CN102271042A - Certificate authorization method, system, universal serial bus (USB) Key equipment and server - Google Patents
Certificate authorization method, system, universal serial bus (USB) Key equipment and server Download PDFInfo
- Publication number
- CN102271042A CN102271042A CN2011102473129A CN201110247312A CN102271042A CN 102271042 A CN102271042 A CN 102271042A CN 2011102473129 A CN2011102473129 A CN 2011102473129A CN 201110247312 A CN201110247312 A CN 201110247312A CN 102271042 A CN102271042 A CN 102271042A
- Authority
- CN
- China
- Prior art keywords
- key equipment
- usb key
- digital certificate
- server
- operation result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a certificate authorization method, a certificate authorization system, universal serial bus (USB) Key equipment and a server. A secure storage area in the USB Key equipment additionally stores a security identifier with uniqueness, correspondence between a hardware identifier of the USB Key equipment and the security identifier is established in the server, an operational result of an encryption operation performed by utilizing the security identifier and a received digital certificate is transmitted to the server, and the server authenticates the received operational result by utilizing a locally stored security identifier and allows the USB Key equipment to use the received digital certificate only when the received operational result passes the authentication. A client cannot read information in the secure storage area in the USB Key equipment, so illegal USB Key equipment cannot pass the authentication of the server even after acquiring the digital certificate to avoid the illegal usage of the digital certificate and improve the service security of a legal user.
Description
Technical field
The present invention program relates to information security field, relates in particular to a kind of authentication method, system, USB Key equipment and server of digital certificate.
Background technology
Along with the Internet and Development of E-business, USB Key is as " electron key " of network user identity identification and data protection, is familiar with and uses by increasing user.
USB Key equipment is a kind of USB interface-based intelligence storage ID authentication device, is built-in with CPU, memory, chip operating system (COS) and secure file system, is used for carrying out mutually between server and user authentication.
All can preserve digital certificate in each USB Key equipment, described digital certificate is by a third-party authoritative institution---digital certificate authentication center (Certificate Authority, CA) issue, be a kind of authoritative electronic document, use the user of USB Key equipment to come indicate identification by digital certificate.This shows that digital certificate is vital for USB Key equipment.
As shown in Figure 1, in prior art, USB Key equipment may further comprise the steps from a kind of typical way of server downloading digital certificate:
Step 101:USB Key equipment inserts client by USB interface, and sends a request message that carries user login information by user end to server.
Described user profile can be to show the information of using this USB Key equipment user, as user name, login password etc.
Step 102: after server receives request message from client, at first according to the legitimacy of the user profile verified users of carrying in the request message, verification by after find the hardware identifier that is recorded in USB Key equipment corresponding in the local data base with this user.
In existing scheme, when user applies USB Key equipment, sales counter staff such as bank bind this user's user profile with corresponding USB Key equipment, corresponding relation between user and the hardware identifier stores in the server database, therefore, in this step 102, after receiving the request message that carries user profile when server, can from the corresponding relation of server database stored user information and USB Key equipment, find out the hardware identifier of the USB Key equipment of the user profile correspondence in the request message.
Step 103: server sends to client with the hardware identifier of the USB Key equipment searched.
Step 104: after client receives the hardware identifier of the USB Key equipment that server sends, the hardware identifier of the USB Key equipment that reads from the USB Key equipment of current access with client compares, if the hardware identifier unanimity of two USB Key equipment, the USB Key equipment of then determining current access is legitimate device, jumps to step 105; Otherwise, determining that USB Key equipment is illegal equipment, the prompting user uses correct hardware device, the downloading process of end number certificate.
Step 105:USB Key equipment generates one group of public and private key in this locality right, and utilize private key that the summary info (as the md5 cryptographic Hash) of client public key, user profile is signed, public key information, user profile and signing messages are generated a certificate request packet that is used for the pkcs#10 form of downloading digital certificate.
The certificate download request that step 106:USB Key equipment will carry described packet by client sends to server.
Step 107: after server receives described download request, at first utilize PKI decrypted signature information, if signature authentication passes through, then extract PKI in the certificate request bag and user profile and generate X.509 that digital certificate sends to client, and by client stores in USB Key equipment; Otherwise, return to the user error information.
In the scheme of downloading digital certificate shown in Figure 1, be the hardware identifier of the USB Key equipment of server transmission and the hardware identifier that obtains from USB Key equipment to be compared by client, if the attack that client is subjected to (for example, be subjected to the attack of trojan horse program), become illegitimate client, then client is easy to simulated to the process that the hardware identifier of USB Key equipment compares, and then walk around hardware identification, the disabled user can be connected with illegitimate client with the illegal USB Key equipment of legal USB Key equipment same model one, utilize that wooden horse steals user login information, the process of hardware identifier simulation above-mentioned steps 101~step 107, make illegal USB Key equipment get access to legal digital certificate, cause the illegal use of digital certificate, the service security of validated user is subjected to bigger threat.
In addition, the legal USB Key equipment that is connected with illegitimate client can also (refer to reference code and authorization code by two yards, effect is to set up related for USB Key equipment with server) mode, obtain digital certificate from server, illegitimate client is after stealing these two yards information, and the illegal USB Key equipment of utilization and legal USB Key equipment same model also can illegally obtain digital certificate from server, cause the illegal use of digital certificate, the service security of validated user is subjected to bigger threat.
Summary of the invention
The present invention program provides a kind of authentication method, system, USB Key equipment and server of digital certificate, is used to solve the illegal problem of using of digital certificate, improves the service security of validated user.
A kind of authentication method of digital certificate, this method comprises:
Server receives first operation result and the user profile that USB Key equipment sends, and described first operation result is that USB Key equipment carries out obtaining behind the cryptographic calculation according to digital certificate that receives and the secure identification that is stored in the secure storage areas;
Server is according to the user profile that receives, determines to send to the digital certificate of this USB Key equipment and the secure identification of this USB Key equipment of having stored, and definite digital certificate and secure identification carried out cryptographic calculation, obtains second operation result;
Server compares described first operation result and second operation result, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
A kind of Verification System of digital certificate, this system comprises:
USB Key equipment is used for carrying out cryptographic calculation according to receiving from the digital certificate of server and the secure identification that is stored in the local secure storage district, obtains first operation result, and sends this first operation result and user profile;
Server, be used to receive first operation result and the user profile that USB Key equipment sends, and according to the user profile that receives, the secure identification of this USB Key equipment of determining to send to the digital certificate of this USB Key equipment and having stored, and carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain second operation result, and, described first operation result and second operation result are compared, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
A kind of server, described server comprises:
Information receiving module, be used to receive first operation result and the user profile that USB Key equipment sends, described first operation result is that USB Key equipment carries out obtaining behind the cryptographic calculation according to digital certificate that receives and the secure identification that is stored in the secure storage areas;
Computing module, be used for according to the user profile that receives, the secure identification of this USB Key equipment of determining to send to the digital certificate of this USB Key equipment and having stored, and carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain second operation result;
Comparison module is used for described first operation result and second operation result are compared, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
A kind of USB Key equipment, described USB Key equipment comprises:
Information receiving module is used for the digital certificate from server;
Computing module is used for carrying out cryptographic calculation according to receiving from the digital certificate of server and the secure identification that is stored in the local secure storage district, obtains first operation result;
Information sending module is used to send this first operation result and user profile.
