CN102083065B - Method and device for managing certificates - Google Patents

Method and device for managing certificates Download PDF

Info

Publication number
CN102083065B
CN102083065B CN2011100379847A CN201110037984A CN102083065B CN 102083065 B CN102083065 B CN 102083065B CN 2011100379847 A CN2011100379847 A CN 2011100379847A CN 201110037984 A CN201110037984 A CN 201110037984A CN 102083065 B CN102083065 B CN 102083065B
Authority
CN
China
Prior art keywords
network
certificate
safekeeping
wapi
wapi certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2011100379847A
Other languages
Chinese (zh)
Other versions
CN102083065A (en
Inventor
周志刚
方春冬
张伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN2011100379847A priority Critical patent/CN102083065B/en
Publication of CN102083065A publication Critical patent/CN102083065A/en
Application granted granted Critical
Publication of CN102083065B publication Critical patent/CN102083065B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention discloses a method and device for managing certificates, relating to the technical field of communications, and being designed to save the resource of a WAPI (WLAN Authentication Privacy Infrastructure) certificate. The method comprises the following steps of obtaining a first WAPI certificate of a first network, and saving the first WAPI certificate in a first storage area of a smart card; storing the first WAPI certificate when the conversion from the first network to a second network is required; obtaining a second WAPI certificate of the second network when converting to the second network, and saving the second WAPI certificate in a second storage area of the smart card; and storing the second WAPI certificate so as to activate the first WAPI certificate when the conversion from the second network to the first network is required. The embodiment of the invention is mainly used to various mobile terminals.

