Summary of the invention
One of purpose of the present invention is to solve above-mentioned deficiency, a kind of property system of real name authentication and authorization system and method based on the CFCA Valuation Standard is provided, solving in prior art community's property with expectation can't carry out standardized administration by the different rights of using of service equipment, and Security of the system such as can not be guaranteed at the technical matters.
For solving above-mentioned technical matters, the present invention by the following technical solutions:
One aspect of the present invention provides a kind of property system of real name authentication and authorization system based on the CFCA Valuation Standard, and described system comprises the CFCA Verification System, is used for the time of day data that rear digital certificate is provided in storage;
The certificate verification unit, be used for receiving the certificate data that comes from property real-name authentication authorized application side, after reading the available information and judgement in certificate data, the time of day data of inquiry property real-name authentication authorized application side certificate from the CFCA Verification System are that legal certificate data is sent to property Certificate Authority unit with Query Result;
Property Certificate Authority unit, multiple property module and function privilege are preset in its inside, be used for after to receive certificate verification unit Query Result be legal certificate data, obtain the identity information of property real-name authentication authorized application side from certificate data, and this information is carried out current identification, be that according to current identity it authorizes corresponding property module and function privilege, then to property real-name authentication authorized application side return authentication Authorization result.
As preferably, further technical scheme is: described certificate verification unit also is used for from the time of day data of CFCA Verification System inquiry property real-name authentication authorized application side certificate, is that illegal certificate data feeds back to property real-name authentication authorized application side with Query Result.
Further technical scheme is: described digital certificate is the KEY certificate that meets CFCA authentication standard.
Further technical scheme is: the available information in described certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: the property module that presets in described property Certificate Authority unit and function privilege be at least be informed of a case repair, entrust, in the middle of ballot and gate inhibition's doorbell any two or more.
The present invention provides a kind of property system of real name authentication authority method based on the CFCA Valuation Standard on the other hand, and described method comprises the steps:
Steps A, certificate verification unit reception come from the certificate data of property real-name authentication authorized application side, after reading the available information and judgement in certificate data, the time of day data of inquiry property real-name authentication authorized application side certificate from the CFCA Verification System, when being legal, carry out next step when Query Result;
Step B, certificate verification unit is that legal certificate data is sent to property Certificate Authority unit with Query Result, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and this information is carried out current identification, according to current identity for its authorize preset in property Certificate Authority unit with deserve before corresponding property module and the function privilege of identity, then to the result of property real-name authentication authorized application side's return authentication mandate.
As preferably, further technical scheme is: when in described steps A, the result of the time of day data of inquiry property real-name authentication authorized application side certificate was illegal from the CFCA Verification System, namely step finished, and does not carry out next step.
Further technical scheme is: the available information in described steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: in described steps A, the certificate verification unit is before whether inquiry certificate from the CFCA Verification System is legal, and authentication certificate information signature at first is with integrality and the validity of checking certificate data; The checking CA certificate chain is with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, whether out of date to determine current certificate.
Further technical scheme is: in described step B preset property module and function privilege be at least be informed of a case repair, entrust, in the middle of ballot and gate inhibition's doorbell any one or multiple.
compared with prior art, one of beneficial effect of the present invention is: by introducing the CFCA Verification System, the legitimacy of digital certificate is verified, make Security of the system obviously improve, and by real-name authentication mechanism, guaranteed reliability and the authenticity of property Certificate Authority unit when authorizing to the applicant, can carry out the specific function Certificate Authority according to certificate identity, and can be according to certificate data initiative recognition owner and non-owner, to owner and the mandate of non-owner's authenticated separate, and has the law trackability based on CFCA Verification System authentication result, and a kind of property system of real name authentication and authorization system based on the CFCA Valuation Standard provided by the present invention can use in the estate management of various different scales, range of application is wide.
Embodiment
Before the present invention is described in detail, at first the part english abbreviation of mentioning in the present invention is described, help to help those skilled in the art to understand the present invention.
CFCA: China's finance authentication center is the national authority's that sets up through People's Bank of China and the approval of national information Security Administration Department safety certification mechanism
CA: digital certificate authentication center is the entity that in the PKI system, communicating pair is all trusted, and is called as trusted third party's (Trusted Third Party is called for short TTP).The behavior that CA is exactly CA as one of essential condition of trusted third party has the non-property denied.
The present invention is further elaborated by reference to the accompanying drawings again for the below.
Fig. 1 shows the system architecture diagram of the embodiment of the present invention, with reference to shown in Figure 1, one embodiment of the present of invention are a kind of property system of real name authentication and authorization systems based on the CFCA Valuation Standard, described system comprises the CFCA Verification System, and its effect is the time of day data of digital certificate after storage is provided; The CFCA Verification System is provided by CFCA, is used for carrying out the certificate identity authentication.
The certificate verification unit, its effect is to receive the certificate data that comes from property real-name authentication authorized application side, after reading the available information and judgement in certificate data, the time of day data of inquiry property real-name authentication authorized application side certificate from the CFCA Verification System are that legal certificate data is sent to property Certificate Authority unit with Query Result;
Property Certificate Authority unit, multiple property module and function privilege are preset in its inside, its effect is after to receive certificate verification unit Query Result be legal certificate data, obtain the identity information of property real-name authentication authorized application side from certificate data, and this information is carried out current identification, be that according to current identity it authorizes corresponding property module and function privilege, then to property real-name authentication authorized application side return authentication Authorization result.