Beneficial effect of the present invention is as follows:
The secure identification that the secure storage areas extra storage of the embodiment of the invention in USB Key equipment has uniqueness, and in server, set up the hardware identifier of USB Key equipment and the corresponding relation between the secure identification, so that after USB Key equipment receives digital certificate, the operation result that utilizes this secure identification and the digital certificate that receives carry out behind the cryptographic calculation can be sent to server, the secure identification of the local storage of server by utilizing is authenticated the operation result that receives, only when authentication is passed through, server just allows USB Key equipment to use the digital certificate that receives, otherwise, do not allow USB Key equipment to use the digital certificate that receives.In this programme, because client can't read the information in the secure storage areas in the USB Key equipment, therefore, even behind the illegal USB Key devices to obtain digital certificates, after illegal USB Key device-to-server sends the operation result that is used to authenticate, server can be by authentication yet, that is to say, though illegal USB Key devices to obtain digital certificates but can not correctly use this digital certificate, as not using digital certificate to carry out transaction of Web bank etc., guaranteed that digital certificate can only be downloaded in the legal USB Key equipment and could use, avoided the illegal use of digital certificate, improved the service security of validated user.
Description of drawings
Fig. 1 is in the prior art, and USB Key equipment is from the schematic flow sheet of server downloading digital certificate;
Fig. 2 is the authentication method flow chart of the digital certificate of the embodiment of the invention one;
Fig. 3 is the authentication method flow chart of the digital certificate of the embodiment of the invention two;
Fig. 4 is the authentication method flow chart of the digital certificate of the embodiment of the invention three;
Fig. 5 is the authentication method flow chart of the digital certificate of the embodiment of the invention four;
Fig. 6 is the system configuration schematic diagram of the digital certificate of the embodiment of the invention five;
Fig. 7 (a), Fig. 7 (b) are the server architecture schematic diagram of the embodiment of the invention six;
Fig. 8 (a), Fig. 8 (b) are the structural representation of the USB Key equipment of the embodiment of the invention seven.
Embodiment
Need to prove, the secure storage areas of the USB Key equipment that relates in the various embodiments of the present invention is meant: the memory of USB Key equipment generally is divided into data storage area and key memory block (being secure storage areas again), important information after the secure storage areas stored is carried out cryptographic calculation, do not allow external device access, cryptographic algorithm is fired when USB Key device initialize in the secure storage areas at memory.
The hardware identifier of described USB Key equipment is meant: USB Key equipment is after making successfully, in order to distinguish different USB Key equipment, be hardware identifier of each USB Key devices allocation just, this hardware identifier can be the sequence number of product, also can be other discernible labels of product, generally be stored in USB Key device interior, also can write on the surface of USB Key equipment.
The secure identification of described USB Key equipment is meant: USB Key equipment is when making, store a secure identification by the method that writes at the secure storage areas of USB Key device interior, this sign can only must not be visited by external device by the visit of the COS system of USB Key device interior.
Below in conjunction with Figure of description the embodiment of the invention is described in detail.
Embodiment one:
As shown in Figure 2, be the schematic flow sheet of the authentication method of digital certificate in the embodiment of the invention one, particular content may further comprise the steps:
Accept method shown in Figure 1, step 107: send digital certificate to USB Key equipment by server.
Step 201:USB Key equipment carries out cryptographic calculation with digital certificate and the local secure identification of storing that receives, and obtains first operation result.
In the scheme of this step, USB Key equipment can carry out cryptographic calculation according to the MD5 algorithm with digital certificate and secure identification, the benefit of doing like this is: because the MD5 algorithm is a kind of irreversible algorithm, therefore, even after first operation result that USB Key equipment obtains according to the MD5 algorithm is illegally obtained by other equipment, also can't therefrom analyze secure identification.Employed algorithm also is not limited to other algorithms with irreversible property in the present embodiment one.
Step 202:USB Key equipment sends to server with described first operation result and user profile by the client that inserts.
Need to prove that the initiation time of this step 202 includes but not limited to following several situation:
1, USB Key equipment is carried out above-mentioned steps 201 and step 202 immediately when receiving digital certificate.
2, in the digital certificate execution business that USB Key equipment receives in use, the digital certificate that receives as utilization is prepared debarkation net and is gone to bank when concluding the business, carry out above-mentioned steps 201 and step 202, for example, carry described first operation result to server by Web bank's request of landing.
3, USB Key equipment can be after receiving digital certificate, and use the digital certificate that receives to carry out random time point execution above-mentioned steps 201 and step 202 before professional.
Step 203: server is determined the secure identification and the digital certificate of corresponding USB Key equipment according to the user profile that receives.
In the scheme of present embodiment, server this locality can be when the user opens USB Key equipment, the hardware identifier of recording user information, USB Key equipment, the corresponding relation between the secure identification three, when server during in execution in step 203, can be according to the corresponding relation between the described three, determine the secure identification of the user profile correspondence that receives.
Server this locality can also be when the user opens USB Key equipment, corresponding relation between the hardware identifier of recording user information and USB Key equipment, and the hardware identifier of USB Key equipment and the corresponding relation between the secure identification, when server during in execution in step 203, can determine the hardware identifier of corresponding USB Key equipment according to the user profile that receives, and then determine secure identification again.
Server is after having sent digital certificate to USB Key equipment, can receive the hardware identifier of USB Key equipment of digital certificate and the corresponding relation between the digital certificate at local record, therefore, in this step, server can be determined corresponding digital certificate according to the user profile that receives.
Step 204: server carries out cryptographic calculation according to the secure identification and the digital certificate of the USB Key equipment that this locality is determined, obtains second operation result.
In this step, the employed algorithm of server is identical with employed algorithm in the step 201.
Need to prove that first operation result and second operation result that relate in the present embodiment are for the operation result of USB Key equipment and server is distinguished, whether identical to its content without any special definition.