Description

A kind of method of certificate management and device
Technical field
The present invention relates to communication technical field, relate in particular to a kind of certificate management method and device.
Background technology
At present, most mobile phone users select WAPI (WLAN Authentication and PrivacyInfrastructure, WAPI) certificate mechanism to guarantee the fail safe of data communication.Usually, mobile phone users is after obtaining the WAPI certificate of first network, if wanting to go to second network and continue from first network uses the WAPI function, at first described user will delete the WAPI certificate of described first network, then again downloads the WAPI certificate of second network.
But, utilize existing technical scheme, along with mobile phone users turn each time net, described user will delete the WAPI certificate of legacy network, the WAPI certificate of the newly downloaded current place network of laying equal stress on, this has just caused the serious waste of WAPI certificate resource.
Summary of the invention
The embodiment of the present invention provides a kind of certificate management method and device, to save the resource of WAPI certificate.
The embodiment of the present invention adopts following technical scheme:
A kind of certificate management method comprises:
Obtain a WAPI certificate of first network, and a described WAPI certificate is kept in the first memory block of smart card;
When needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping;
When being transformed into described second network, obtaining the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate is kept in the second memory block of described smart card;
When needs are transformed into described first network from described second network, seal described the 2nd WAPI certificate up for safekeeping, activate a described WAPI certificate.
A kind of certificate management device comprises:
The First Certificate processing unit, be used for obtaining a WAPI certificate of first network, and a described WAPI certificate be kept in the first memory block of smart card;
Seal unit up for safekeeping, be used for when needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping maybe when needs are transformed into described first network from described second network, seal the 2nd WAPI certificate that is obtained by described second network up for safekeeping;
The second certificate processing unit, be used for obtaining the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate being kept in the second memory block of described smart card when being transformed into described second network;
Activate unit, be used for sealing described the 2nd WAPI certificate up for safekeeping when needs are transformed into described first network from described second network, activate a described WAPI certificate.
The certificate management method that the embodiment of the present invention provides and device, obtain a WAPI certificate of first network, and a described WAPI certificate is kept in the first memory block of smart card, when needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping; When being transformed into described second network, obtain the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate is kept in the second memory block of described smart card, when needs are transformed into described first network from described second network, seal described the 2nd WAPI certificate up for safekeeping, activate a described WAPI certificate.Due to mobile phone users at every turn the number of taking turn when net, the WAPI certificate of legacy network is sealed up for safekeeping, so when described user gets back to this legacy network again, do not need again to obtain the WAPI certificate of this legacy network, only need the WAPI certificate of the described legacy network that will seal up for safekeeping to activate, just can continue to use the WAPI function, thereby, utilize the technical scheme of the embodiment of the present invention, effectively saved the resource of WAPI certificate.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, in below describing embodiment, the accompanying drawing of required use is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of the embodiment of the present invention one certificate management method;
Fig. 2 is the another flow chart of the embodiment of the present invention two certificate management methods;
Fig. 3 is the schematic diagram of the embodiment of the present invention three certificate management devices;
Fig. 4 is the schematic diagram that the embodiment of the present invention three is sealed unit up for safekeeping;
Fig. 5 is the schematic diagram that the embodiment of the present invention three activates unit.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment that obtains, belong to the scope of protection of the invention.
As shown in Figure 1, the embodiment of the present invention one provides a kind of method of certificate management, comprises the steps:
The one WAPI certificate of step 11, acquisition for mobile terminal first network, and a described WAPI certificate is kept in the first memory block of smart card.
In the present embodiment, when mobile phone users uses first network, from the server of described first network, download a WAPI certificate, and a described WAPI certificate is kept in first memory block of smart card of this mobile terminal.Wherein, described first network and the second network that hereinafter will mention can be CDMA (Code Division Multiple Access, code division multiple access) or the network such as GSM (Global System For MobileCommunication, global system for mobile communications).Described the first memory block and the second memory block that hereinafter will mention are predefined in intelligent card chip by operator, as to be used for depositing specially WAPI certificate memory blocks.Propose in this embodiment the concept of first network and second network, just two networks will be distinguished, the first memory block and the second memory block are also like this.
In addition, described smart card can comprise SIM (Subscriber Identity Module, user identification module) card and USIM (Universal Subscriber Identity Module, global Subscriber Identity Module) card etc.
Step 12, need to when described first network is transformed into second network, seal a described WAPI certificate up for safekeeping when mobile terminal.
