-12 | 辽宁省电力有限公司盘锦供电公司 | Method for authenticating universal serial bus (USB) key utilized by computer equipment |
| CN102843358A (en) * | 2012-07-31 | 2012-12-26 | 北京世纪联成科技有限公司 | Vehicle-mounted terminal identity recognition method |
| CN103714470A (en) * | 2014-01-14 | 2014-04-09 | 陈树鑫 | Method and device for preventing commodities from being stolen and lost |
| CN103914520A (en) * | 2014-03-18 | 2014-07-09 | 小米科技有限责任公司 | Data query method, terminal equipment and server |
| CN105281908B (en) * | 2014-07-23 | 2019-08-06 | 阿里巴巴集团控股有限公司 | USB Key, USB Key digital certificate wiring method and device |
| CN105281908A (en) * | 2014-07-23 | 2016-01-27 | 阿里巴巴集团控股有限公司 | USB Key and USB Key digital certificate write-in method and device |
| US10313324B2 (en) | 2014-12-02 | 2019-06-04 | AO Kaspersky Lab | System and method for antivirus checking of files based on level of trust of their digital certificates |
| CN105653951B (en) * | 2014-12-02 | 2019-07-16 | 卡巴斯基实验室股份制公司 | The system and method for checking file based on the reliability rating of digital certificate come anti-virus |
| CN105653951A (en) * | 2014-12-02 | 2016-06-08 | 卡巴斯基实验室股份制公司 | System and method of anti-virus inspection files on the basis of trust level of digital centrificate |
| CN104751042A (en) * | 2015-01-16 | 2015-07-01 | 西安电子科技大学 | Credibility detection method based on password hash and biometric feature recognition |
| CN104751042B (en) * | 2015-01-16 | 2018-03-06 | 西安电子科技大学 | Creditability detection method based on cryptographic hash and living things feature recognition |
| CN106155663A (en) * | 2015-04-15 | 2016-11-23 | 中兴通讯股份有限公司 | The method and apparatus of application program loading code signature |
| CN105912947A (en) * | 2016-03-31 | 2016-08-31 | 宇龙计算机通信科技(深圳)有限公司 | File processing method and device based on external equipment |
| CN105933467B (en) * | 2016-04-27 | 2018-11-20 | 浪潮电子信息产业股份有限公司 | A kind of periodicity detection method of client host information change |
| CN105933467A (en) * | 2016-04-27 | 2016-09-07 | 浪潮电子信息产业股份有限公司 | Client host information change periodic detection method |
| CN106657429A (en) * | 2016-10-24 | 2017-05-10 | 珠海市魅族科技有限公司 | Equipment identifier generating method and device |
| CN107635221A (en) * | 2017-08-23 | 2018-01-26 | 上海车音智能科技有限公司 | A kind of car-mounted terminal identifying processing method and device |
| CN109981259A (en) * | 2017-12-27 | 2019-07-05 | 航天信息股份有限公司 | A kind of method, apparatus and system of digital certificate key |
| CN110971609A (en) * | 2019-12-10 | 2020-04-07 | 北京数码视讯软件技术发展有限公司 | Anti-cloning method of DRM client certificate, storage medium and electronic equipment |
| CN114697117A (en) * | 2022-04-07 | 2022-07-01 | 中国工商银行股份有限公司 | Verification method, device, scrambler and system based on positioning information |
| CN114697117B (en) * | 2022-04-07 | 2023-11-24 | 中国工商银行股份有限公司 | Verification method, device, cipher device and system based on positioning information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101399666A (en) | Safety control method and system for digital certificate of file | |
| KR101093359B1 (en) | Combinational combiner cryptographic method | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
| CA2730588C (en) | Multipad encryption | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN114900304B (en) | Digital signature method and apparatus, electronic device, and computer-readable storage medium | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| WO2022078367A1 (en) | Payment secret key encryption and decryption method, payment authentication method, and terminal device | |
| CN109347923B (en) | Anti-quantum computing cloud storage method and system based on asymmetric key pool | |
| CN100583174C (en) | Data safety processing method using online banking system safety terminal | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| CN200993803Y (en) | Internet banking system safety terminal | |
| JP6533542B2 (en) | Secret key replication system, terminal and secret key replication method | |
| CN107666420B (en) | Method for production control and identity authentication of intelligent home gateway | |
| CN103916237B (en) | Method and system for managing user encrypted-key retrieval | |
| JP4840575B2 (en) | Terminal device, certificate issuing device, certificate issuing system, certificate acquisition method and certificate issuing method | |
| CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
| CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
| CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN115150193A (en) | Method and system for encrypting sensitive information in data transmission and readable storage medium | |
| CN114244509A (en) | Method for carrying out SM2 one-time pad bidirectional authentication unlocking by using mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20090401 |