Step 205: server is first operation result and second operation result relatively, if come to the same thing, put enabler flags then by the authentication to USB Key equipment, and to the digital certificate that sends to this USB Key equipment, it is professional to allow USB Key equipment to use this digital certificate to carry out; Otherwise, do not have by authentication USB Key equipment, it is professional not allow USB Key equipment to use this digital certificate to carry out.
In the scheme of present embodiment one, need to use the digital certificate that receives that USB Key equipment is authenticated, therefore, have only digital certificate correctly, intactly to download to the scheme that USB Key equipment could be realized present embodiment one, that is to say, utilize the scheme of present embodiment one can guarantee that digital certificate correctly, intactly downloads in the USB Key equipment.On the other hand, the digital certificate that server by utilizing sends and the secure identification of USB Key equipment authenticate USB Key equipment, guarantee that using the USB Key equipment of digital certificate all is legal USB Key equipment, has improved the service security of validated user.
Embodiment two:
As shown in Figure 3, method flow schematic diagram for a kind of digital certificate authentication of the embodiment of the invention two, the scheme of the scheme of present embodiment two and embodiment one is basic identical, institute's difference is, the scheme of embodiment one can additionally not use identifying code to come USB Key equipment is authenticated, in the scheme of present embodiment two, server can be on the basis of embodiment one scheme, by send the form of identifying code to USB Key equipment, USB Key equipment is authenticated, particularly, in the scheme of present embodiment two, after step 107, and before the step 201, further comprising the steps of:
First identifying code that step 201/:USB Key equipment reception server sends.
Described first identifying code can be a random number.
In the scheme of this step 201/, server can send first identifying code to USB Key equipment when USB Key equipment sends digital certificate; Also can be that USB Key equipment is after receiving digital certificate, and the random time point of USB Key equipment before the digital certificate execution business that use receives, after server sent the checking request, server was sending first identifying code to USB Key equipment again.
Because present embodiment two has increased step 201/ newly, therefore, the scheme of the step 201 in the present embodiment two and the scheme of step 204 and embodiment one is difference to some extent also, and its difference is:
In the step 201 of present embodiment two, the secure identification of first identifying code that USB Key equipment will receive, digital certificate and local storage carries out cryptographic calculation, obtains first operation result.In the step 204 of present embodiment two, server also will carry out cryptographic calculation according to the secure identification and the digital certificate of first identifying code, the local USB Key equipment of determining, obtains second operation result.
In the technical scheme of present embodiment two, utilize the digital certificate of first identifying code, USB Key equipment and the secure identification of USB Key equipment to carry out cryptographic calculation, can further improve the fail safe that digital certificate uses.
Mode by embodiment one and embodiment two, after digital certificate downloads to USB Key equipment, and the user uses before the USB Key equipment execution business of having downloaded digital certificate, by the authentication of server to USB Key equipment and the digital certificate downloaded, guarantee the correct use of digital certificate, improved the service security of validated user.
Embodiment three:
Present embodiment three is on the basis of embodiment one or embodiment two, realize the legitimacy authentication of the digital certificate that USB Key equipment interconnection is received, concrete verification process is: USB Key equipment authenticates the server that sends digital certificate, if authentication is passed through, determine that then the digital certificate that this server sends is legal, otherwise, determine that the digital certificate that this server sends is illegal.
In the scheme of present embodiment three, USB Key equipment authenticates server by send the form of identifying code to server.
As shown in Figure 4, schematic flow sheet for the authentication method of digital certificate in the present embodiment three, in the scheme of present embodiment three, USB Key equipment is after receiving digital certificate, and the random time point of USB Key equipment before the digital certificate execution business that use receives, carry out following operation:
Step 301:USB Key equipment sends second identifying code and user profile by user end to server.
Described second identifying code can be a random number, and this random number can be generated by USB Key equipment, also can be generated by client.
Need to prove, first identifying code that second identifying code that relates in the present embodiment three and embodiment two relate to is distinguished for the identifying code that USB Key equipment and server are sent respectively, and whether the content in these two identifying codes is identical without any special definition.
Step 302: the user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment and the secure identification of this USB Key equipment.
Step 303: server carries out cryptographic calculation according to second identifying code, definite digital certificate and secure identification, obtains the 3rd operation result.
Step 304: server sends to USB Key equipment with the 3rd operation result by client.
Step 305:USB Key equipment according to second identifying code, local reception to digital certificate and the secure identification of local storage carry out cryptographic calculation, obtain the 4th operation result.
The 3rd operation result that step 306:USB Key equipment will receive and the 4th operation result that calculates compare, if unanimity as a result, then by the authentication to server, the digital certificate authentication that this server is sent passes through simultaneously; Otherwise, not having by authentication server, the digital certificate authentication that this server is sent does not pass through simultaneously.
Need to prove, describe for convenient, in the schematic flow sheet shown in Figure 4, be that step 301~step 306 in the present embodiment three is carried out between the step 107 of embodiment one and step 201, promptly carry out of the authentication of USB Key equipment earlier to server, carry out the authentication of server again to USB Key equipment, the scheme of present embodiment three also is not limited to carry out earlier the authentication of server to USB Key equipment, carry out of the authentication of USB Key equipment again, or authenticate executed in parallel mutually between server and the USB Key equipment server.
Embodiment four:
The scheme of present embodiment four and embodiment three are similar, are on the basis of embodiment two, realize the legitimacy authentication of the digital certificate that USB Key equipment interconnection is received.In the scheme of present embodiment four, USB Key equipment does not use the form of identifying code, directly server is authenticated.
As shown in Figure 5, be the schematic flow sheet of a kind of authentication method of digital certificate in the present embodiment four.
Scheme at present embodiment four is compared with embodiment three, has following difference:
In the scheme of present embodiment four, USB Key equipment in the step 301 can not send second identifying code to server, only send user profile to server, therefore, in step 302 and step 303, server carries out cryptographic calculation according to digital certificate and the secure identification determined, obtains the 3rd operation result; Simultaneously, in step 305, USB Key equipment also according to local reception to digital certificate and the secure identification of local storage carry out cryptographic calculation, obtain the 4th operation result, and carry out follow-up decision operation.
Because present embodiment four is preferred versions on the basis of embodiment two, therefore, the step 301~step 306 in the present embodiment four can be in execution between the step 107 of embodiment two and the step 201/.
Method by embodiment three and embodiment four, after digital certificate downloads to USB Key equipment, and the user uses before the USB Key equipment execution business of having downloaded digital certificate, by of the authentication of USB Key equipment to server, guaranteed the legitimacy of USB Key equipment, so just can guarantee the legal use of digital certificate from the digital certificate of server download.