In the present embodiment, when described user handled the number of taking and turns network service, at first mobile terminal will be sealed a described WAPI certificate up for safekeeping, then could be transformed into second network from described first network.The described number of taking turns network service and refers to that described user when described first network is transformed into second network, does not need to change smart card.In the process of sealing up for safekeeping, at first described mobile terminal seals instruction up for safekeeping to the server transmission certificate of described first network, described certificate is sealed the sequence number that instruction comprises a described WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and describedly seal the date up for safekeeping and generate encryption key.Then mobile terminal receives the encryption key of the server transmission of described first network, and described encryption key is sent to described smart card, utilize the described WAPI certificate of described encryption keys by described smart card, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date, seal a described WAPI certificate up for safekeeping thereby complete.
Step 13, when mobile terminal is transformed into described second network, obtain the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate be kept in the second memory block of described smart card.
When described mobile terminal is transformed into described second network, downloads the 2nd WAPI certificate from described second network, and described the 2nd WAPI certificate is kept in second memory block of smart card of described mobile terminal.Wherein, for the ease of the management of mobile terminal to the WAPI certificate, described mobile terminal need to make a distinction described the second memory block and described the first memory block, and namely described the second memory block is different with depositing described WAPI certificate first memory block.
Step 14, when mobile terminal, need to seal described the 2nd WAPI certificate up for safekeeping when described second network is transformed into described first network, activate a described WAPI certificate.
In the present embodiment, described mobile phone users may be dissatisfied to the service of described second network, want that the number of taking goes back to described first network and continues to use the WAPI function, at this moment, described mobile terminal only need to be sealed described the 2nd WAPI certificate up for safekeeping, and a described WAPI certificate is activated, just can continue to enjoy the WAPI function that first network provides.
Wherein, seal the process and the similar process of sealing a described WAPI certificate up for safekeeping of described the 2nd WAPI certificate up for safekeeping, at first, described mobile terminal is sealed instruction up for safekeeping to the server transmission certificate of described second network, described certificate is sealed the sequence number that instruction comprises described the 2nd WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of described the 2nd WAPI certificate of the server by utilizing of described second network and describedly seal the date up for safekeeping and generate encryption key.Then described mobile terminal receives the encryption key of the server transmission of described second network, and described encryption key is sent to described smart card, utilize described the 2nd WAPI certificate of described encryption keys by described smart card, and the use date of described the 2nd WAPI certificate is updated to and seals up for safekeeping the date, thereby complete sealing up for safekeeping described the 2nd WAPI certificate.
Wherein, in the process that activates a described WAPI certificate, at first described mobile terminal sends the certificate activation instruction to the server of described first network, described certificate activation instruction comprises the sequence number of a described WAPI certificate, described sealing up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and the described date generating solution decryption key of sealing up for safekeeping.Then described mobile terminal receives the decruption key of the server transmission of described first network, and described decruption key is sent to described smart card, utilize described decruption key with a described WAPI certificate deciphering by described smart card, and the use date of a described WAPI certificate is updated to and activates the date, thereby complete the activation to a described WAPI certificate.
By above description as can be known, due to mobile phone users at every turn the number of taking turn when net, the WAPI certificate of legacy network is sealed up for safekeeping, so when described user gets back to legacy network again, do not need again to obtain the WAPI certificate of this legacy network, only need the WAPI certificate of the described legacy network that will seal up for safekeeping to activate, just can continue to use the WAPI function, thereby, utilize the technical scheme of the embodiment of the present invention, the resource of effectively having saved the WAPI certificate.
, below in conjunction with specific embodiment, describe in detail certificate management method.
As shown in Figure 2, the embodiment of the present invention two provides a kind of certificate management method, comprises the steps:
In the present embodiment,, for the ease of illustrating the certificate management method of the embodiment of the present invention, suppose that described first network is cdma network, described second network is the GSM network.
The one WAPI certificate of step 21, acquisition for mobile terminal cdma network.
Step 22, mobile terminal are saved to a described WAPI certificate the first memory block of smart card.
The process of obtaining and preserving a described WAPI certificate can be with reference to the step 11 of embodiment one.
Step 23, when mobile phone users need to be handled the number of taking and turns network service, described mobile terminal sends certificate to the server of described cdma network and seals instruction up for safekeeping.
In the present embodiment, when mobile phone users, do not handle and turn network service, while namely using described cdma network all the time, can continue to enjoy the WAPI service.When described mobile phone users need to be handled the number of taking and turns network service, at first described mobile terminal will be sealed a described WAPI certificate up for safekeeping, then could be transformed into the GSM network from described cdma network.
Seal up for safekeeping in process at certificate, at first described mobile terminal will send certificate to the server of described cdma network seal instruction up for safekeeping, and described certificate is sealed the sequence number that instruction comprises a described WAPI certificate up for safekeeping and sealed up for safekeeping the date.Wherein, the sequence number of a described WAPI certificate is to determine the WAPI certificate of stopping using for the ease of the server of described cdma network, and described to seal the date up for safekeeping be the described frozen concrete time of WAPI certificate of for the ease of the server record of described cdma network, stopping using.For example, the service time of a described WAPI certificate be January 1 to January 10, namely January 10 a described WAPI certificate sealed up for safekeeping, the date of sealing up for safekeeping of a described WAPI certificate of the server record of so described cdma network is January 10.
