CN102571337A - Data processing method - Google Patents
Data processing method Download PDFInfo
- Publication number
- CN102571337A CN102571337A CN2010105934584A CN201010593458A CN102571337A CN 102571337 A CN102571337 A CN 102571337A CN 2010105934584 A CN2010105934584 A CN 2010105934584A CN 201010593458 A CN201010593458 A CN 201010593458A CN 102571337 A CN102571337 A CN 102571337A
- Authority
- CN
- China
- Prior art keywords
- module
- digital signature
- authentication code
- way
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a data processing method which is performed by a data processing system, wherein the data processing system comprises a first module with a digital signing device, a second module playing the role of gateway and a third module used for submitting the signature information. The data processing method comprises the steps of: firstly, establishing a first channel between the first module and the second module and establishing a second channel between a second module and a third module; secondly, establishing a third channel between the first module and the third module; thirdly, using a first authentication code generated by the digital signing device to establish a fourth channel between the first module and the third module through a second module; and fourthly, using the fourth channel through the third module to call the first module so as to conduct the digital signing operation, or using the fourth channel through the third module to read data in the first module or write data in the first module.
Description
Technical field
The present invention relates to a kind of data processing method, relate in particular to a kind of data processing method of using the carried out digital signature of authentication code.
Background technology
In recent years; Along with the variation of professional channel, be used for telephone terminal that e commerce transactions uses, sales counter that the someone serves, have people or channels such as unattended POS terminal, unattended ATM terminal all need submission information let user's signature confirm to guarantee information security.This just needs the user can both receive signing messages at any time and adds their confirmation.
Yet in traditional e commerce transactions was used, just that the user is the operated Internet access terminals such as the data of submissions such as traditional P C machine (PC), notebook computer were carried out digital signature.Development along with mobile Internet and various mobile computing devices; Remove outside the computing terminals such as traditional P C machine, notebook computer; Computing terminals such as smart mobile phone, panel computer, e-book are all more and more universal; Use and also on these emerging network computing equipments, shift more and more, for example, the transfer that e commerce transactions is used.Transfer in the process at emerging terminal in the signature application; Traditional signature device such as USBKEY are (promptly; The signature device that communicates with usb mode and host computer) and TFKEY (promptly; The signature device that communicates with Micro SD interface mode and host computer) also there is unsafe factor, and is difficult to cooperate well to satisfy the requirement that the user can both receive signing messages and add their confirmation at any time with these emerging terminals.
Fig. 1 is a kind of structure and corresponding basic operation flow process thereof of traditional signature system.As shown in Figure 1, traditional signature system is made up of user terminal 102, signature apparatus 103 and service server 104 usually.Adopt computer external interface between user terminal 102 and the signature apparatus 103, be connected like USB interface, UART serial ports, infrared interface and/or blue tooth interface etc.User terminal 102 conducts interviews to service server 104 through the Internet.User terminal 102 communicates with service server 104 and signature apparatus 103 respectively according to user 101 demand.The basic operation flow process of this signature system comprises: at step S105, user 101 submits to user terminal 102 with service request data; At step S106, user terminal 102 sends to signature apparatus 103 to the information of needs signature; At step S107,103 pairs of signature apparatus need the information of signature to carry out digital signature, and the information after will signing is then submitted to user terminal 102; At step S108, information sent to service server 104 together with service request data after user terminal 102 will be signed; At step S109, the information behind 104 pairs of signatures that receive of service server is verified, and according to verifying that the result carries out corresponding service processing, subsequently service processing result is sent to user terminal 102.At last, user terminal 102 display business results.
Because as the aforementioned emerging terminal of user terminal and traditional terminal Peripheral Interface disunity, above-mentioned traditional signatures system shown in Figure 1 just is difficult to insert these emerging terminals.For example, panel computer and smart mobile phone do not have the USB main interface, can't the USBKEY that belong to the USB slave unit be connected on these equipment as signature apparatus.
In addition, traditional signature apparatus with the access way of user terminal on adopt computer external interface, this just needs the corresponding apparatus driver to cooperate.Along with the increase of terminal type, the driver quantity of required exploitation is very big, thereby has increased the manpower cost and the cost of system development and application.
Therefore, with regard to need a kind of safer, can carry out the data processing method that reads and/or write of digital signature or data more reliably.
In addition, reasonable is a kind ofly can be used for the carried out digital signature at various emerging terminals or the data processing method that reads and/or write of data.
Have again, be preferably, need a kind ofly can satisfy the data processing method that reads and/or write that the user receives signing messages and the carried out digital signature that adds their confirmation or data at any time easily.
Summary of the invention
The present invention can overcome above-mentioned one or more shortcoming that prior art exists.
According to the present invention; A kind of data processing method is provided; Said data processing method is carried out by data handling system; Said data handling system comprises first module with digital signature device, the three module that plays second module of gateway effect and be used to carry out the signing messages submission, and said data processing method comprises: first step, and between said first module and said second module, set up first passage and between said second module and said three module, set up second channel; Second step is set up third channel between said first module and said three module; Third step, first authentication code that utilizes said digital signature device to produce is set up four-way via said second module between said first module and said three module; And the 4th step; Said three module calls said first module to carry out the digital signature operation through said four-way, and perhaps said three module reads the data in said first module or in said first module, writes data through said four-way.
In addition, in above-mentioned data processing method, said first step can comprise: the user initiates to connect through said digital signature device, sets up said first passage; And said second module is set up said second channel to said three module initiation connection request.
In addition, in above-mentioned data processing method, said second step can comprise: said second module and said digital signature device are shared said first authentication code through said first passage, and said digital signature device sends the authentication code of sharing to user; And the user imports authentication code and the three module information that said digital signature device sends on said three module, sets up said third channel thus.
Have, in above-mentioned data processing method, said third step can comprise again: said three module sends to said second module with the authentication code that the user imports with said three module information through said second channel; And said second module compares authentication code and the said shared authentication code of said user input, if the authentication code of said user input is identical with said shared authentication code, and then said four-way foundation; If the authentication code of said user's input is different with said shared authentication code, then break off said first passage and said second channel, it is invalid that this connects the said shared authentication code that is generated.Optional is; Third step can comprise: said three module sends to said second module with the authentication code that the user imports with said three module information through said second channel, and said second module sends to said digital signature device through said first passage with the authentication code that said user imports; And said digital signature device compares authentication code and the said shared authentication code of said user input, if the authentication code of said user input is identical with said shared authentication code, and then said four-way foundation; If the authentication code of said user's input is different with said shared authentication code, then break off said first passage and said second channel, it is invalid that this connects the said shared authentication code that is generated.