Embodiment one, two, three and four has realized server to the authentication to server of the authentication of USB Key equipment and USB Key equipment, and the mode of this two-way authentication can improve the legitimacy that digital certificate uses, and can guarantee the fail safe of service execution by user.
Embodiment five:
As shown in Figure 6, be the structural representation of a kind of Verification System of digital certificate in the present embodiment five.
Native system comprises: USB Key equipment 11 and server 12.
Described USB Key equipment 11 is used for carrying out cryptographic calculation according to receiving from the digital certificate of server 12 and the secure identification that is stored in the local secure storage district, obtains first operation result, and sends this first operation result and user profile.
Described server 12, be used to receive first operation result and the user profile that USB Key equipment 11 sends, and according to the user profile that receives, the secure identification of this USB Key equipment 11 of determining to send to the digital certificate of this USB Key equipment 11 and having stored, and carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain second operation result, and, described first operation result and second operation result are compared, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
Described server 12 specifically is used for after USB Key equipment 11 receives digital certificate, and server 12 response USB Key equipment 11 utilize before this digital certificate execution business first operation result and user profile that reception USB Key equipment sends.
Described server 12, the corresponding relation that specifically is used for the secure identification of hardware identifier, USB Key equipment 11 at local storing subscriber information, USB Key equipment 11, and according to the digital certificate that has sent and receive corresponding relation between the user profile of USB Key equipment 11 of digital certificate, determine the digital certificate of the user profile correspondence that receives, and, according to the corresponding relation of the secure identification of the hardware identifier of user profile, USB Key equipment 11, USB Key equipment 11, determine the secure identification of the USB Key equipment 11 of the user profile correspondence that receives.
Described server 12 also is used for the digital certificate that sends to this USB Key equipment 11 is put enabler flags, and the user can normally use this digital certificate to carry out digital signature, authentication.
Described server 12 specifically is used for sending first identifying code to USB Key equipment 11, and carries out obtaining second operation result behind the cryptographic calculation according to digital certificate, secure identification and first identifying code determined.
USB Key equipment 11 specifically is used for according to first identifying code, the digital certificate that receive and is stored in the interior secure identification of secure storage areas carrying out obtaining first operation result behind the cryptographic calculation.
USB Key equipment 11, specifically be used for sending second identifying code to server 12, and according to second identifying code, local reception to digital certificate and the secure identification of local storage carry out obtaining the 4th operation result behind the cryptographic calculation, and, the 3rd operation result and described the 4th operation result that receive are compared, and server is authenticated according to comparative result.
Server 12, specifically be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment 11, and after determining the secure identification of this USB Key equipment 11, carry out cryptographic calculation according to second identifying code that receives, definite digital certificate and secure identification, obtain the 3rd operation result, and send to USB Key equipment 11.
Server 12, specifically be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment 11, and after determining the secure identification of this USB Key equipment 11, carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain the 3rd operation result, and send to USB Key equipment 11.
USB Key equipment 11, specifically be used for according to local reception to digital certificate and the secure identification of local storage carry out obtaining the 4th operation result behind the cryptographic calculation, and, the 3rd operation result and the 4th operation result that receive are compared, and server 12 is authenticated according to comparative result.
More preferably, the Verification System of a kind of digital certificate of the present invention program can also comprise client 13.
Particularly, after USB Key equipment 11 can insert client 13 by USB interface, by carrying out information interaction between this client 13 and the server 12.
Embodiment six:
Shown in Fig. 7 (a) and Fig. 7 (b), the structured flowchart for server in the present embodiment six is illustrated it respectively below:
Shown in Fig. 7 (a), server specifically comprises in the present embodiment six: information receiving module 21, computing module 22, comparison module 23, memory module 24 and identification module 25, wherein:
Further, memory module 24 can be used for the corresponding relation of secure identification of hardware identifier, the USB Key equipment of storing subscriber information, USB Key equipment; Then described computing module 22 can specifically be used for according to memory module 24 stored relation and the user profile that receives, determines to send to the digital certificate of this USB Key equipment and the secure identification of this USB Key equipment of having stored.
More preferably, the comparative result that identification module 25 is used in comparison module 23 is that first operation result is when identical with second operation result, the digital certificate that sends to this USB Key equipment is put enabler flags, and the user can normally use this digital certificate to carry out digital signature, authentication.
Server shown in Fig. 7 (a) can authenticate the legitimacy of USB Key equipment, on the basis of Fig. 7 (a), can do further distortion to the framework of server, shown in Fig. 7 (b), server also comprises information sending module 26, is used for sending first identifying code to USB Key equipment.Because the server shown in Fig. 7 (b) is for the server shown in Fig. 7 (a), can utilize first identifying code to come USB Key equipment is authenticated further, therefore, described computing module 22 also can specifically be used for carrying out obtaining second operation result behind the cryptographic calculation according to digital certificate, secure identification and first identifying code determined, and first operation result that information receiving module 21 receives also is that USB Key equipment carries out sending after the computing according to first identifying code, digital certificate and secure identification.Therefore, comparison module 23 authenticates USB Key equipment after can specifically being used for first operation result relevant with first identifying code and second operation result compared.
Except USB Key equipment being authenticated according to the server shown in Fig. 7 (a) and Fig. 7 (b), server in the present embodiment six also can be authenticated self by USB Key equipment, therefore, described information receiving module 21 also is used to receive second identifying code that USB Key equipment sends; Described computing module 22 also is used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to second identifying code, definite digital certificate and secure identification, the 3rd operation result that obtains is sent to USB Key equipment, allow USB Key equipment that server self is authenticated.
In the scheme of present embodiment, second identifying code of server except sending according to USB Key equipment, allow outside USB Key equipment authenticates self, can also be by described computing module 22, directly utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to digital certificate and the secure identification determined, the 3rd operation result that obtains is sent to USB Key equipment, allow USB Key equipment that server self is authenticated.
Embodiment seven:
Shown in Fig. 8 (a) and Fig. 8 (b), the structural representation for USB Key equipment in the present embodiment seven is illustrated respectively below:
Shown in Fig. 8 (a), USB Key equipment specifically comprises: information receiving module 31, computing module 32 and information sending module 33, wherein:
Further, if server need authenticate USB Key equipment by the form of identifying code, then described information receiving module 31 also is used for first identifying code that reception server sends; Described computing module 32 specifically is used for according to first identifying code, the digital certificate that receive and is stored in the interior secure identification of secure storage areas carrying out obtaining first operation result behind the cryptographic calculation.