The sequence number of the described WAPI certificate of the server by utilizing of step 24, described cdma network and describedly seal the date up for safekeeping and generate encryption key, and described encryption key is sent to described mobile terminal.
Wherein, described cdma network utilize a described WAPI certificate sequence number, describedly seal date and other chance events up for safekeeping and generate encryption key, and this encryption key is sent to described mobile terminal.
For the ease of the server charging of described cdma network or carry out other management, the sequence number of the described WAPI certificate of the server by utilizing of described cdma network and described sealing up for safekeeping after the date generates encryption key, the server of described cdma network uses date to be updated to it according to the sequence number of a described WAPI certificate and seals up for safekeeping the date.
Step 25, mobile terminal receive the encryption key of the server transmission of described cdma network, and described encryption key is sent to described smart card.
Step 26, described smart card utilize the described WAPI certificate of described encryption keys, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date.
In the present embodiment, the encryption key that described smart card utilization receives is encrypted a described WAPI certificate, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date, thereby completes sealing up for safekeeping a described WAPI certificate.
Step 27, when mobile terminal is transformed into described GSM network, obtain the 2nd WAPI certificate of described GSM network.
Step 28, mobile terminal are kept at described the 2nd WAPI certificate in the second memory block of described smart card.
The process of obtaining and preserving described the 2nd WAPI certificate can be with reference to the step 13 of embodiment one.
It should be noted that for the ease of the management of mobile terminal to the WAPI certificate, described mobile terminal need to make a distinction described the second memory block and described the first memory block, and namely described the second memory block and described the first memory block are different.
Step 29, when the described mobile terminal judgement user number of taking goes back in described cdma network, described the 2nd WAPI certificate is sealed up for safekeeping, and the certificate activation instruction is sent to the server of described cdma network.
Mobile phone users may be dissatisfied to signal, charge or other services of described GSM network, want that the number of taking goes back to described cdma network and continues to use the WAPI function, at this moment, described mobile terminal only need to be sealed described the 2nd WAPI certificate up for safekeeping, and activate a described WAPI certificate, just can continue to enjoy the WAPI service.Wherein, sealing the process of described the 2nd WAPI certificate up for safekeeping can be with reference to embodiment one step 14.
During the described WAPI certificate of described mobile terminal activating, at first the server to described cdma network sends the certificate activation instruction.Described certificate activation instruction comprises the sequence number of a described WAPI certificate, described sealing up for safekeeping the date.Wherein, the sequence number of a described WAPI certificate is to determine the WAPI that restarts certificate for the ease of the server of described cdma network.
The sequence number of the described WAPI certificate of the server by utilizing of step 210, described cdma network and describedly seal date generating solution decryption key up for safekeeping, and described decruption key is sent to described mobile terminal.
In the present embodiment, the sequence number of the described WAPI certificate of the server by utilizing of described cdma network, describedly seal date and other chance event generating solution decryption key up for safekeeping, and this decruption key is sent to described mobile terminal.
Wherein, also comprise in described certificate activation instruction and activate the date, the described activation date is the concrete time that is activated for the ease of the described WAPI certificate that the server record of described cdma network is stopped using.A described WAPI certificate of also mentioning with preamble use the date as January 1 to January 10 as example, suppose that a described WAPI certificate is after being sealed up for safekeeping January 10, be activated January 20, the activation date of a described WAPI certificate of the server record of so described cdma network is January 20, namely January 10 to January 19, described mobile terminal does not use the WAPI function, and corresponding, the server of its place network is not also to described mobile terminal charging.
In the present embodiment, for the ease of the server charging of described cdma network or carry out other management, after the server generating solution decryption key of described cdma network, the server of described cdma network can use the date to be updated to the described activation date it according to the sequence number of a described WAPI certificate.
Step 211, mobile terminal receive the decruption key of the server transmission of described cdma network, and described decruption key is sent to described smart card.
Step 212, described smart card utilize described decruption key with a described WAPI certificate deciphering, and the use date of a described WAPI certificate is updated to and activates the date.
In the present embodiment, the decruption key that described smart card utilization receives is deciphered a described WAP I certificate, and the use date of a described WAPI certificate is updated to and activates the date, thereby completes the activation to a described WAPI certificate.
In the present embodiment, instruction sealed up for safekeeping by described certificate and described certificate activation instruction can utilize the same instruction to realize, be just that certificate is sealed instruction or described certificate activation instruction up for safekeeping with this instruction of different character marks in this same instruction, also can utilize two different instructions to realize.
By above description as can be known, due to mobile phone users at every turn the number of taking turn when net, the WAPI certificate of original cdma network is sealed up for safekeeping, so when described user gets back to original cdma network again, do not need again to obtain the WAPI certificate of this cdma network, only need the WAPI certificate of the described cdma network that will seal up for safekeeping to activate, just can continue to use the WAPI function, thereby, utilize the technical scheme of the embodiment of the present invention, not only effectively save the resource of WAPI certificate, also made the management of network end server more convenient.