According to above-described embodiment, preferred technical scheme is: another effect of above-mentioned certificate verification unit is the time of day data of inquiry property real-name authentication authorized application side certificate from the CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side with Query Result.Again with reference to shown in Figure 1, aforementioned from the CFCA Verification System mode of the time of day data of inquiry property real-name authentication authorized application side certificate be: certificate data is inputted the CFCA Verification System, the CFCA Verification System is namely fed back the status code of this certificate data to the certificate verification unit, it is legal that this status code indicates that certificate is that effective status is considered as, otherwise illegal.
And be with concrete elaboration the present invention, the inventor is various ins and outs in experiment according to it also, the part technological means of mentioning for above-described embodiment gives further refinement explanation, so that the present invention more easily is implemented, i.e. the present invention is used for one or more embodiment that the technical solution problem is more preferably:
Described digital certificate is the KEY certificate that meets CFCA authentication standard; And the available information in certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, again with reference to shown in Figure 1, for example in the present embodiment, the certificate verification unit carries out checking one by one to certificate information signature, CA certificate chain, validity period of certificate successively, when three information all be judged as available after, visit again the legitimacy of CFCA Verification System enquiring digital certificate, thereby avoid frequent visit CFCA Verification System.
The property module that presets in above-mentioned property Certificate Authority unit and function privilege be at least be informed of a case repair, entrust, in the middle of ballot and gate inhibition's doorbell any two or more, same, again with reference to shown in Figure 1, in the present embodiment, preset aforementioned all property module and function privilege in property Certificate Authority unit, and can according to the actual requirements, set up other property module and function privilege, no longer enumerate herein, represent with other property module in Fig. 1.
In conjunction with the system that puts down in writing in above-described embodiment, an alternative embodiment of the invention is a kind of property system of real name authentication authority method based on the CFCA Valuation Standard, and described method comprises the steps:
Steps A, certificate verification unit reception come from the certificate data of property real-name authentication authorized application side, after reading the available information and judgement in certificate data, the time of day data of inquiry property real-name authentication authorized application side certificate from the CFCA Verification System, when being legal, carry out next step when Query Result;
Step B, certificate verification unit is that legal certificate data is sent to property Certificate Authority unit with Query Result, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and this information is carried out current identification, according to current identity for its authorize preset in property Certificate Authority unit with deserve before corresponding property module and the function privilege of identity, then to the result of property real-name authentication authorized application side's return authentication mandate.
In the steps A of above-described embodiment, when the result of the time of day data of inquiry property real-name authentication authorized application side certificate was illegal from the CFCA Verification System, namely step finished, and does not carry out next step.
In addition, according to another embodiment of the present invention, available information in above-mentioned steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, for example in the present embodiment, available information in steps A has comprised the aforementioned full detail of mentioning, namely before whether inquiry certificate from the CFCA Verification System is legal, authentication certificate information signature at first is with integrality and the validity of checking certificate data; The checking CA certificate chain is with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, whether out of date to determine current certificate.And according to what mention in previous embodiment, in other embodiments of the invention, the available information in steps A can also be other any information relevant with digital certificate information, herein particularize no longer.
Same, more according to still another embodiment of the invention, mention in step B in the above-described embodiments preset property module and function privilege be at least be informed of a case repair, entrust, ballot and central any one of gate inhibition's doorbell or multiple.For example in the present embodiment, aforementioned all property module and function privileges of mentioning have namely been comprised, and can set up according to the actual demand of community's estate management, namely in other embodiments of the invention, the all right wireless extensions of aforesaid property module and function privilege, specifically can be determined according to actual conditions, also do not enumerated herein.
Except above-mentioned, the present invention also has following features:
1, authenticate based on system of real name
2, carry out the specific function Certificate Authority according to certificate identity
3, energy initiative recognition owner and non-owner, accomplish owner and the mandate of non-owner's authenticated separate
4, its authentication result has the law trackability
Also need to prove, " embodiment " who speaks of in this manual, " another embodiment ", " embodiment ", etc., refer to specific features, structure or the characteristics described in conjunction with this embodiment and be included at least one embodiment that the application's generality describes.A plurality of local appearance statement of the same race is not necessarily to refer to same embodiment in instructions.Furthermore, when describing a specific features, structure or characteristics in conjunction with arbitrary embodiment, what advocate is to realize that in conjunction with other embodiment this feature, structure or characteristics also fall within the scope of the invention.
Although invention has been described with reference to a plurality of explanatory embodiment of the present invention here, but, should be appreciated that, those skilled in the art can design a lot of other modification and embodiments, and these are revised and within embodiment will drop on the disclosed principle scope and spirit of the application.More particularly, in the scope of, accompanying drawing open in the application and claim, can carry out multiple modification and improvement to building block and/or the layout of subject combination layout.Except modification that building block and/or layout are carried out with improving, to those skilled in the art, other purposes will be also obvious.