It is in order to allow server that self is authenticated that USB Key device-to-server sends first operation result.In the present embodiment scheme, can also be authenticated server by USB Key equipment, therefore, shown in Fig. 8 (a), USB Key equipment can also comprise that first comparison module, 34, the first comparison modules 34 with other module cooperative courses of work are:
Described information sending module 33 also is used for sending second identifying code to server; Described information receiving module 31 also is used for the 3rd operation result from server, described the 3rd operation result is the user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out according to second identifying code that receives, definite digital certificate and secure identification that cryptographic calculation obtains; Described computing module 32 specifically is used for carrying out obtaining the 4th operation result behind the cryptographic calculation according to the secure identification of second identifying code, the digital certificate that receives and storage; The 3rd operation result that first comparison module 34 will receive and described the 4th operation result compare, and according to comparative result server are authenticated.
In the USB Key equipment shown in Fig. 8 (a), second identifying code of USB Key equipment by sending to server authenticates server, and the scheme of present embodiment also is not limited to not use the form of identifying code, and server is authenticated.Shown in Fig. 8 (b), can comprise second comparison module 35, this second comparison module 35 with other module cooperative courses of work is:
Described information receiving module 31 also is used to receive the 3rd operation result from server, described the 3rd operation result is the user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out according to the digital certificate of determining and secure identification that cryptographic calculation obtains; Described computing module 32 specifically is used for carrying out obtaining the 4th operation result behind the cryptographic calculation according to the digital certificate that receives and the secure identification of storage; The 3rd operation result that second comparison module 35 will receive and described the 4th operation result compare, and according to comparative result server are authenticated.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (24)
1. the authentication method of a digital certificate is characterized in that, this method comprises:
Server receives first operation result and the user profile that USB Key equipment sends, and described first operation result is that USB Key equipment carries out obtaining behind the cryptographic calculation according to digital certificate that receives and the secure identification that is stored in the secure storage areas;
Server is according to the user profile that receives, determines to send to the digital certificate of this USB Key equipment and the secure identification of this USB Key equipment of having stored, and definite digital certificate and secure identification carried out cryptographic calculation, obtains second operation result;
Server compares described first operation result and second operation result, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
2. the authentication method of digital certificate as claimed in claim 1 is characterized in that, server receives first operation result and the user profile that USB Key equipment sends, and specifically comprises:
USB Key equipment receives after the digital certificate, and before this digital certificate execution business of server response USB Key equipment utilization, server receives first operation result and the user profile that USB Key equipment sends.
3. the authentication method of digital certificate as claimed in claim 1 is characterized in that, server receives before first operation result and user profile of USB Key equipment transmission, and described method also comprises:
Server is at the corresponding relation of the secure identification of local storing subscriber information, USB Key equipment;
Server is determined digital certificate and secure identification according to the user profile that receives, and specifically comprises:
Server is according to the corresponding relation between the user profile of the USB Key equipment of digital certificate that has sent and reception digital certificate, determine the digital certificate of the user profile correspondence that receives, and, according to the corresponding relation of the secure identification of user profile, USB Key equipment, determine the secure identification of the USB Key equipment of the user profile correspondence that receives.
4. the authentication method of digital certificate as claimed in claim 1 is characterized in that, when server determined that first operation result is identical with second operation result, described method also comprised:
Server is put enabler flags to the digital certificate that sends to this USB Key equipment.
5. the authentication method of digital certificate as claimed in claim 1 is characterized in that, server receives before first operation result and user profile of USB Key equipment transmission, also comprises:
Server sends first identifying code to USB Key equipment;
To be USB Key equipment carry out obtaining behind the cryptographic calculation according to first identifying code, the digital certificate that receive and the secure identification that is stored in the secure storage areas described first operation result;
Described second operation result is that server carries out obtaining behind the cryptographic calculation according to digital certificate, secure identification and first identifying code determined.
6. as the authentication method of the arbitrary described digital certificate of claim 1~5, it is characterized in that USB Key equipment receives after the digital certificate, and before this digital certificate execution business of server response USB Key equipment utilization, described method comprises also:
Server receives second identifying code that USB Key equipment sends;
The user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to second identifying code, definite digital certificate and secure identification, the 3rd operation result that obtains is sent to USB Key equipment, indication USB Key equipment compares according to the 3rd operation result that receives and local the 4th operation result that calculates of USB Key equipment, and according to comparative result server is authenticated;
Described the 4th operation result be USB Key equipment according to second identifying code, local reception to digital certificate and the secure identification of local storage carry out obtaining behind the cryptographic calculation.
7. the authentication method of digital certificate as claimed in claim 5 is characterized in that, USB Key equipment receives after the digital certificate, and before this digital certificate execution business of server response USB Key equipment utilization, described method also comprises:
The user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to digital certificate and the secure identification determined, the 3rd operation result that obtains is sent to USB Key equipment, indication USB Key equipment compares according to the 3rd operation result that receives and local the 4th operation result that calculates of USB Key equipment, and according to comparative result server is authenticated;
Described the 4th operation result be USB Key equipment according to local reception to digital certificate and the secure identification of local storage carry out obtaining behind the cryptographic calculation.
8. the Verification System of a digital certificate is characterized in that, this system comprises:
USB Key equipment is used for carrying out cryptographic calculation according to receiving from the digital certificate of server and the secure identification that is stored in the local secure storage district, obtains first operation result, and sends this first operation result and user profile;
Server, be used to receive first operation result and the user profile that USB Key equipment sends, and according to the user profile that receives, the secure identification of this USB Key equipment of determining to send to the digital certificate of this USB Key equipment and having stored, and carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain second operation result, and, described first operation result and second operation result are compared, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
9. the Verification System of digital certificate as claimed in claim 8 is characterized in that,
Described server specifically is used for after USB Key equipment receives digital certificate, and before this digital certificate execution business of server response USB Key equipment utilization, receives first operation result and user profile that USB Key equipment sends.
10. the Verification System of digital certificate as claimed in claim 8 is characterized in that,
Described server, the corresponding relation that specifically is used for the secure identification of hardware identifier, USB Key equipment at local storing subscriber information, USB Key equipment, and according to the digital certificate that has sent and receive corresponding relation between the user profile of USB Key equipment of digital certificate, determine the digital certificate of the user profile correspondence that receives, and, according to the corresponding relation of the secure identification of the hardware identifier of user profile, USB Key equipment, USB Key equipment, determine the secure identification of the USB Key equipment of the user profile correspondence that receives.
11. the Verification System of digital certificate as claimed in claim 8 is characterized in that,
Described server also is used for the digital certificate that sends to this USB Key equipment is put enabler flags.
12. the Verification System of digital certificate as claimed in claim 8 is characterized in that,
Described server specifically is used for sending first identifying code to USB Key equipment, and carries out obtaining second operation result behind the cryptographic calculation according to digital certificate, secure identification and first identifying code determined;
USB Key equipment specifically is used for according to first identifying code, the digital certificate that receive and is stored in the interior secure identification of secure storage areas carrying out obtaining first operation result behind the cryptographic calculation.
13. the Verification System as the arbitrary described digital certificate of claim 8~12 is characterized in that,
USB Key equipment, specifically be used for sending second identifying code to server, and according to second identifying code, local reception to digital certificate and the secure identification of local storage carry out obtaining the 4th operation result behind the cryptographic calculation, and, the 3rd operation result and described the 4th operation result that receive are compared, and server is authenticated according to comparative result;
Server, specifically be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out cryptographic calculation according to second identifying code that receives, definite digital certificate and secure identification, obtain the 3rd operation result, and send to USB Key equipment.
14. the Verification System of digital certificate as claimed in claim 12 is characterized in that,
USB Key equipment, specifically be used for according to local reception to digital certificate and the secure identification of local storage carry out obtaining the 4th operation result behind the cryptographic calculation, and, the 3rd operation result and the 4th operation result that receives compared, and server is authenticated according to comparative result;
Server, specifically be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain the 3rd operation result, and send to USB Key equipment.
15. a server is characterized in that, described server comprises:
Information receiving module, be used to receive first operation result and the user profile that USB Key equipment sends, described first operation result is that USB Key equipment carries out obtaining behind the cryptographic calculation according to digital certificate that receives and the secure identification that is stored in the secure storage areas;
Computing module, be used for according to the user profile that receives, the secure identification of this USB Key equipment of determining to send to the digital certificate of this USB Key equipment and having stored, and carry out cryptographic calculation according to digital certificate and the secure identification determined, obtain second operation result;
Comparison module is used for described first operation result and second operation result are compared, if identical, it is professional then to allow this USB Key equipment to use this digital certificate to carry out; Otherwise it is professional not allow USB Key equipment to use this digital certificate to carry out.
16. server as claimed in claim 15 is characterized in that, also comprises:
Memory module is used for the corresponding relation of secure identification of hardware identifier, the USB Key equipment of storing subscriber information, USB Key equipment;
Described computing module specifically is used for according to memory module stored relation and the user profile that receives, determines to send to the digital certificate of this USB Key equipment and the secure identification of this USB Key equipment of having stored.
17. server as claimed in claim 15 is characterized in that, also comprises:
Identification module is used for comparative result at comparison module and is first operation result when identical with second operation result, and the digital certificate that sends to this USB Key equipment is put enabler flags.
18. server as claimed in claim 15 is characterized in that, also comprises:
Information sending module is used for sending first identifying code to USB Key equipment;
Described computing module specifically is used for carrying out obtaining second operation result behind the cryptographic calculation according to digital certificate, secure identification and first identifying code determined.
19. as the arbitrary described server of claim 15~18, it is characterized in that,
Described information receiving module also is used to receive second identifying code that USB Key equipment sends;
Described computing module, also be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to second identifying code, definite digital certificate and secure identification, the 3rd operation result that obtains is sent to USB Key equipment.
20. server as claimed in claim 18 is characterized in that,
Described computing module, also be used to utilize the user profile that receives, determine to send to the digital certificate of USB Key equipment, and behind the secure identification of this USB Key equipment, carry out cryptographic calculation according to digital certificate and the secure identification determined, the 3rd operation result that obtains is sent to USB Key equipment.
21. a USB Key equipment is characterized in that, described USB Key equipment comprises:
Information receiving module is used for the digital certificate from server;
Computing module is used for carrying out cryptographic calculation according to receiving from the digital certificate of server and the secure identification that is stored in the local secure storage district, obtains first operation result;
Information sending module is used to send this first operation result and user profile.
22. USB Key equipment as claimed in claim 21 is characterized in that,
Described information receiving module also is used for first identifying code that reception server sends;
Described computing module specifically is used for according to first identifying code, the digital certificate that receive and is stored in the interior secure identification of secure storage areas carrying out obtaining first operation result behind the cryptographic calculation.
23. as claim 21 or 22 described USB Key equipment, it is characterized in that,
Described information sending module is used for sending second identifying code to server;
Described information receiving module, also be used for the 3rd operation result from server, described the 3rd operation result is the user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out according to second identifying code that receives, definite digital certificate and secure identification that cryptographic calculation obtains;
Described computing module specifically is used for carrying out obtaining the 4th operation result behind the cryptographic calculation according to the secure identification of second identifying code, the digital certificate that receives and storage;
Described USB Key equipment also comprises:
First comparison module compares the 3rd operation result and described the 4th operation result that receives, and according to comparative result server is authenticated.