As shown in Figure 3, the embodiment of the present invention three provides a kind of device of certificate management, comprising: First Certificate processing unit 31 is used for the First Certificate processing unit, be used for obtaining a WAPI certificate of first network, and a described WAPI certificate is kept in the first memory block of smart card; Seal unit 32 up for safekeeping, be used for when needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping maybe when needs are transformed into described first network from described second network, seal the 2nd WAPI certificate that is obtained by described second network up for safekeeping; The second certificate processing unit 33, be used for obtaining the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate being kept in the second memory block of described smart card when being transformed into described second network; Activate unit 34, be used for activating a described WAPI certificate when needs are transformed into described first network from described second network.
Wherein, when mobile phone users used first network, described First Certificate processing unit 31 was downloaded a WAPI certificate from the server of described first network, and a described WAPI certificate was kept in first memory block of smart card of this mobile terminal.Described the first memory block and the second memory block that hereinafter will mention are predefined in intelligent card chip by operator, as to be used for depositing specially WAPI certificate memory blocks.
accordingly, as shown in Figure 4, the described unit 32 of sealing up for safekeeping can comprise instruction sending module 321 and seal module 322 up for safekeeping, wherein, when described mobile phone users is handled the number of taking and is turned network service, while namely needing to be transformed into second network from described first network, described instruction sending module 321 is concrete seals instruction up for safekeeping for the transmission of the server to described first network certificate, described certificate is sealed the sequence number that instruction comprises a described WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and the described date generation encryption key of sealing up for safekeeping, the described encryption key of sealing the concrete server transmission for receiving described first network of module 322 up for safekeeping, and described encryption key is sent to described smart card, utilize the described WAPI certificate of described encryption keys by described smart card, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date, perhaps, when described mobile phone users wants that the number of taking goes back to described first network and continues use WAPI function, described instruction sending module 321 is concrete seals instruction up for safekeeping for the transmission of the server to described second network certificate, described certificate is sealed the sequence number that instruction comprises described the 2nd WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of described the 2nd WAPI certificate of the server by utilizing of described second network and the described date generation encryption key of sealing up for safekeeping, the described encryption key of sealing the concrete server transmission for receiving described second network of module 322 up for safekeeping, and described encryption key is sent to described smart card, utilize described the 2nd WAPI certificate of described encryption keys by described smart card, and the use date of described the 2nd WAPI certificate is updated to and seals up for safekeeping the date.
When described mobile phone users was transformed into described second network, described the second certificate processing unit 33 was used for downloading the 2nd WAPI certificate from described second network, and described the 2nd WAPI certificate was kept in second memory block of smart card of described mobile terminal.Wherein, for the ease of the management of mobile terminal to the WAPI certificate, described mobile terminal need to make a distinction described the second memory block and described the first memory block, and namely described the second memory block and described the first memory block are different.
Wherein, as shown in Figure 5, described activation unit 34 can comprise instruction sending module 341 and active module 342, when described mobile phone users wants that the number of taking goes back to described first network and continues use WAPI function, the concrete server transmission certificate activation instruction that is used for to described first network of described instruction sending module 341, described certificate activation instruction comprises the sequence number of a described WAPI certificate, described sealing up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and the described date generating solution decryption key of sealing up for safekeeping; The decruption key that the concrete server for receiving described first network of described active module 342 sends, and described decruption key is sent to described smart card, utilize described decruption key with a described WAPI certificate deciphering by described smart card, and the use date of a described WAPI certificate is updated to and activates the date.
In the present embodiment, the operation principle of described certificate management device can be with reference to the description in preceding method embodiment.
By above description as can be known, due to mobile phone users at every turn the number of taking turn when net, the WAPI certificate of legacy network is sealed up for safekeeping, so when described user gets back to legacy network again, do not need again to obtain the WAPI certificate of this legacy network, only need the WAPI certificate of the described legacy network that will seal up for safekeeping to activate, just can continue use WAPI function, thereby, the device of the embodiment of the present invention utilized, effectively save the resource of WAPI certificate, also made the management of network end server more convenient.
in sum, the method of the certificate management that the embodiment of the present invention provides and device, obtain a WAPI certificate of first network, and a described WAPI certificate is kept in the first memory block of smart card, when needs when described first network is transformed into second network, seal a described WAPI certificate up for safekeeping, when being transformed into described second network, obtain the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate is kept in the second memory block of described smart card, when needs when described second network is transformed into described first network, seal described the 2nd WAPI certificate up for safekeeping, activate a described WAPI certificate.Therefore, utilize the device of the embodiment of the present invention, effectively saved the resource of WAPI certificate.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.