In addition, in above data processing method, said first authentication code can also can be a random number in each all differences that connects.
In addition, in above-mentioned data processing method, the step of setting up said first passage can comprise: between said first module and said second module, share key.
Moreover; In above-mentioned data processing method; Digital signature operation in said the 4th step can comprise: the user is input to subscriber identity information in the said three module; Said three module is submitted to said first module through said four-way with said subscriber identity information, the correctness of the said subscriber identity information of said first module verification; Perhaps said user directly inputs to said first module with said subscriber identity information, the correctness of the said subscriber identity information of said first module verification; Said first module sends to said three module through said third channel with said subscriber identity information checking result; And if said subscriber identity information checking result is correct; So said three module sends the information that will sign to said first module through said four-way, and said first module carries out returning to said three module to the information after the digital signature through said four-way after the digital signature to the said information that will sign; If said subscriber identity information checking result is incorrect, then said three module does not transmit the said information that will sign.
Also have; In above-mentioned data processing method; The said data that read in said first module in said the 4th step can comprise: said three module reads the nonsensitive data in said first module through said four-way; Wherein, after reading first, with the metadata cache that is read in said second module; And when reading once more; Judge whether the data that are buffered in said second module are latest datas; If latest data; Then not from the said first module reading of data, if not latest data, then from the said first module reading of data and with the metadata cache that is read in said second module.Here, said nonsensitive data can be the digital certificate that does not contain private key.
Moreover, in above-mentioned data processing method, in said first module, writing data and can comprise in said the 4th step: said three module through said four-way to the said first module write data; And said first module returns to said three module through said four-way with the result that write data produces.
In addition, above-mentioned data processing method can also comprise: the 5th step, break off said four-way.The 5th step can comprise: said first module or said three module send open command to said second module; Said second module is sent disconnection information and is given said first module and said three module; Said second module connects the authentication code that is produced with this and is treated to the invalid authentication sign indicating number; And said second module is broken off said first passage, said second channel and said four-way.
In addition; Optional is; Above-mentioned data processing method can also be included in the digital signature operation Business Processing step afterwards of said the 4th step; Wherein said digital signature system also comprises four module; Through communicating by letter in the five-way road, said Business Processing step comprises between said three module and the said four module: the information of said three module after digital signature sends to said four module with business datum through said five-way road, and said four module is verified the information after the said digital signature; If digital signature information checking result is correct, said four module is handled said business datum and through said five-way road said digital signature information checking result and service processing result is returned to said three module; If said digital signature information checking result is incorrect, then said four module is not handled said business datum and through said five-way road said digital signature information checking result is returned to said three module.Said data processing method can also comprise: the 5th step, after said Business Processing step, break off said four-way.Said the 5th step can comprise: said first module or said three module send open command to said second module; Said second module is sent disconnection information and is given said first module and said three module; Said second module connects the authentication code that is produced with this and is treated to the invalid authentication sign indicating number; And said second module is broken off said first passage, said second channel and said four-way.
Through adopting data processing method of the present invention, can make operation system safer, more reliable.
In addition, data processing method of the present invention can be used for various emerging terminals, makes the manpower cost and the cost of system development and application be minimized.
Further,, can make the user receive signing messages at any time easily and add their confirmation, for example move, digital signature easily through adopting data processing method of the present invention.
It should be apparent that to one skilled in the art, on the basis of foregoing, can make various modifications, conversion or combination them.
According to figs and detailed description, the present invention and corresponding other system, device, method, feature and advantage will be to those skilled in the art or become obvious.The application is intended to make all these and other system, device, method, feature and advantage to be included in this description.Be to be understood that; The generality of this paper front is described and following detailed all is exemplary with indicative; Being intended to provides the further understanding as to technical scheme required for protection, but has no thing should be considered to be the restriction to technical scheme required for protection.
Description of drawings
Below, for understanding the present invention better, with combining accompanying drawing to describe each exemplary embodiment of the present invention in detail.
Fig. 1 is the structure chart of the traditional data handling system that can be used for digital signature, wherein also schematically illustrates each step mark of its basic operation flow process;
Fig. 2 is a kind of overall structure figure that realizes the data handling system of data processing method of the present invention of the exemplary embodiment according to the present invention;
Fig. 3 is the structure chart of first module instance in the data handling system of realization data processing method of the present invention of the exemplary embodiment according to the present invention;
Fig. 4 is the structure chart of second module instance in the data handling system of realization data processing method of the present invention of the exemplary embodiment according to the present invention:
Fig. 5 is the structure chart of three module instance in the data handling system of realization data processing method of the present invention of the exemplary embodiment according to the present invention;
Fig. 6 is the structure chart of four module instance in the data handling system of realization data processing method of the present invention of the exemplary embodiment according to the present invention;
Fig. 7 is the overall structure figure of an instance of data handling system of the realization data processing method of the present invention of the exemplary embodiment according to the present invention;
Fig. 8 is the structure chart according to an instance of the digital signature device of realization of the present invention data processing method of the present invention;
Fig. 9 A is the flow chart of first kind of method for building up instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention;
Fig. 9 B is the flow chart of the another kind of method for building up instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention;
Figure 10 A is the flow chart of first kind of disconnect method instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention;
Figure 10 B is the flow chart of the another kind of disconnect method instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention;
Figure 11 A is the flow chart of the first method instance of authentication in the instance of data processing method of the exemplary embodiment according to the present invention;
Figure 11 B is the flow chart of the another kind of method instance of authentication in the instance of data processing method of the exemplary embodiment according to the present invention;
Figure 12 is the flow chart of reading word certificate instance in the instance of data processing method of the exemplary embodiment according to the present invention; And
Figure 13 is the flow chart that carries out the business datum signature in the instance of data processing method of the exemplary embodiment according to the present invention and handle instance.
Embodiment
To be described in detail with reference to each execution mode of this paper now, in the accompanying drawing diagram example.For its thought is conveyed to those of ordinary skills, provide after this these execution modes of introducing as an example.Therefore, these execution modes can be implemented with different forms, thereby are not limited to these execution modes described here.And, in any possible place, in whole specification and accompanying drawing, will use identical Reference numeral to represent same or analogous parts.
Fig. 2 is a kind of overall structure figure that realizes the data handling system of data processing method of the present invention of the exemplary embodiment according to the present invention.This data handling system for example can be a kind of digital signature system.As shown in Figure 2, this digital signature system can comprise first module 203, second module 205 and the three module 202.First module 203 can comprise digital signature device of the present invention (will be discussed in more detail below) thus in order to realize digital signature of the present invention operation; Second module 205 can play the gateway effect, and three module 202 can be used to submit to signing messages and business datum.First module 203 communicates through the first passage C211 and second module 205, and second module 205 communicates through second channel C212 and three module 202, and three module 202 also directly communicates with first module 203 through third channel C213.
First passage C211 can set up through sharing key between first module 203 and second module 205, and for example this key can carry out writing when equipment is issued initialization in first module 203 and second module 205.Second channel C212 can be the escape way that is based upon on the SSL VPN agreement basis.Third channel C213 can obtain (for example look and read) security information and sets up to the mode of this security information of input unit input of three module 202 from the output unit (for example display unit) of first module 203 through the user.Certainly, the mode of these foundation is not limited thereto, and any mode of setting up that those skilled in the art can expect may be used to the present invention.Under the situation that first passage C211, second channel C212 and third channel C213 set up, between first module 203 and three module 202, set up four-way C214 via second module 205.In the present invention; Three module 202 calls the function of first module 203 to carry out digital signature operation of the present invention through four-way C214; Perhaps read the data in first module 203 or in first module 203, write data, can make digital signature system safer, more reliable thus.Four-way for example can be able to set up with reference to the described flow process of Fig. 9 A-9B like hereinafter.
Optional is, this digital signature system may further include four module 204, is used for the information behind the signature is verified and business is handled.In this case; Four module 204 is through the information row checking of five-way road C215 after to the digital signature that receives from three module 202; The result handles the business datum that receives from said three module 202 according to checking, and result is sent to three module 202.Like this, this digital signature system also has service processing function except the function with the efficient public security system set up.
First module instance: based on the digital signature device of mobile communications network
First module for example can be the digital signature device based on mobile communications network as shown in Figure 3.Certainly, the form of first module of the present invention and environment for use etc. are not limited in this, and those skilled in the art can make various modifications and conversion to it after reading and understanding the present invention.Fig. 3 be in the data handling system of realization data processing method of the present invention of an exemplary embodiment according to the present invention first module as the structure chart of an instance of the digital signature device that has mobile communication function.As shown in Figure 3, digital signature device can comprise first display unit 3031, first input unit 3032, digital signature unit 3033, identity authenticating unit 3034, the first authentication code unit 3035, the first safety function unit 3036 and first mobile comm unit 3037.
First display unit 3031 links to each other with digital signature unit 3033, identity authenticating unit 3034 and the first authentication code unit 3035 respectively; First input unit 3032 links to each other with identity authenticating unit 3034 with digital signature unit 3033, the first authentication code unit 3035 respectively; Digital signature unit 3033, identity authenticating unit 3034 and the first authentication code unit 3035 also link to each other with the first safety function unit 3036 separately, and the first safety function unit 3036 also links to each other with first mobile comm unit 3037.
The user can confirm the information that the user need sign through first input unit 3032, can also import all or part of information that needs signature, also can import subscriber identity information and/or initiate to produce first authentication code.First input unit can key device form realize.Use key device identical, and its cost is low with existing banking equipment such as code keypad operating habit.Certainly; First input unit is not limited to this; Can comprise that also other input unit parts that those skilled in the art can expect are perhaps substituted by it, for example fingerprint sensor, vocal print harvester, iris capturing device or recognition of face harvester etc.Use the mode of these biomedical information acquisitions can let the user need not to remember authentication information such as password, and biological information can not lose, be difficult to forge, its fail safe is stronger.
Identity authenticating unit 3034 can be verified the subscriber identity information from first input unit 3032; The perhaps subscriber identity information that transmits through the first safety function unit 3036 of three module; And identity information verified that the result exports to the first safety function unit 3036 and first display unit 3031, can start digital signature unit 3033 after the subscriber identity information checking is correct and carry out signature operation.
The information of the needs signature that 3033 pairs of digital signature unit transmit through the first safety function unit 3036 from first input unit 3032 and/or from three module is carried out digital signature.Before signature, will need the information of digital signature to export to first display unit 3031, and being shown to the user, thereby the user can be confirmed through 3032 pairs of these information of first input unit.The digital signature unit can carry out digital signature through the association key and the algorithm of built-in digital signature, also can carry out digital signature by other modes that those skilled in the art knew.
The first authentication code unit 3035 initiates to produce first authentication code according to connection request, and first authentication code is exported to first display unit 3031.This connection request can be that the user passes through 3032 initiations of first input unit as previously mentioned, also can initiate and transmit via the first safety function unit through second input unit of three module like the said user of being in back.Preferably, safer preventing that authentication code from revealing because of change in time for making system, each to connect first authentication code that is produced all different.Better is that for making system further safely to prevent that working as time authentication code is revealed, first authentication code can be a random number.
In addition; The first authentication code unit further compares first authentication code of current generation and user through the authentication code of second input unit input of three module; Comparison result is exported to first display unit 3031, and comparison result is passed to second module through the first safety function unit 3036.Optional is; By after state the second authentication code unit and do under the situation of authentication code comparison; The first safety function unit 3036 can be exported to first authentication code of current generation in the first authentication code unit, so that the second authentication code unit of second module can receive this authentication code and compare through the authentication code of second input unit input of three module with the user.
First mobile comm unit 3037 communicates with the outside.First mobile comm unit 3037 can built-in at least a mobile radio communication WAP stack, as: the mobile communication wireless protocol stack of standards such as GPRS, EDGE, narrowband CDMA, CDMA2000, WCDMA, TD-SCDMA or LTE.Thus; Digital signature device of the present invention can have mobile communications network wireless signal and/or network signal region covered to communicate by letter with the foundation of second module any; Can make the user receive signing messages at any time easily and add their confirmation, for example move, digital signature easily.First mobile comm unit is built-in network protocols stack (like TCP/IP) further, so that the network protocol stack and first module of the utilization that gateway can be convenient equity establish a communications link.
First display unit 3031 can show various data; For example; From the needs of digital signature unit 3033 carry out the information of digital signature, from first authentication code of the first authentication code unit 3035 or (afterwards stating) second authentication code with from the authentication code comparison result of the first authentication code unit 3035, also can optionally show from the subscriber identity information of identity authenticating unit 3034 and/or identity information checking result or the like.Certainly, other output blocks that first display unit also can be expected by those skilled in the art substitute, for example audio output part etc.
The data that the first safety function unit 3036 transmits between can the second communication unit to first mobile comm unit 3037 and (afterwards stating) second module are protected.Particularly, the related datas such as user profile, authentication code and/or authentication information before and after the 3036 pairs of digital signature in the first safety function unit are protected.Can also be built-in or obtain with the second module cipher key shared and algorithm and set up safer first passage in the first safety function unit 3036, the mode that perhaps can know is by one of skill in the art set up safer first passage.It is pointed out that like the back saidly, the first safety function unit 3036 is not necessary, the first safety function unit can as after state and be removed the second safety function unit in second module.Under the first safety function unit, 3036 non-existent situation; Digital signature unit 3033, identity authenticating unit 3034 and first authentication ' unit 3035 directly are connected with first mobile comm unit 3037, and all exchanges data are also directly carried out with first mobile comm unit 3037.
Preferably, digital signature unit 3033, identity authenticating unit 3034, the first authentication code unit 3035 and the first safety function unit 3036 can be integrated in the same chips so that the structure of digital signature device more simply, more portable.And this implementation is sealed the circulation of information more, and system is more safe and reliable.
Fig. 8 is the structure chart according to an instance of the digital signature device of realization of the present invention data processing method of the present invention.As shown in Figure 8, this digital signature device can comprise master cpu (built-in cryptographic algorithm and safe storage function) 801, liquid crystal indicator 802, wireless modem chipset (containing SIM) 803 and antenna 804, button and finger print input device 805, data and charging inlet device 806 and be used for the battery 807 to this device power supply.Integrated digital signature unit, identity authenticating unit, the first authentication code unit and the first safety function unit in the master cpu 801; Wireless modem chipset 803 is corresponding to first wireless communication unit; Liquid crystal indicator 802 is corresponding to first display unit; And button and finger print input device 805 are corresponding to first input unit.Master cpu 801 directly links to each other respectively with liquid crystal indicator 802, wireless modem N chipset 803, button and finger print input device 805, data and charging inlet 806.Certainly, this signature apparatus can further include traditional and the interface arrangement user terminal direct communication, and for example bluetooth, USB are from interface etc., so that satisfy the demand that the user connects tradition.
Second module instance: security gateway
Second module for example can be a security gateway as shown in Figure 4.Certainly, the form of second module of the present invention and environment for use etc. are not limited in this, and those skilled in the art can make various modifications and conversion to it after reading and understanding the present invention.As stated, second module can play the effect of gateway, and for the strengthening system fail safe, security gateway is a better implementation.Fig. 4 be in the data handling system of realization data processing method of the present invention of an exemplary embodiment according to the present invention second module as the structure chart of an instance of security gateway.As shown in Figure 4, this security gateway can comprise: the second communication unit 4051 that communicates with first module 203; The third communication unit 4055 that communicates with three module 202; The second safety function unit 4052; Data buffer storage unit 4054; With the second authentication code unit 4053.
The second safety function unit 4052 links to each other with second communication unit 4051; Data buffer storage unit 4054 links to each other with third communication unit 4055 with the second safety function unit 4052 respectively, and the second authentication code unit 4053 links to each other with third communication unit 4055 with the second safety function unit 4052 respectively.
The second safety function unit 4052 can be used for further guaranteeing that the first passage between first module and second module is safe.For example, the second safety function unit can use relevant key and algorithm that the data of transmitting in the first passage are carried out encryption and decryption, guarantees the fail safe of first passage.In fact as general gateway, can save the second safety function unit 4052.When saving the second safety function unit 4052, data buffer storage unit 4054, the second authentication code unit 4053 directly link to each other with second communication unit 4051 respectively.
Data buffer storage unit 4054 can be used for storing in the four-way nonsensitive data (digital certificate that does not for example comprise private key) that flows to second module from first module; Like this; If three module need repeatedly read same nonsensitive data from first module; Just can all read at every turn, and can read from the data buffer storage unit second module from first module.Can reduce data traffic between first module 203 and second module like this, raise the efficiency.Certainly, the nonsensitive data of indication of the present invention is not limited to not comprise the digital certificate of private key, and any available non-sensitive information that those skilled in the art knew may be used to the present invention.It is pointed out that data buffer storage unit 4054 can save.Under the situation that does not have data buffer storage unit 4054, all information that three module reads from first module all directly read from first module.
The second authentication code unit 4053 can initiate to produce second authentication code according to connection request, and second authentication code is exported to first display unit of first module.This connection request can be first input unit initiation that the user passes through first module as previously mentioned, also can initiate and transmit via the first safety function unit through second input unit of three module like the said user of being in back.Preferably, safer preventing that authentication code from revealing because of change in time for making system, each to connect second authentication code that is produced all different.Better is that for making system further safely to prevent that working as time authentication code is revealed, second authentication code can be a random number.
In addition; The second authentication code unit 4053 can also be imported second authentication code and the user of current generation through second input unit of three module authentication code compares; And comparison result exported to first display unit of first module, and comparison result is passed to three module through third communication unit 4055.Optional is; Under the situation of doing the authentication code comparison by the aforementioned first authentication code unit; The second safety function unit 4052 can be exported to second authentication code of current generation in the second authentication code unit, so that the first authentication code unit of first module can receive this authentication code and compare through the authentication code of second input unit input of three module with the user.
The structure of second communication unit can be identical or similar with the structure of first mobile comm unit, for avoiding repetition, repeats no more here.
Third communication unit can be any communicating devices that realizes that those skilled in the art can expect.
Three module instance: user terminal
Three module for example can be a kind of user terminal as shown in Figure 5.Certainly, the form of three module of the present invention and environment for use etc. are not limited in this, and those skilled in the art can make various modifications and conversion to it after reading and understanding the present invention.Fig. 5 be in the data handling system of realization data processing method of the present invention of an exemplary embodiment according to the present invention three module as a kind of structure chart of an instance of user terminal.Can generate the information that needs signature on this user terminal, the information behind the signature can be sent out to service server with business datum.As shown in Figure 5, this user terminal can comprise: believe unit 5024 with the four-way that second module 205 communicates; Second display unit 5022; Second input unit 5021; Signing messages commit unit 5023; With business datum commit unit 5025.
As previously mentioned, the user can initiate to produce first or second authentication code through all or part of information, the subscriber identity information that needs signature of first input unit input of first module, also can not carry out these operations through this first input unit.Do not need under the information state of signature through the first input unit input of first module the user, the user can need the information of signature through second input unit, 5021 inputs of three module.In addition, under the information state that the user need sign through the first input unit importation of first module, the user can import the information that remainders need be signed through second input unit 5021 of three module.Do not import under the situation of subscriber identity information through first input unit of first module the user, the user can be through second input unit, the 5021 input subscriber identity informations of three module.Do not initiate to produce under the situation of first authentication code or second authentication code through first input unit of first module the user, the user can initiate to produce first authentication code or second authentication code through second input unit 5021 of three module.Second input unit 5021 can key device form realize.Because the traditional calculating machine equipment all is to adopt keyboard as input mode, adopt key device to make conventional computer device can be used as user terminal.Certainly; Second input unit 5021 is not limited to this; Also can be corresponding to the configuration of first input unit; Comprise that other input unit parts that those skilled in the art can expect are perhaps substituted by it, for example fingerprint sensor, vocal print harvester, iris capturing device or recognition of face harvester etc.Use the mode of this type biomedical information acquisition can let the user need not to remember authentication information such as password, and biological information can not lose, be difficult to forge, its fail safe is stronger.
Signing messages commit unit 5023 carries out need the information of digital signature and submits to first module 203 to carry out the digital signature operation or first module 203 is write data and/or sense data operation through four-way letter unit 5024, the four-way C214 that is set up and second module 205.Information behind the signature sends back signing messages commit unit 5023 through four-way C214 and the four-way letter unit 5024 set up.
Optional is; Also have in data handling system under the situation of service processing function; That is to say; Further comprise in data handling system under the situation of the four module 204 that is used for business handled and the information behind the signature (as previously mentioned, the information behind the signature is by first module information of needs signature to be carried out generating after the digital signature, and is transferred to three module through four-way) is verified; The signing messages commit unit sends the information after signing to the business datum commit unit, and the information of business datum commit unit 5025 behind 5026 signatures in five-way letter unit is submitted to four module 204 together with business datum.
The 4th can be any communicating devices that realizes that those skilled in the art can expect to five-way letter unit.
This user terminal can be by desktop computer, notebook computer, panel computer, mobile phone, personal digital assistant, ATM or the arbitrary realization of POS machine, but is not limited to this, as long as can using of can expecting of those skilled in the art.These user terminals all are existing terminals, need not to make any change, practice thrift system's construction cost.
It is pointed out that at one and can realize digital signature and need not to carry out in the system of Business Processing that the business datum commit unit is omissible.
Four module instance: service server
As stated, also have in data handling system under the situation of service processing function, this system can also have and is used for business is handled and to the four module verified of information behind the signature.Four module for example can be a kind of service server as shown in Figure 6.Certainly, the form of four module of the present invention and environment for use etc. are not limited in this, and those skilled in the art can make various modifications and conversion to it after reading and understanding the present invention.Fig. 6 is the structure chart of four module in the data handling system of realization data processing method of the present invention of the exemplary embodiment according to the present invention.As shown in Figure 6, this service server can comprise: the 6th communication unit 6043 that communicates with three module 202; Service Processing Unit 6041; With signature verification unit 6042.
More than about detailed respectively its each module of having given an example of the data handling system of an exemplary embodiment according to the present invention.Below, the instance and the operating process thereof of the digital signature system of such data treatment system are described in conjunction with Fig. 7 and Fig. 9 A-12.
Fig. 7 is the overall structure figure of a digital signature system example of data handling system of the realization data processing method of the present invention of the exemplary embodiment according to the present invention.As shown in Figure 7, be first module based on the digital signature device 703 of mobile communications network, security gateway 705 is second module, the user terminal that can surf the Net for example notebook computer 702 is a three module, and service server 704 is a four module.Represent based on the digital signature device 703 of mobile communications network and the first passage between the security gateway 705 with C711; Represent the second channel between security gateway and the notebook computer 702 with C712; Represent notebook computer 702 and based on the third channel between the digital signature device 703 of mobile communications network with C713, wherein third channel C713 can look sense information and this information is set up in the input unit input of three module from the output unit of first module through the user.The shared key that writes when preferably, first passage C711 can be through device initialize as previously mentioned at security gateway 705 and between based on the digital signature device 703 of mobile communications network is realized its further fail safe.
Below, with combining Fig. 9 A-Figure 12 that the operating process of this instance is described.In operating process, signature apparatus at first will be connected with user terminal sets up four-way.After setting up, four-way can carry out the operation of authentication.After the authentication operation success, user terminal just can carry out the read-write of signature apparatus and carry out the digital signature operation.The user can select to break off being connected of four-way between signature apparatus and the user terminal after action required was accomplished.
The connection procedure example 1 of signature apparatus and user terminal
As previously mentioned; In the present invention; Three module calls first module to carry out digital signature operation of the present invention through four-way, perhaps reads the data in first module or in first module, writes data, can make data handling system safer, more reliable thus.Therefore, an instance of the foundation of four-way at first is described here.
Fig. 9 A is the flow chart of first kind of method for building up instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Fig. 9 A, S900 begins from step.At step S901, the user for example initiates to connect through notebook computer 702, sets up second channel C712.For example, between user's notebook computer 702 and security gateway 705, setting up a SSL connects.
Then, at step S902, the user is input to the equipment number of the account on the notebook computer 702.
Then, at step S903, notebook computer 702 is mentioned connection request through second channel C712 to security gateway 705.
At step S904, security gateway 705 with set up first passage C711 based on the digital signature device 703 of mobile communications network through foregoing shared key accordingly.If can't be connected (for example under the situation of user's shutdown, or under the situation of number of the account input error) with corresponding digital signature apparatus 703, then arrive step S909, second channel C712 is broken off in connection failure, and this operation finishes at step S911 at this point., arrives first passage step S905 if effectively setting up; Security gateway 705 and signature apparatus 703 are shared second authentication code that first authentication code that the first authentication code unit produces or the second authentication code unit produce through first passage, and with its first display unit that is presented at signature apparatus 703 for example on the LCDs.
At step S906, the user is at input equipment number of the account on the notebook computer 702 and the authentication code that is presented on the display screen of signature apparatus 703, and notebook computer 702 sends to security gateway 705 with this authentication code with the equipment number of the account through second channel C712.
At step S907; Security gateway 705 will be compared with the authentication code of sharing through first passage C711 from the authentication code of second channel C712, if two authentication codes are different, then arrive step S910; Connection failure; And break off first passage C711 and second channel 712, and it is invalid that this connects the shared authentication code that is generated, and this operation finishes at step S912 at this point.If two authentication codes are identical, then arrive step S908, successful connection is set up four-way C714 through security gateway between signature apparatus 703 and the notebook computer 702, and this operation finishes at step S913 at this point.
The connection procedure example 2 of signature apparatus and user terminal
Perhaps; Four-way also can be taked other the mode of setting up; The another kind of method for building up instance of four-way in the instance of the data processing method of an exemplary embodiment shown in Fig. 9 B for example according to the present invention; Certainly, the present invention is not limited to this, and those skilled in the art obviously can make other modification and conversion according to these methods.The another kind of method for building up instance of four-way is described below in conjunction with Fig. 9 B.
Fig. 9 B is the flow chart of the another kind of method for building up instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Fig. 9 B, S920 begins from step.At step S921, the user for example initiates to connect based on the digital signature device 703 of mobile communications network.For example, the user initiates to connect through the button of digital signature device 703.
Then, at step S922, digital signature device 703 initiates to set up first passage C711 with security gateway 705 through foregoing shared key.If step S927 is then arrived in connection failure (for example under the bad situation of no network signal or network signal), this operation finishes at step S929 at this point.If; Step S923 is then arrived in successful connection; Security gateway 705 is shared first authentication code of first authentication code unit generation or second authentication code that the second authentication code unit produces with signature apparatus 703 through first passage, and it is presented on the LCDs of signature apparatus 703.
At step S924, the user is at input equipment number of the account on the notebook computer 702 and the authentication code that is presented on the display screen of signature apparatus 703, and notebook computer 702 sends to security gateway 705 with this authentication code with the equipment number of the account through second channel C712.
At step S925; Security gateway 705 will if two authentication codes are different, then arrive step S928 from the authentication code of second channel C712 and the checking of comparing through the shared authentication code of first passage C711; Connection failure; Break off first passage C711, it is invalid that this connects the shared authentication code that generates, and this operation finishes at step S930 at this point.If two authentication codes are identical, then arrive step S926, successful connection is set up four-way C714 through security gateway between signature apparatus 703 and the notebook computer 702, and this operation finishes at step S931 at this point.
Four-way breaks off process example 1
Preferably; Four-way C714 can break off after the digital signature operation is accomplished; Shown in Figure 10 A and 10B, with further guarantee when time operation do not influenced or utilize by external unsafe factor, thereby the data handling system of making and operation safe thereof, reliably.At first combine Figure 10 A that first kind of disconnect method instance of four-way is described below.
Figure 10 A is the flow chart of first kind of disconnect method instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Figure 10 A, S1000 begins from step.At step S1001, the user for example initiates the disconnection of four-ways through notebook computer 702, to break off and being connected of signature apparatus 703.For example, the user is through clicking corresponding button at the interface of notebook computer, or on keyboard of notebook computer, does corresponding input.
Then, at step S1002, notebook computer 702 is submitted to security gateway 705 to the equipment number of the account that will break off signature apparatus through second channel C712.
Then; At step S1003, security gateway 705 breaks off first passage C711, second channel C712 and four-way C714 to disconnection information notice notebook computer 702 and signature apparatus 703; And the authentication code that this operation has been produced is invalid, and this operation finishes at step S1004 at this point.
Four-way breaks off process example 2
Perhaps; Four-way also can be taked other disconnect mode; The another kind of disconnect method instance of four-way in the instance of the data processing method of an exemplary embodiment shown in Figure 10 B for example according to the present invention; Certainly, the present invention is not limited to this, and those skilled in the art obviously can make other modification and conversion according to these methods.The another kind of disconnect method instance of four-way is described below in conjunction with Figure 10 B.
Figure 10 B is the flow chart of the another kind of disconnect method instance of four-way in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Figure 10 B, S1010 begins from step.At step S1011, the user for example initiates the disconnection of four-way through on signature apparatus 703, pressing corresponding button, to break off and being connected of notebook computer 702.
Then, at step S1012, signature apparatus 703 proposes the disconnection request to security gateway 705.
Then; At step S1013, security gateway 705 breaks off first passage C711, second channel C712 and four-way C714 to disconnection information notice notebook computer 702 and signature apparatus 703; And the authentication code that this operation has been produced is invalid, and this operation finishes at step S1014 at this point.
Authentication process itself example 1
After four-way is set up, need carry out an authentication process itself, authentication through after can carry out digital signature.Shown in Figure 11 A and 11B, authentication process itself can guarantee that user and equipment holder are corresponding, prevents the hidden danger of generation when equipment is stolen, thus the data handling system of making and operation safe thereof, reliable.The first method instance that at first combines Figure 11 A explanation authentication below.
Figure 11 A is the flow chart of the first method instance of authentication in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Figure 11 A, S1100 begins from step.In step 1101, the user for example imports PIN code as user identity (checking) information in for example PIN code (PIN) input frame on notebook computer 702.
Then, at step S1102, subscriber identity information passes to signature apparatus 703 through four-way C714.
Then, at step S1103, signature apparatus 703 utilizes the subscriber identity information that receives to carry out authentication.
At last, at step S1104, signature apparatus 703 passes to user's notebook computer 702 to the result of authentication through four-way C714, and this operation finishes at step S1105 at this point.
Authentication process itself example 2
Perhaps; Authentication process itself also can be taked other mode; The another kind of method instance of authentication in the instance of the data processing method of an exemplary embodiment shown in Figure 11 B for example according to the present invention; Certainly, the present invention is not limited to this, and those skilled in the art obviously can make other modification and conversion according to these methods.Another kind of method instance below in conjunction with Figure 11 B explanation authentication.
Figure 11 B is the flow chart of the another kind of method instance of authentication in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in Figure 11 B, S1110 begins from step.In step 1111, the user for example imports PIN code as subscriber identity information in for example PIN code (PIN) input frame on signature apparatus 703.
Then, at step S1112, the subscriber identity information of 703 pairs of above-mentioned inputs of signature apparatus carries out authentication.
At last, at step S1113, signature apparatus is presented at the authentication result on the for example display unit of signature apparatus, and passes to user's notebook computer 702 to the result of authentication through four-way C714, and this operation finishes at step S1114 at this point.
