Summary of the invention
An object of the present invention is to solve above-mentioned deficiency, a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard and method are provided, cannot carry out standardized administration by the different rights of using of service equipment to expect to solve community's property in prior art, and the security of system such as to can not be guaranteed at the technical matters.
For solving above-mentioned technical matters, the present invention by the following technical solutions:
One aspect of the present invention provides a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard, and described system comprises CFCA Verification System, for storing the time of day data providing rear digital certificate;
Certificate verification unit, for receiving the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, from CFCA Verification System, inquire about the time of day data of property real-name authentication authorized application side certificate, be that legal certificate data is sent to property Certificate Authority unit by Query Result;
Property Certificate Authority unit, its inner preset multiple property module and function privilege, for after to receive certificate verification unit Query Result be legal certificate data, the identity information of property real-name authentication authorized application side is obtained from certificate data, and current identification is carried out to this information, according to property module and function privilege that current identity is its mandate correspondence, then to property real-name authentication authorized application side return authentication Authorization result.
As preferably, further technical scheme is: Query Result, also for inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side by described certificate verification unit.
Further technical scheme is: described digital certificate is the KEY certificate meeting CFCA authentication standard.
Further technical scheme is: the available information in described certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: in described property Certificate Authority unit preset property module and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more.
The present invention provides a kind of property system of real name authentication authority method based on CFCA Valuation Standard on the other hand, and described method comprises the steps:
Steps A, certificate verification unit receive the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, the time of day data of property real-name authentication authorized application side certificate are inquired about from CFCA Verification System, when Query Result is legal, then carry out next step;
Query Result is that legal certificate data is sent to property Certificate Authority unit by step B, certificate verification unit, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and current identification is carried out to this information, according to current identity be its authorize in property Certificate Authority unit preset with deserve before property module corresponding to identity and function privilege, then to the result of property real-name authentication authorized application side return authentication mandate.
As preferably, further technical scheme is: when the result of inquiring about the time of day data of property real-name authentication authorized application side certificate in described steps A from CFCA Verification System is illegal, namely step terminates, and does not carry out next step.
Further technical scheme is: the available information in described steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: in described steps A, whether certificate verification unit before inquiring about certificate and be legal from CFCA Verification System, first authentication certificate information signature, to check integrality and the validity of certificate data; Checking CA certificate chain, with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, to determine that whether current certificates is out of date.
Further technical scheme is: the preset property module in described step B and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any one or multiple.
Compared with prior art, one of beneficial effect of the present invention is: verify by introducing the legitimacy of CFCA Verification System to digital certificate, the security of system is significantly improved, and by real-name authentication mechanism, ensure that the reliability of property Certificate Authority unit when authorizing to applicant and authenticity, specific function Certificate Authority can be carried out according to certificate identity, and can according to certificate data initiative recognition owner and non-owner, to owner and the mandate of non-owner's authenticated separate, and based on CFCA Verification System authentication result, there is law trackability, and a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard provided by the present invention can use in the estate management of various different scales, range of application is wide.
Embodiment
Before the present invention is described in detail, first the part english abbreviation mentioned in the present invention is described, contributes to helping those skilled in the art to understand the present invention.
CFCA: China's finance authentication center is the security authority ratifying the national level authority set up through People's Bank of China and national information Security Administration Department
CA: digital certificate authentication center is the entity that in PKI system, communicating pair is all trusted, and is called as trusted third party's (Trusted Third Party is called for short TTP).The behavior that CA is exactly CA as one of the essential condition of trusted third party has non repudiation protocol.
The present invention is further elaborated by reference to the accompanying drawings more below.
Fig. 1 shows the system architecture diagram of the embodiment of the present invention, shown in figure 1, one embodiment of the present of invention are a kind of property system of real name authentication and authorization systems based on CFCA Valuation Standard, described system comprises CFCA Verification System, and its effect stores the time of day data providing rear digital certificate; CFCA Verification System is provided by CFCA, for carrying out certificate identity certification.
Certificate verification unit, its effect receives the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, from CFCA Verification System, inquire about the time of day data of property real-name authentication authorized application side certificate, be that legal certificate data is sent to property Certificate Authority unit by Query Result;
Property Certificate Authority unit, its inner preset multiple property module and function privilege, its effect is after to receive certificate verification unit Query Result be legal certificate data, the identity information of property real-name authentication authorized application side is obtained from certificate data, and current identification is carried out to this information, according to property module and function privilege that current identity is its mandate correspondence, then to property real-name authentication authorized application side return authentication Authorization result.