Claims (7)

1. a certificate management method, is characterized in that, comprising:
Obtain the first WAPI WAPI certificate of first network, and a described WAPI certificate is kept in the first memory block of smart card;
When needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping;
When being transformed into described second network, obtaining the 2nd WAPI certificate of described second network, and described the 2nd WAPI certificate is kept in the second memory block of described smart card;
When needs are transformed into described first network from described second network, seal described the 2nd WAPI certificate up for safekeeping, activate a described WAPI certificate;
Wherein, describedly seal a described WAPI certificate up for safekeeping and comprise:
Server transmission certificate to described first network is sealed instruction up for safekeeping, described certificate is sealed the sequence number that instruction comprises a described WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and describedly seal the date up for safekeeping and generate encryption key; Receive the encryption key of the server transmission of described first network, and described encryption key is sent to described smart card, utilize the described WAPI certificate of described encryption keys by described smart card, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date;
The described WAPI certificate of described activation comprises:
Server to described first network sends the certificate activation instruction, described certificate activation instruction comprise a described WAPI certificate sequence number, seal up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and the described date generating solution decryption key of sealing up for safekeeping; Receive the decruption key of the server transmission of described first network, and described decruption key is sent to described smart card, utilize described decruption key with a described WAPI certificate deciphering by described smart card, and the use date of a described WAPI certificate is updated to and activates the date.
2. method according to claim 1, is characterized in that, described method also comprises:
The server of described first network is updated to the use date of a described WAPI certificate to seal up for safekeeping the date.
3. method according to claim 1, is characterized in that, describedly seals described the 2nd WAPI certificate up for safekeeping and comprise:
Server transmission certificate to described second network is sealed instruction up for safekeeping, described certificate is sealed the sequence number that instruction comprises described the 2nd WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of described the 2nd WAPI certificate of the server by utilizing of described second network and describedly seal the date up for safekeeping and generate encryption key;
Receive the encryption key of the server transmission of described second network, and described encryption key is sent to described smart card, utilize described the 2nd WAPI certificate of described encryption keys by described smart card, and the use date of described the 2nd WAPI certificate is updated to and seals up for safekeeping the date.
4. method according to claim 3, is characterized in that, described method also comprises:
The server of described second network is updated to the use date of described the 2nd WAPI certificate to seal up for safekeeping the date.
5. method according to claim 1, is characterized in that, also comprises in described certificate activation instruction and activate the date; Described method also comprises:
The server of described first network is updated to the use date of a described WAPI certificate to activate the date.
6. a certificate management device, is characterized in that, comprising:
The First Certificate processing unit, be used for obtaining the first WAPI WAPI certificate of first network, and a described WAPI certificate be kept in the first memory block of smart card;
Seal unit up for safekeeping, be used for when needs are transformed into second network from described first network, seal a described WAPI certificate up for safekeeping maybe when needs are transformed into described first network from described second network, seal the 2nd WAPI certificate that is obtained by described second network up for safekeeping;
The second certificate processing unit, be used for obtaining described the 2nd WAPI certificate, and described the 2nd WAPI certificate being kept in the second memory block of described smart card when being transformed into described second network;
Activate unit, be used for activating a described WAPI certificate when needs are transformed into described first network from described second network;
Wherein, the described unit of sealing up for safekeeping comprises:
Instruction sending module 321, be used for when needs are transformed into second network from described first network, server transmission certificate to described first network is sealed instruction up for safekeeping, described certificate is sealed the sequence number that instruction comprises a described WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and describedly seal the date up for safekeeping and generate encryption key; Seal module up for safekeeping, encryption key for the server transmission that receives described first network, and described encryption key is sent to described smart card, utilize the described WAPI certificate of described encryption keys by described smart card, and the use date of a described WAPI certificate is updated to and seals up for safekeeping the date;
Described activation unit comprises:
Instruction sending module 341, be used for sending the certificate activation instruction to the server of described first network, described certificate activation instruction comprises the sequence number of a described WAPI certificate, described sealing up for safekeeping the date, so that the sequence number of the described WAPI certificate of the server by utilizing of described first network and the described date generating solution decryption key of sealing up for safekeeping;
Active module, decruption key for the server transmission that receives described first network, and described decruption key is sent to described smart card, utilize described decruption key with a described WAPI certificate deciphering by described smart card, and the use date of a described WAPI certificate is updated to and activates the date.
7. device according to claim 6, it is characterized in that, described instruction sending module 321, be used for when needs are transformed into described first network from described second network, server transmission certificate to described second network is sealed instruction up for safekeeping, described certificate is sealed the sequence number that instruction comprises described the 2nd WAPI certificate up for safekeeping and is sealed up for safekeeping the date, so that the sequence number of described the 2nd WAPI certificate of the server by utilizing of described second network and describedly seal the date up for safekeeping and generate encryption key; The described module of sealing up for safekeeping, encryption key for the server transmission that receives described second network, and described encryption key is sent to described smart card, utilize described the 2nd WAPI certificate of described encryption keys by described smart card, and the use date of described the 2nd WAPI certificate is updated to and seals up for safekeeping the date.
CN2011100379847A 2011-02-14 2011-02-14 Method and device for managing certificates Active CN102083065B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100379847A CN102083065B (en) 2011-02-14 2011-02-14 Method and device for managing certificates