24. USB Key equipment as claimed in claim 22 is characterized in that,
Described information receiving module, also be used for the 3rd operation result from server, described the 3rd operation result is the user profile that server by utilizing receives, determine to send to the digital certificate of USB Key equipment, and after determining the secure identification of this USB Key equipment, carry out according to the digital certificate of determining and secure identification that cryptographic calculation obtains;
Described computing module specifically is used for carrying out obtaining the 4th operation result behind the cryptographic calculation according to the digital certificate that receives and the secure identification of storage;
Described USB Key equipment also comprises:
Second comparison module compares the 3rd operation result and described the 4th operation result that receives, and according to comparative result server is authenticated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110247312 CN102271042B (en) | 2011-08-25 | 2011-08-25 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110247312 CN102271042B (en) | 2011-08-25 | 2011-08-25 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102271042A true CN102271042A (en) | 2011-12-07 |
| CN102271042B CN102271042B (en) | 2013-10-09 |
Family
ID=45053213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110247312 Active CN102271042B (en) | 2011-08-25 | 2011-08-25 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102271042B (en) |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622547A (en) * | 2012-03-13 | 2012-08-01 | 上海华御信息技术有限公司 | Key based server data reading method |
| CN102811218A (en) * | 2012-07-24 | 2012-12-05 | 江苏省电子商务服务中心有限责任公司 | Precision authentication method and device for digital certificate, and cloud authentication service system |
| CN102882857A (en) * | 2012-09-10 | 2013-01-16 | 福建伊时代信息科技股份有限公司 | Client side device, encryption storage device, and remote access method and system |
| CN103400071A (en) * | 2013-07-31 | 2013-11-20 | 清华大学 | Network file system mounting method and system on basis of USB flash disc |
| CN103516524A (en) * | 2013-10-21 | 2014-01-15 | 北京旋极信息技术股份有限公司 | Security authentication method and system |
| CN103684770A (en) * | 2012-09-10 | 2014-03-26 | 国网信息通信有限公司 | Digital certificate authentication based service system agent access method and device |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103905197A (en) * | 2012-12-30 | 2014-07-02 | 北京握奇数据系统有限公司 | SIM card and external device binding and verifying method |
| CN103916842A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and validating user ID and external device |
| CN103916841A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and validating SD card and external device |
| CN104283688A (en) * | 2014-10-11 | 2015-01-14 | 东软集团股份有限公司 | USB Key safety certification system and safety certification method |
| CN104301113A (en) * | 2014-10-17 | 2015-01-21 | 飞天诚信科技股份有限公司 | Digital signing method and system based on multiple certificates and multiple purposes |
| CN104579691A (en) * | 2015-01-28 | 2015-04-29 | 中科创达软件股份有限公司 | BYOD mode control method, mobile device and system |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
| CN105450400A (en) * | 2014-06-03 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Identity verification method, client, server side, and system |
| CN105512538A (en) * | 2015-12-11 | 2016-04-20 | 北京元心科技有限公司 | debugging method and system of intelligent mobile operating system |
| CN105610766A (en) * | 2014-11-20 | 2016-05-25 | 中兴通讯股份有限公司 | Method and device for logging in to cloud desktop |
| CN106169993A (en) * | 2016-06-28 | 2016-11-30 | 北京华大领创智能科技有限公司 | A kind of safety certifying method, equipment and server |
| CN106169997A (en) * | 2016-07-04 | 2016-11-30 | 安徽天达网络科技有限公司 | A kind of system controls user and logs in the manufacture method of USB Key |
| CN106372531A (en) * | 2016-08-30 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for authorizing to acquire terminal attack alarming information log |
| CN106408298A (en) * | 2016-08-30 | 2017-02-15 | 福建联迪商用设备有限公司 | Method for clearing attack alarm for terminal through authorization and system thereof |
| CN106779697A (en) * | 2016-11-18 | 2017-05-31 | 合肥联宝信息技术有限公司 | The method and apparatus that a kind of utilization intelligent terminal BIOS realizes secure answer |
| CN107332667A (en) * | 2017-07-04 | 2017-11-07 | 四川云物益邦科技有限公司 | A kind of inquiry system of use digital certificate |
| CN107483433A (en) * | 2017-08-10 | 2017-12-15 | 山东渔翁信息技术股份有限公司 | A kind of method and system of authentication |
| WO2019033648A1 (en) * | 2017-08-17 | 2019-02-21 | 广州视源电子科技股份有限公司 | Software login method and apparatus and storage medium |
| CN109409041A (en) * | 2018-09-04 | 2019-03-01 | 航天信息股份有限公司 | A kind of server-side safety certifying method and system based on the application of more certificates |
| CN109460651A (en) * | 2018-10-17 | 2019-03-12 | 航天信息股份有限公司 | The login method and device of billing system |
| CN109889548A (en) * | 2019-04-01 | 2019-06-14 | 中国工商银行股份有限公司 | The authentication method of Web site based on U-shield device, apparatus and system |
| CN111404859A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Client authentication method and device and computer readable storage medium |
| CN111865904A (en) * | 2020-06-04 | 2020-10-30 | 河南中医药大学 | Safe user online state control method and device |
| CN112685698A (en) * | 2020-12-07 | 2021-04-20 | 湖南麒麟信安科技股份有限公司 | Software authorization method and system based on USB Key |
| CN112905979A (en) * | 2021-02-16 | 2021-06-04 | 中企云链(北京)金融信息服务有限公司 | Electronic signature authorization method and device, storage medium and electronic device |
| CN113221128A (en) * | 2020-01-21 | 2021-08-06 | 中国移动通信集团山东有限公司 | Account and password storage method and registration management system |
| CN116418541A (en) * | 2021-12-31 | 2023-07-11 | 龙芯中科(金华)技术有限公司 | Communication method, device and equipment |
| CN116418541B (en) * | 2021-12-31 | 2024-06-04 | 龙芯中科(金华)技术有限公司 | Communication method, device and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394284A (en) * | 2008-11-13 | 2009-03-25 | 四川长虹电器股份有限公司 | One-time password authentication method |
| CN101593324A (en) * | 2009-06-17 | 2009-12-02 | 浙江师范大学 | The network multi-level measures and procedures for the examination and approval and system based on dependable computing application technique |
-
2011
- 2011-08-25 CN CN 201110247312 patent/CN102271042B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394284A (en) * | 2008-11-13 | 2009-03-25 | 四川长虹电器股份有限公司 | One-time password authentication method |
| CN101593324A (en) * | 2009-06-17 | 2009-12-02 | 浙江师范大学 | The network multi-level measures and procedures for the examination and approval and system based on dependable computing application technique |
Non-Patent Citations (1)
| Title |
|---|
| 徐成强,李作维: "改进的一次性口令认证方案", 《计算机工程》, vol. 35, no. 24, 31 December 2009 (2009-12-31), pages 168 - 170 * |
Cited By (49)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622547A (en) * | 2012-03-13 | 2012-08-01 | 上海华御信息技术有限公司 | Key based server data reading method |
| CN102811218A (en) * | 2012-07-24 | 2012-12-05 | 江苏省电子商务服务中心有限责任公司 | Precision authentication method and device for digital certificate, and cloud authentication service system |
| CN102811218B (en) * | 2012-07-24 | 2013-07-31 | 江苏省电子商务服务中心有限责任公司 | Precision authentication method and device for digital certificate, and cloud authentication service system |
| CN102882857A (en) * | 2012-09-10 | 2013-01-16 | 福建伊时代信息科技股份有限公司 | Client side device, encryption storage device, and remote access method and system |
| CN103684770A (en) * | 2012-09-10 | 2014-03-26 | 国网信息通信有限公司 | Digital certificate authentication based service system agent access method and device |