According to above-described embodiment, preferred technical scheme is: another effect of above-mentioned certificate verification unit is the time of day data of inquiring about property real-name authentication authorized application side certificate from CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side by Query Result.Shown in Fig. 1, aforementioned mode of inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System is: certificate data is inputted CFCA Verification System, namely CFCA Verification System feeds back the status code of this certificate data to certificate verification unit, it is legal that this status code indicates that certificate is that effective status is then considered as, otherwise then illegal.
And be with concrete elaboration the present invention, inventor is also according to its various ins and outs in an experiment, the portion of techniques means mentioned for above-described embodiment give further refinement and illustrate, to make the present invention more easily be implemented, namely the present invention is used for one or more embodiments that technical solution problem is more preferably:
Described digital certificate is the KEY certificate meeting CFCA authentication standard; And the available information in certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, shown in Fig. 1, such as in the present embodiment, certificate verification unit is successively to the checking that certificate information signature, CA certificate chain, validity period of certificate carry out one by one, when three information be all judged as available after, visit again the legitimacy of CFCA Verification System enquiring digital certificate, thus avoid frequent visit CFCA Verification System.
In above-mentioned property Certificate Authority unit preset property module and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more, same, shown in Fig. 1, in the present embodiment, in property Certificate Authority unit, be prefixed aforementioned all property modules and function privilege, and according to the actual requirements, other property module and function privilege can be set up, no longer enumerate herein, represent with other property module in FIG.
In conjunction with system described in above-described embodiment, an alternative embodiment of the invention is a kind of property system of real name authentication authority method based on CFCA Valuation Standard, and described method comprises the steps:
Steps A, certificate verification unit receive the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, the time of day data of property real-name authentication authorized application side certificate are inquired about from CFCA Verification System, when Query Result is legal, then carry out next step;
Query Result is that legal certificate data is sent to property Certificate Authority unit by step B, certificate verification unit, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and current identification is carried out to this information, according to current identity be its authorize in property Certificate Authority unit preset with deserve before property module corresponding to identity and function privilege, then to the result of property real-name authentication authorized application side return authentication mandate.
In the steps A of above-described embodiment, when the result of inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System is illegal, namely step terminates, and does not carry out next step.
In addition, according to another embodiment of the present invention, available information in above-mentioned steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, such as in the present embodiment, available information in steps A contains aforementioned mentioned full detail, whether namely before inquiring about certificate and be legal from CFCA Verification System, first authentication certificate information signature, check integrality and the validity of certificate data; Checking CA certificate chain, with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, to determine that whether current certificates is out of date.And according to what mention in previous embodiment, in other embodiments of the invention, the available information in steps A can also be other any information relevant with digital certificate information, no longer particularize herein.
Same, more according to still another embodiment of the invention, the preset property module mentioned in step B in the above-described embodiments and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any one or multiple.Such as in the present embodiment, namely aforementioned mentioned all property modules and function privilege is contained, and can set up according to the actual demand of community's estate management, namely in other embodiments of the invention, aforesaid property module and all right wireless extensions of function privilege, specifically can be determined according to actual conditions, also do not enumerated herein.
Than that described above, the present invention also has following features:
1, based on system of real name certification
2, specific function Certificate Authority is carried out according to certificate identity
3, energy initiative recognition owner and non-owner, accomplish owner and the mandate of non-owner's authenticated separate
4, its authentication result has law trackability
Also it should be noted that, spoken of in this manual " embodiment ", " another embodiment ", " embodiment ", etc., refer to the specific features, structure or the feature that describe in conjunction with this embodiment and be included at least one embodiment of the application's generality description.Multiple place occurs that statement of the same race is not necessarily refer to same embodiment in the description.Furthermore, when describing specific features, structure or a feature in conjunction with any embodiment, what advocate is also fall within the scope of the invention to realize this feature, structure or feature in conjunction with other embodiments.
Although with reference to multiple explanatory embodiment of the present invention, invention has been described here, but, should be appreciated that, those skilled in the art can design a lot of other amendment and embodiment, these amendments and embodiment will drop within spirit disclosed in the present application and spirit.More particularly, in the scope of, accompanying drawing open in the application and claim, multiple modification and improvement can be carried out to the building block of subject combination layout and/or layout.Except the modification of carrying out building block and/or layout is with except improvement, to those skilled in the art, other purposes also will be obvious.