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100379847A CN102083065B (en) 2011-02-14 2011-02-14 Method and device for managing certificates

Publications (2)

Publication Number Publication Date
CN102083065A CN102083065A (en) 2011-06-01
CN102083065B true CN102083065B (en) 2013-11-13

Family

ID=44088780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100379847A Active CN102083065B (en) 2011-02-14 2011-02-14 Method and device for managing certificates

Country Status (1)

Country Link
CN (1) CN102083065B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104105096B (en) * 2014-07-28 2018-01-16 浙江宇视科技有限公司 A kind of radio switch-in method of IPC equipment
CN110457967A (en) * 2019-07-30 2019-11-15 广州童联信息科技有限公司 A kind of read-write card system, method and medium for Chinese education card safety verification
CN113472541B (en) * 2020-03-12 2022-10-18 华为云计算技术有限公司 Certificate switching method and device
CN111526025B (en) * 2020-07-06 2020-10-13 飞天诚信科技股份有限公司 Method and system for realizing terminal unbinding and rebinding
CN115086947A (en) * 2021-03-12 2022-09-20 中国电信股份有限公司 User information retrieving method, device, medium and electronic equipment
CN113271565B (en) * 2021-05-14 2022-12-27 阿波罗智联(北京)科技有限公司 Vehicle communication method, device, storage medium and program product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1602109A (en) * 2004-11-04 2005-03-30 西安西电捷通无线网络通信有限公司 Method of improving mobile terminal handover switching performance in radio IP system
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101621803A (en) * 2009-08-11 2010-01-06 中兴通讯股份有限公司 Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090191857A1 (en) * 2008-01-30 2009-07-30 Nokia Siemens Networks Oy Universal subscriber identity module provisioning for machine-to-machine communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1602109A (en) * 2004-11-04 2005-03-30 西安西电捷通无线网络通信有限公司 Method of improving mobile terminal handover switching performance in radio IP system
CN101079891A (en) * 2007-06-15 2007-11-28 清华大学 Wireless switching network re-authentication method based on wireless LAN secure standard WAPI
CN101621803A (en) * 2009-08-11 2010-01-06 中兴通讯股份有限公司 Method and device for managing wireless LAN authentication and privacy infrastructure (WAPI) certificate

Also Published As

Publication number Publication date
CN102083065A (en) 2011-06-01

Similar Documents

Publication Publication Date Title
CN102083065B (en) Method and device for managing certificates
US11025611B2 (en) Method and apparatus of constructing secure infra-structure for using embedded universal integrated circuit card
CN109451487B (en) Virtual card downloading method, terminal and intermediate device
EP4099733A1 (en) Security authentication method and apparatus, and electronic device
CN102833712A (en) Method, device, server and system for preventing information leakage and equipment
CN103686669A (en) Data service transmitting method and terminal
CN102523578A (en) Over-the-air card writing method, apparatus and system
US9621716B2 (en) Method and system for secure provisioning of a wireless device
CN103108327A (en) Method, device and system of verification of safety association between terminal equipment and user card
CN102546172A (en) Access control method of intelligent card, intelligent card, terminal and system
CN101159907A (en) Method and system of encrypting multimode mobile communication terminal
CN101895888A (en) Sensor authentication method, device and sensor authentication system
CN103036853A (en) Business data transmission method and device and business processing method and device
CN108512860A (en) Intelligent charging spot management system based on Cloud Server and its working method
CN102387209A (en) System and method for obtaining call information, device and method for sending call information as well as mobile terminal
CN104660568A (en) Address list information protecting method and device
CN104184652A (en) Method and system for information interaction between terminals
CN105163305A (en) Communication method and electronic device
CN105530714A (en) MIFI communication service system and MIFI and communication method thereof
CN109474635B (en) Power utilization equipment network distribution method and system based on code scanning technology
CN109195139B (en) Data transmission method, device, platform and medium for M2M management platform and eSIM card
CN105978691B (en) The method and relevant apparatus that private key backup method, Softsim switch in terminal room
CN107277935B (en) Bluetooth communication method, device and application system and equipment thereof
CN112929877B (en) Method for acquiring subscription configuration information, communication device and chip
CN105323373A (en) Mobile terminal, and method and device for initializing subscriber identity module card of mobile terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant