CN103095458A - Device and method of data communication by storing digital certificate private key - Google Patents
Device and method of data communication by storing digital certificate private key Download PDFInfo
- Publication number
- CN103095458A CN103095458A CN2013100167221A CN201310016722A CN103095458A CN 103095458 A CN103095458 A CN 103095458A CN 2013100167221 A CN2013100167221 A CN 2013100167221A CN 201310016722 A CN201310016722 A CN 201310016722A CN 103095458 A CN103095458 A CN 103095458A
- Authority
- CN
- China
- Prior art keywords
- private key
- module
- data communication
- digital certificate
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the technical field of information safety, in particular to a device and a method of data communication by storing a digital certificate private key. The device of the data communication by storing the digital certificate private key comprises an audio input/output module, an audio conversion module, a private key management module, a near field communication (NFC) module, a power supply module and a micro-controller, wherein the audio input/output module is used for being connected and communicated with mobile terminal audio and data, the audio conversion module is used for carrying out mutual conversion and decryption processing on the audio and the data, the private key management module is used for carrying out storage through a certificate and a private key and carrying out data invoking and business signature during the process of identity authentication, the certificate and the private key are applied for through public key infrastructure (PKI)/certificate authority (CA), the NFC module is used in data communication at short ranged through the NFC technology, the power supply module is used for supplying power through a mobile terminal, the micro-controller is used for being connected with the modules and carrying out initialization, state transition and powering up of an interface circuit uniformly. According to the device and the method of the data communication by storing the digital certificate private key, a mobile terminal audio port is adopted to carry out data communication and exchange, and the range of application of a digital certificate is enlarged. The device and the method of the data communication by storing the digital certificate private key is suitable for the identity authentication of various application business of mobile internet and capable of improving reliability and credibility of network awareness.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind ofly store the device and method that the digital certificate private key carries out data communication.
Background technology
At present, fail safe in order to ensure information interaction, usually applied cryptography equipment is encrypted processing to information interaction, the encryption device of comparatively known storage digital certificate and private key, as smart card, Ukey, token etc., these hardware devices are by the USB(USB (universal serial bus)) the direct characteristics that are connected, have cryptographic authorization functions, reliable high speed with computer.
Ukey is to be very strong replenishing to existing network security system.It is the security protection product that is applicable to unit or network application.The small and exquisite exquisiteness of the design of UKey, easy to carry, the memory that himself possesses can be used for storing some personal information or certificate, the inner cipher algorithm of UKey can provide safe pipeline for transfer of data, the hardware of UKey is the chip-scale operating system that is realized by the CPU with EPROM, all read-writes and cryptographic calculation are all completed at chip internal, have very high degree of safety.
In the mobile Internet epoch of current develop rapidly, although have pattern and the legal assurance of two-factor authentication based on the hardware Ukey authentication mode of PKI/CA system, its still have can not large-scale promotion shortcoming:
(1) present stage intelligent terminal and the development of transaction platform, fewer and feweri except PC and notebook computer based on the terminal of USB communication interface, the development of the terminal applies such as panel computer, smart mobile phone, radio and television, ATM is very fast;
(2) if the user has a plurality of accounts to need PKI mode authentication signature, will hold a plurality of Ukey hardware;
(3) the dynamic password technology based on mobile phone exists by the risk of man-in-the-middle attack and intercepting and capturing, the guarantee of having no legal basis;
(4) still there is the problem of trading channel authentication passage unification in the confirmation technology of second generation Ukey, can't the effective guarantee user identity identification and the fail safe of authentication.
Summary of the invention
The technical problem that (one) will solve
The technical problem to be solved in the present invention is to provide a kind of device and method that the digital certificate private key carries out data communication of storing, to overcome the defectives such as the digital certificate business that prior art exists is single, coefficient of safety is low.
(2) technical scheme
In order to solve the problems of the technologies described above, one aspect of the present invention provides a kind of device that the digital certificate private key carries out data communication of storing, and comprises
Audio frequency input goes out module, is used for and being connected and communication of audio frequency of mobile terminal, data; Audio conversion module, the mutual conversion and the decoding that are used for audio frequency, data are processed;
Key management module, the user stores by certificate and private key that PKI/CA applies for, carries out data call and business signature in the process of authentication;
The NFC module is used for carrying out closely data communication by the NFC technology;
Supply module, being used for is that this device is powered by mobile terminal;
Microcontroller is used for connecting above-mentioned module by bus, and unified initialization, the state that carries out interface circuit changed and power up.