Reading word certificate instance
As previously mentioned; In the present invention, under the situation that four-way is set up, and under the successful prerequisite of its authentication; Three module calls first module to carry out digital signature operation of the present invention through four-way, perhaps reads the data in first module or in first module 203, writes data.Therefore, combine Figure 12 and Figure 13 to explain that the process of reading word certificate and data handling system are having service processing function below respectively, that is, have the process instance that four module for example carries out professional signature and handles under the example case of service server.Certainly, the present invention is not limited to this, and those skilled in the art obviously can make other modification and conversion according to it.
Figure 12 is the flow chart of reading word certificate instance in the instance of data processing method of the exemplary embodiment according to the present invention.
Shown in figure 12, S1200 begins from step.At step S1201; The user for example initiates to read digital certificate through a corresponding button that reads on the certificate application interface that clicks on the notebook computer 702, and notebook computer 702 will ask to offer security gateway 705 with the equipment number of the account through four-way C712.
At step S1202, whether security gateway 705 is inquired about the corresponding digital certificate according to the equipment number of the account and is buffered in the gateway.If no, then arrive step S1206, from signature apparatus 703, read digital certificate data through four-way C711, then to step S1205.If have, then directly arrive step S1203.
At step S1203, security gateway 705 reads its certificate characteristic value through four-way from device.
At step S1204, security gateway 705 is done comparison according to characteristic value that reads and the characteristic value that is stored in the gateway, judges whether it is up-to-date certificate.If not, then arrive step S1206, from signature apparatus 703, read digital certificate data through four-way C711, then to step S1205.If then directly arrive step S1205.
At step S1205, security gateway 705 returns to notebook computer 702 through four-way with digital certificate data, and this operation finishes at step S1207 at this point.
The instance that information is signed
Following declarative data treatment system is having service processing function,, under the situation that four-way is successfully set up, has that four module for example carries out professional signature under the example case of service server and an instance of the process handled that is.Figure 13 is the flow chart that carries out the business datum signature in the instance of data processing method of the exemplary embodiment according to the present invention and handle instance.Certainly, the present invention is not limited to this, and those skilled in the art obviously can make other modification and conversion according to it.
Shown in figure 13, S1300 begins from step.At step S1301, the user is in the information and the business datum of the relevant needs signature of notebook computer 702 inputs.
At step S1302, notebook computer 702 sends to signature apparatus 703 to the message part of needs signature through four-way C714.
At step S1303, user's affirmation on signature apparatus 703 needs the information of signature and this information is carried out digital signature.
At step S1304, the information behind the signature turns back to notebook computer 702 through four-way C714.
At step S1305, notebook computer 702 sends to service server 704 to signature back information and business datum through five-way road C715.
At step S1306, the industry of going forward side by side of the information behind service server 704 certifying signatures be engaged in to be handled, and after the completion service processing result is returned to notebook computer 702 through five-way road C715, and this operation finishes at step S1307 at this point.
The front has combined each execution mode of the present invention to give an example in detail digital signature device of the present invention, data handling system and method have been described.Through adopting digital signature device of the present invention, data handling system and method, can make data handling system safer, credible.
In addition, digital signature device of the present invention, data handling system and method can be used for various emerging terminals, make the manpower cost and the cost of system development and application be minimized.
Further, through adopting digital signature device of the present invention, data handling system and method, can make that the user moves, digital signature easily.
The front combines exemplary embodiment of the present invention to describe the present invention in detail; But it will be appreciated by those skilled in the art that; These exemplary embodiment and instance should be as the restrictions to protection scope of the present invention, those to one skilled in the art clearly modification, conversion and replacement all should drop in protection scope of the present invention.
Claims (18)
1. data processing method; Said data processing method is carried out by data handling system; Said data handling system comprises first module with digital signature device, the three module that plays second module of gateway effect and be used to carry out the signing messages submission, and said data processing method comprises:
First step is set up first passage (C211) and between said second module and said three module, is set up second channel (C212) between said first module and said second module;
Second step is set up third channel (C213) between said first module and said three module;
Third step, first authentication code that utilizes said digital signature device to produce is set up four-way (C214) via said second module between said first module and said three module; And
The 4th step, said three module calls said first module to carry out the digital signature operation through said four-way, and perhaps said three module reads the data in said first module or in said first module, writes data through said four-way.
2. data processing method as claimed in claim 1, wherein said first step comprises:
The user initiates to connect through said digital signature device, sets up said first passage; And
Said second module is initiated connection request to said three module, sets up said second channel.
3. like the arbitrary described data processing method of claim 1-2, wherein said second step comprises:
Said second module and said digital signature device are shared said first authentication code through said first passage, and said digital signature device sends the authentication code of sharing to user; And
The user imports authentication code and the three module information that said digital signature device sends on said three module, set up said third channel thus.
4. data processing method as claimed in claim 3, wherein said third step comprises:
Said three module sends to said second module with the authentication code that the user imports with said three module information through said second channel; And
Said second module is compared the authentication code and the said shared authentication code of said user's input, if the authentication code of said user input is identical with said shared authentication code, then said four-way is set up; If the authentication code of said user's input is different with said shared authentication code, then break off said first passage and said second channel, it is invalid that this connects the said shared authentication code that is generated.
5. data processing method as claimed in claim 3, wherein said third step comprises:
Said three module sends to said second module with the authentication code that the user imports with said three module information through said second channel, and said second module sends to said digital signature device through said first passage with the authentication code that said user imports; And
Said digital signature device is compared the authentication code and the said shared authentication code of said user's input, if the authentication code of said user input is identical with said shared authentication code, then said four-way is set up; If the authentication code of said user's input is different with said shared authentication code, then break off said first passage and said second channel, it is invalid that this connects the said shared authentication code that is generated.
6. like the arbitrary described data processing method of claim 3-5, wherein said first authentication code is in each all differences that connects.
7. like the arbitrary described data processing method of claim 3-6, wherein said first authentication code is a random number.
8. like the arbitrary described data processing method of claim 1-7, the step of wherein setting up said first passage comprises: between said first module and said second module, share key.
9. like the arbitrary described data processing method of claim 1-8, the digital signature operation in wherein said the 4th step comprises:
The user is input to subscriber identity information in the said three module (202), and said three module is submitted to said first module (203) through said four-way with said subscriber identity information, the correctness of the said subscriber identity information of said first module verification; Perhaps said user directly inputs to said first module with said subscriber identity information, the correctness of the said subscriber identity information of said first module verification;
Said first module sends to said three module through said third channel with said subscriber identity information checking result; And
If said subscriber identity information checking result is correct; So said three module sends the information that will sign to said first module through said four-way, and said first module carries out returning to said three module to the information after the digital signature through said four-way after the digital signature to the said information that will sign; If said subscriber identity information checking result is incorrect, then said three module does not transmit the said information that will sign.