| CN102882857B (en) * | 2012-09-10 | 2015-07-15 | 福建伊时代信息科技股份有限公司 | Client side device, encryption storage device, and remote access method and system |
| CN103905197B (en) * | 2012-12-30 | 2018-04-13 | 北京握奇数据系统有限公司 | A kind of method that SIM card and external equipment are bound and verified |
| CN103916842B (en) * | 2012-12-30 | 2017-11-24 | 北京握奇数据系统有限公司 | The method that a kind of ID and external equipment are bound and verified |
| CN103916841B (en) * | 2012-12-30 | 2017-11-24 | 北京握奇数据系统有限公司 | A kind of method that SD card and external equipment are bound and verified |
| CN103905197A (en) * | 2012-12-30 | 2014-07-02 | 北京握奇数据系统有限公司 | SIM card and external device binding and verifying method |
| CN103916842A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and validating user ID and external device |
| CN103916841A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and validating SD card and external device |
| CN103400071A (en) * | 2013-07-31 | 2013-11-20 | 清华大学 | Network file system mounting method and system on basis of USB flash disc |
| CN103516524A (en) * | 2013-10-21 | 2014-01-15 | 北京旋极信息技术股份有限公司 | Security authentication method and system |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN105450400B (en) * | 2014-06-03 | 2019-12-13 | 阿里巴巴集团控股有限公司 | Identity verification method, client, server and system |
| CN105450400A (en) * | 2014-06-03 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Identity verification method, client, server side, and system |
| CN104283688A (en) * | 2014-10-11 | 2015-01-14 | 东软集团股份有限公司 | USB Key safety certification system and safety certification method |
| CN104283688B (en) * | 2014-10-11 | 2017-12-29 | 东软集团股份有限公司 | A kind of USBKey security certification systems and safety certifying method |
| CN104301113B (en) * | 2014-10-17 | 2017-07-14 | 飞天诚信科技股份有限公司 | One kind is based on the multiduty digital signature method of many certificates and system |
| CN104301113A (en) * | 2014-10-17 | 2015-01-21 | 飞天诚信科技股份有限公司 | Digital signing method and system based on multiple certificates and multiple purposes |
| CN105610766A (en) * | 2014-11-20 | 2016-05-25 | 中兴通讯股份有限公司 | Method and device for logging in to cloud desktop |
| CN104579691A (en) * | 2015-01-28 | 2015-04-29 | 中科创达软件股份有限公司 | BYOD mode control method, mobile device and system |
| CN105141420B (en) * | 2015-07-29 | 2018-09-25 | 飞天诚信科技股份有限公司 | A kind of importing, the method for grant a certificate, equipment and server safely |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
| CN105512538A (en) * | 2015-12-11 | 2016-04-20 | 北京元心科技有限公司 | debugging method and system of intelligent mobile operating system |
| CN105512538B (en) * | 2015-12-11 | 2019-04-26 | 北京元心科技有限公司 | Debugging method and system of intelligent mobile operating system |
| CN106169993A (en) * | 2016-06-28 | 2016-11-30 | 北京华大领创智能科技有限公司 | A kind of safety certifying method, equipment and server |
| CN106169997A (en) * | 2016-07-04 | 2016-11-30 | 安徽天达网络科技有限公司 | A kind of system controls user and logs in the manufacture method of USB Key |
| WO2018040880A1 (en) * | 2016-08-30 | 2018-03-08 | 福建联迪商用设备有限公司 | Method and system for granting authority to acquire terminal attack alarm information log |
| CN106408298A (en) * | 2016-08-30 | 2017-02-15 | 福建联迪商用设备有限公司 | Method for clearing attack alarm for terminal through authorization and system thereof |
| CN106372531B (en) * | 2016-08-30 | 2018-11-02 | 福建联迪商用设备有限公司 | A kind of mandate obtains terminal attack warning message log approach and system |
| US11163867B2 (en) | 2016-08-30 | 2021-11-02 | Fujian Landi Commercial Equipment Co., Ltd | Method and system for authorizing acquisition of attack alarm information log of terminal |
| CN106372531A (en) * | 2016-08-30 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for authorizing to acquire terminal attack alarming information log |
| CN106779697A (en) * | 2016-11-18 | 2017-05-31 | 合肥联宝信息技术有限公司 | The method and apparatus that a kind of utilization intelligent terminal BIOS realizes secure answer |
| CN107332667A (en) * | 2017-07-04 | 2017-11-07 | 四川云物益邦科技有限公司 | A kind of inquiry system of use digital certificate |
| CN107483433A (en) * | 2017-08-10 | 2017-12-15 | 山东渔翁信息技术股份有限公司 | A kind of method and system of authentication |
| WO2019033648A1 (en) * | 2017-08-17 | 2019-02-21 | 广州视源电子科技股份有限公司 | Software login method and apparatus and storage medium |
| CN109409041A (en) * | 2018-09-04 | 2019-03-01 | 航天信息股份有限公司 | A kind of server-side safety certifying method and system based on the application of more certificates |
| CN109460651A (en) * | 2018-10-17 | 2019-03-12 | 航天信息股份有限公司 | The login method and device of billing system |
| CN111404859A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Client authentication method and device and computer readable storage medium |
| CN109889548A (en) * | 2019-04-01 | 2019-06-14 | 中国工商银行股份有限公司 | The authentication method of Web site based on U-shield device, apparatus and system |
| CN113221128A (en) * | 2020-01-21 | 2021-08-06 | 中国移动通信集团山东有限公司 | Account and password storage method and registration management system |
| CN111865904A (en) * | 2020-06-04 | 2020-10-30 | 河南中医药大学 | Safe user online state control method and device |
| CN111865904B (en) * | 2020-06-04 | 2022-08-23 | 河南中医药大学 | Safe user online state control method and device |
| CN112685698A (en) * | 2020-12-07 | 2021-04-20 | 湖南麒麟信安科技股份有限公司 | Software authorization method and system based on USB Key |
| CN112905979A (en) * | 2021-02-16 | 2021-06-04 | 中企云链(北京)金融信息服务有限公司 | Electronic signature authorization method and device, storage medium and electronic device |
| CN116418541A (en) * | 2021-12-31 | 2023-07-11 | 龙芯中科(金华)技术有限公司 | Communication method, device and equipment |
| CN116418541B (en) * | 2021-12-31 | 2024-06-04 | 龙芯中科(金华)技术有限公司 | Communication method, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102271042B (en) | 2013-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102271042B (en) | Certificate authorization method, system, universal serial bus (USB) Key equipment and server | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| CN104753881B (en) | A kind of WebService safety certification access control method based on software digital certificate and timestamp | |
| JP4790574B2 (en) | Apparatus and method for managing a plurality of certificates | |
| CN109309565A (en) | A kind of method and device of safety certification | |
| US10237072B2 (en) | Signatures for near field communications | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| CN105430014B (en) | A kind of single-point logging method and its system | |
| US9940446B2 (en) | Anti-piracy protection for software | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| WO2015186829A1 (en) | Transmission node, reception node, communication network system, message creation method, and computer program | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN113708935A (en) | Internet of things equipment unified authentication method and system based on block chain and PUF | |
| CN115664655A (en) | TEE credibility authentication method, device, equipment and medium | |
| Abraham et al. | SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance. | |
| CN107026729B (en) | Method and device for transmitting software | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: NSFOCUS TECHNOLOGY CO., LTD. Effective date: 20130910 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20130910 Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Applicant after: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Applicant after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Applicant before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. |