Further, also comprise display module, described display module provides operation-interface and information indicating for the user.
Further, also comprise electronics bio-identification module, be used for further identification user identity.
Further, store CA certificate and the private key of a plurality of mechanisms in described key management module.
Further, described electronics bio-identification module comprises fingerprint recognition or iris recognition.
On the other hand, the method that the device that the present invention also provides a kind of application memory digital certificate private key to carry out data communication carries out communication specifically comprises:
The network ID authentication request that step S1, operation system receiving terminal user initiate in the mode of client;
After step S2, operation system were received this authentication information, to terminal use's mobile terminal transmission authentication information, the client to the terminal use sent identical random code authentication information simultaneously;
Whether the random code authentication information that step S3, terminal use's comparison client are received is consistent with the authentication information that mobile terminal is received, if consistent, specifically comprises the steps:
Authentication procedure on step S4, mobile terminal becomes the audio frequency model to send on this device the signature request data transaction;
Audio conversion module in step S5, this device converts the audio signal of receiving to data-signal, calls private key information corresponding in key management module and carries out data signature;
Again convert data-signal to audio signal by audio conversion module after step S6, signature, pass the authentication procedure of mobile terminal device back;
Step S7, the mobile terminal result of signing sends back operation system;
After step S8, operation system are accepted the signature result, the signature result is verified, if certifying signature success, execution in step S9; Otherwise, execution in step S10;
Step S9, operation system are confirmed terminal use's network identity, allow the terminal use to continue to carry out next step Business Processing in operation system;
Step S10, operation system have been denied terminal use's network identity, stop the terminal use to continue to carry out next step Business Processing in operation system.
Further, if the authentication information that the random code authentication information that terminal use's comparison client is received and mobile terminal are received is inconsistent, network ID authentication request failure.
(3) beneficial effect
The embodiment of the present invention provides a kind ofly stores the device and method that the digital certificate private key carries out data communication, adopt general audio frequency of mobile terminal mouth to carry out data communication and exchange, enlarge the digital certificate technique scope of application, be applicable to the authentication of every applied business of mobile Internet; The CA certificate of integrated a plurality of mechanisms, the authentication function of support multiple business; Support the NFC technology, can compatible mobile-phone payment, the expansion of using such as identification; The biological support recognition technology has legal assurance, has promoted identification certainty and the credibility of network individuality.
Description of drawings
Fig. 1 is the apparatus structure schematic diagram that embodiment of the present invention storage digital certificate private key carries out data communication;
Fig. 2 is the flow chart that embodiment of the present invention storage digital certificate private key carries out data communication method.
Wherein, 1: module is inputted/gone out to audio frequency; 2: audio conversion module; 3: key management module; The 4:NFC module; 5: supply module; 6: microcontroller; 7: display module; 8: electronics bio-identification module.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples are used for explanation the present invention, but are not used for limiting the scope of the invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of device that the digital certificate private key carries out data communication of storing, and comprising:
Module 1 is inputted/gone out to audio frequency, is used for and being connected and communication of audio frequency of mobile terminal, data;
Audio conversion module 2, the mutual conversion and the decoding that are used for audio frequency, data are processed;
Display module 7 is used to the user that operation-interface and information indicating are provided;
The embodiment of the present invention provides a kind ofly stores the device that the digital certificate private key carries out data communication, adopt general audio frequency of mobile terminal mouth to carry out data communication and exchange, enlarge the digital certificate technique scope of application, be applicable to the authentication of every applied business of mobile Internet; The CA certificate of integrated a plurality of mechanisms, the authentication function of support multiple business; Support the NFC technology, can compatible mobile-phone payment, the expansion of using such as identification; The biological support recognition technology has legal assurance, has promoted identification certainty and the credibility of network individuality.
As shown in Figure 2, the method that the device that the present invention also provides a kind of application memory digital certificate private key to carry out data communication carries out communication specifically comprises:
The network ID authentication request that step S1, operation system receiving terminal user initiate in the mode of client;
After step S2, operation system were received this authentication information, to terminal use's mobile terminal transmission authentication information, the client to the terminal use sent identical random code authentication information simultaneously;
Whether the random code authentication information that step S3, terminal use's comparison client are received is consistent with the authentication information that mobile terminal is received, if consistent, execution in step S4;
Authentication procedure on step S4, mobile terminal becomes the audio frequency model to send on this device the signature request data transaction;
Audio conversion module in step S5, this device converts the audio signal of receiving to data-signal, calls private key information corresponding in key management module and carries out data signature;
Again convert data-signal to audio signal by audio conversion module after step S6, signature, pass the authentication procedure of mobile terminal device back;
Step S7, the mobile terminal result of signing sends back operation system;
After step S8, operation system are accepted the signature result, the signature result is verified, if certifying signature success, execution in step S9; Otherwise, execution in step S10;
Step S9, operation system are confirmed terminal use's network identity, allow the terminal use to continue to carry out next step Business Processing in operation system;
Step S10, operation system have been denied terminal use's network identity, stop the terminal use to continue to carry out next step Business Processing in operation system.
In addition, if the authentication information that the random code authentication information that terminal use's comparison client is received and mobile terminal are received is inconsistent, network ID authentication request failure.
The embodiment of the present invention provides a kind ofly stores the device and method that the digital certificate private key carries out data communication, adopt general audio frequency of mobile terminal mouth to carry out data communication and exchange, enlarge the digital certificate technique scope of application, be applicable to the authentication of every applied business of mobile Internet; The CA certificate of integrated a plurality of mechanisms, the authentication function of support multiple business; Support the NFC technology, can compatible mobile-phone payment, the expansion of using such as identification; The biological support recognition technology has legal assurance, has promoted identification certainty and the credibility of network individuality.
The above is only the preferred embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvement and replacement, these improvement and replacement also should be considered as protection scope of the present invention.
Claims (7)
1. store the device that the digital certificate private key carries out data communication for one kind, it is characterized in that, comprise
Module is inputted/gone out to audio frequency, is used for and being connected and communication of audio frequency of mobile terminal, data;
Audio conversion module, the mutual conversion and the decoding that are used for audio frequency, data are processed;
Key management module, the user stores by certificate and private key that PKI/CA applies for, carries out data call and business signature in the process of authentication;
The NFC module is used for carrying out closely data communication by the NFC technology;
Supply module, being used for is that this device is powered by mobile terminal;
Microcontroller is used for connecting above-mentioned module by bus, and unified initialization, the state that carries out interface circuit changed and power up.
2. storage digital certificate private key as claimed in claim 1 carries out the device of data communication, it is characterized in that, also comprises display module, is used to the user that operation-interface and information indicating are provided.
3. storage digital certificate private key as claimed in claim 1 carries out the device of data communication, it is characterized in that, also comprises electronics bio-identification module, is used for further identification user identity.
4. storage digital certificate private key as claimed in claim 1 carries out the device of data communication, it is characterized in that, stores CA certificate and the private key of a plurality of mechanisms in described key management module.
5. storage digital certificate private key as claimed in claim 1 carries out the device of data communication, it is characterized in that, described electronics bio-identification module comprises fingerprint recognition or iris recognition.
6. the application rights device that requires the described storage digital certificate of 1-5 any one private key the to carry out data communication method of carrying out communication, is characterized in that, comprising:
The network ID authentication request that step S1, operation system receiving terminal user initiate in the mode of client;
After step S2, operation system were received this authentication information, to terminal use's mobile terminal transmission authentication information, the client to the terminal use sent identical random code authentication information simultaneously;
Whether the random code authentication information that step S3, terminal use's comparison client are received is consistent with the authentication information that mobile terminal is received, if consistent, specifically comprises the steps:
Authentication procedure on step S4, mobile terminal becomes the audio frequency model to send on this device the signature request data transaction;
Audio conversion module in step S5, this device converts the audio signal of receiving to data-signal, calls private key information corresponding in key management module and carries out data signature;
Again convert data-signal to audio signal by audio conversion module after step S6, signature, pass the authentication procedure of mobile terminal device back;
Step S7, the mobile terminal result of signing sends back operation system;
After step S8, operation system are accepted the signature result, the signature result is verified, if certifying signature success, execution in step S9; Otherwise, execution in step S10;
Step S9, operation system are confirmed terminal use's network identity, allow the terminal use to continue to carry out next step Business Processing in operation system;
Step S10, operation system have been denied terminal use's network identity, stop the terminal use to continue to carry out next step Business Processing in operation system.
7. method as claimed in claim 6, is characterized in that, if the authentication information that the random code authentication information that terminal use's comparison client is received and mobile terminal are received is inconsistent, and network ID authentication request failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100167221A CN103095458A (en) | 2013-01-16 | 2013-01-16 | Device and method of data communication by storing digital certificate private key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100167221A CN103095458A (en) | 2013-01-16 | 2013-01-16 | Device and method of data communication by storing digital certificate private key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103095458A true CN103095458A (en) | 2013-05-08 |
Family
ID=48207622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100167221A Pending CN103095458A (en) | 2013-01-16 | 2013-01-16 | Device and method of data communication by storing digital certificate private key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103095458A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301105A (en) * | 2014-06-24 | 2015-01-21 | 齐亚斌 | Digital certificate signing method based on mobile device with communication function, and equipment for realizing the same |
| CN104301104A (en) * | 2014-06-20 | 2015-01-21 | 齐亚斌 | Method and system for digital certificate signing |
| CN111641587A (en) * | 2020-04-27 | 2020-09-08 | 河南省云安大数据安全防护产业技术研究院有限公司 | Internet of things equipment interconnection method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100291869A1 (en) * | 2007-11-15 | 2010-11-18 | Robin Wilson | Near field rf communicators |
| CN101997824A (en) * | 2009-08-20 | 2011-03-30 | 中国移动通信集团公司 | Identity authentication method based on mobile terminal as well as device and system thereof |
| CN202004768U (en) * | 2011-01-20 | 2011-10-05 | 深圳市文鼎创数据科技有限公司 | Physical authentication device and dynamic token |
| CN102546168A (en) * | 2011-11-30 | 2012-07-04 | 北京祥云天地科技有限公司 | Communication device for identity authentication |
| CN102592359A (en) * | 2011-01-17 | 2012-07-18 | 胡旭光 | Bank card payment device of cellphone |
-
2013
- 2013-01-16 CN CN2013100167221A patent/CN103095458A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100291869A1 (en) * | 2007-11-15 | 2010-11-18 | Robin Wilson | Near field rf communicators |
| CN101997824A (en) * | 2009-08-20 | 2011-03-30 | 中国移动通信集团公司 | Identity authentication method based on mobile terminal as well as device and system thereof |
| CN102592359A (en) * | 2011-01-17 | 2012-07-18 | 胡旭光 | Bank card payment device of cellphone |
| CN202004768U (en) * | 2011-01-20 | 2011-10-05 | 深圳市文鼎创数据科技有限公司 | Physical authentication device and dynamic token |
| CN102546168A (en) * | 2011-11-30 | 2012-07-04 | 北京祥云天地科技有限公司 | Communication device for identity authentication |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301104A (en) * | 2014-06-20 | 2015-01-21 | 齐亚斌 | Method and system for digital certificate signing |
| CN104301105A (en) * | 2014-06-24 | 2015-01-21 | 齐亚斌 | Digital certificate signing method based on mobile device with communication function, and equipment for realizing the same |
| CN111641587A (en) * | 2020-04-27 | 2020-09-08 | 河南省云安大数据安全防护产业技术研究院有限公司 | Internet of things equipment interconnection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110995642B (en) | Providing secure connections using pre-shared keys | |
| CN108092776B (en) | System based on identity authentication server and identity authentication token | |
| CN106022080B (en) | A kind of data ciphering method based on the cipher card of PCIe interface and the cipher card | |
| US20150319150A1 (en) | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware | |
| CN109361508B (en) | Data transmission method, electronic device and computer readable storage medium | |
| KR20160032665A (en) | Network authentication method for secure electronic transactions | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| CN104579679B (en) | Wireless public network data forwarding method for agriculture distribution communication equipment | |
| US9313185B1 (en) | Systems and methods for authenticating devices | |
| CN103457922A (en) | Electronic authentication client-side system, processing method, electronic authentication system and method | |
| CN103701977A (en) | Portable electronic device, communication system and information authentication method | |
| CN108900296B (en) | Secret key storage method based on biological feature identification | |
| CN102542449A (en) | Wireless communication device and payment authentication method | |
| CN104660397A (en) | Secret key managing method and system | |
| CN104468099A (en) | Dynamic password generating method and device based on CPK (Combined Public Key) and dynamic password authentication method and device based on CPK (Combined Public Key) | |
| CN107612949A (en) | A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint | |
| CN102468962A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
| CN107155184B (en) | WIFI module with secure encryption chip and communication method thereof | |
| CN112987942A (en) | Method, device and system for inputting information by keyboard, electronic equipment and storage medium | |
| CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
| CN103888268A (en) | Mobile phone earphone based on PUF identity authentication and information encryption | |
| CN103095458A (en) | Device and method of data communication by storing digital certificate private key | |
| CN111431706B (en) | Method, system and equipment for improving SM4 algorithm speed by using FPGA logic | |
| CN201150068Y (en) | Multifunctional information safety equipment | |
| CN204028917U (en) | A kind of Bluetooth encryption device and application for network payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130508 |