10. like the arbitrary described data processing method of claim 1-8, the said data that read in said first module in wherein said the 4th step comprise:
Said three module reads the nonsensitive data in said first module through said four-way, wherein:
After reading first, with the metadata cache that is read in said second module; And
When reading once more, judge whether the data that are buffered in said second module are latest datas, if
Latest data is not then from the said first module reading of data; If not latest data, then from said
The first module reading of data and with the metadata cache that is read in said second module.
11. data processing method as claimed in claim 10, wherein said nonsensitive data are the digital certificates that does not contain private key.
12. like the arbitrary described data processing method of claim 1-8, in said first module, writing data and comprise in wherein said the 4th step:
Said three module through said four-way to the said first module write data; And
Said first module returns to said three module through said four-way with the result that write data produces.
13., also comprise like the arbitrary described data processing method of claim 1-12:
The 5th step is broken off said four-way.
14. data processing method as claimed in claim 13, wherein said the 5th step comprises:
Said first module or said three module send open command to said second module;
Said second module is sent disconnection information and is given said first module and said three module;
Said second module connects the authentication code that is produced with this and is treated to the invalid authentication sign indicating number; And
Said second module is broken off said first passage, said second channel and said four-way.
15. like the arbitrary described data processing method of claim 1-8; Also be included in the digital signature operation Business Processing step afterwards of said the 4th step; Wherein said data handling system also comprises four module; Communicate by letter through five-way road (C215) between said three module and the said four module, said Business Processing step comprises:
The information of said three module after digital signature sends to said four module with business datum through said five-way road; Said four module is verified the information after the said digital signature; If digital signature information checking result is correct, said four module is handled said business datum and through said five-way road said digital signature information checking result and service processing result is returned to said three module; If said digital signature information checking result is incorrect, then said four module is not handled said business datum and through said five-way road said digital signature information checking result is returned to said three module.
16. data processing method as claimed in claim 9; Also be included in the Business Processing step of utilizing the information after the said digital signature after the operation of said digital signature; Wherein said data handling system also comprises four module; Communicate by letter through five-way road (C215) between said three module and the said four module, said Business Processing step comprises:
The information of said three module after said digital signature sends to said four module with business datum through said five-way road; Said four module is verified the information after the said digital signature; If digital signature information checking result is correct, said four module is handled said business datum and through said five-way road said digital signature information checking result and service processing result is returned to said three module; If said digital signature information checking result is incorrect, then said four module is not handled said business datum and through said five-way road said digital signature information checking result is returned to said three module.
17., also comprise like claim 15 or 16 described data processing methods:
The 5th step is broken off said four-way after said Business Processing step.
18. data processing method as claimed in claim 17, wherein said the 5th step comprises:
Said first module or said three module send open command to said second module;
Said second module is sent disconnection information and is given said first module and said three module;
Said second module connects the authentication code that is produced with this and is treated to the invalid authentication sign indicating number; And
Said second module is broken off said first passage, said second channel and said four-way.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105934584A CN102571337A (en) | 2010-12-17 | 2010-12-17 | Data processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105934584A CN102571337A (en) | 2010-12-17 | 2010-12-17 | Data processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102571337A true CN102571337A (en) | 2012-07-11 |
Family
ID=46415879
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105934584A Pending CN102571337A (en) | 2010-12-17 | 2010-12-17 | Data processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571337A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546540A (en) * | 2010-12-17 | 2012-07-04 | 北京中创智信科技有限公司 | Data processing method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631309A (en) * | 2008-07-17 | 2010-01-20 | 上海华为技术有限公司 | Method, device and system for authenticating terminal based on home base station network |
| CN101765108A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety certification service platform system, device and method based on mobile terminal |
-
2010
- 2010-12-17 CN CN2010105934584A patent/CN102571337A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631309A (en) * | 2008-07-17 | 2010-01-20 | 上海华为技术有限公司 | Method, device and system for authenticating terminal based on home base station network |
| CN101765108A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety certification service platform system, device and method based on mobile terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546540A (en) * | 2010-12-17 | 2012-07-04 | 北京中创智信科技有限公司 | Data processing method |
| CN102546540B (en) * | 2010-12-17 | 2015-02-11 | 北京中创智信科技有限公司 | Data processing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101465019B (en) | Method and system for implementing network authentication | |
| CN202026326U (en) | Digital signature device | |
| US20140297539A1 (en) | Dongle device with rechargeable power supply for a secure electronic transaction | |
| US20210398134A1 (en) | Biocrypt Digital Wallet | |
| JP6032626B2 (en) | Authentication method using NFC authentication card | |
| CN103747012A (en) | Security verification method, device and system of network transaction | |
| WO2013013263A1 (en) | Call authentication methods and systems | |
| CN101790166A (en) | Digital signing method based on mobile phone intelligent card | |
| CN110659470B (en) | Authentication method and authentication system for off-line physical isolation | |
| CN103297237B (en) | Identity registration and authentication method, system, personal authentication apparatus and certificate server | |
| CN102546540B (en) | Data processing method | |
| CN105989481B (en) | Data interaction method and system | |
| CN202026311U (en) | Data processing system | |
| CN105471580B (en) | Signature rechecking method and device | |
| CN103390140A (en) | Mobile terminal and information security control method thereof | |
| JP2020184290A (en) | Intelligent wallet device and method for operating the same | |
| CN102571337A (en) | Data processing method | |
| CN105405010B (en) | Transaction device, transaction system using the same and transaction method | |
| CN108280330A (en) | Data output method and system | |
| CN203243360U (en) | Identity registration system | |
| WO2011060739A1 (en) | Security system and method | |
| CN101609391A (en) | The PIN code secured inputting method of a kind of USB KEY | |
| TW201042964A (en) | Mobile phone service system for e-commerce dual identity check | |
| CN106713225B (en) | Two-dimensional code device and system based on two-dimensional code authentication and operation method thereof | |
| KR100533035B1 (en) | Method for saving bank security card using character message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Beijing Zhongchuang Zhixin Technology Co.,Ltd. Document name: Notification that Application Deemed to be Withdrawn |
|
| C05 | Deemed withdrawal (patent law before 1993) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120711 |