CN103106357B - Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard - Google Patents
Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard Download PDFInfo
- Publication number
- CN103106357B CN103106357B CN201210451246.1A CN201210451246A CN103106357B CN 103106357 B CN103106357 B CN 103106357B CN 201210451246 A CN201210451246 A CN 201210451246A CN 103106357 B CN103106357 B CN 103106357B
- Authority
- CN
- China
- Prior art keywords
- certificate
- property
- cfca
- name authentication
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard and method, belong to a kind of based on CFCA Valuation Standard property corollary system, described system comprises CFCA Verification System, certificate verification unit and property Certificate Authority unit, verify by introducing the legitimacy of CFCA Verification System to digital certificate, the security of system is significantly improved, and by real-name authentication mechanism, ensure that the reliability of property Certificate Authority unit when authorizing to applicant and authenticity, specific function Certificate Authority can be carried out according to certificate identity, and can according to certificate data initiative recognition owner and non-owner, to owner and the mandate of non-owner's authenticated separate, and based on CFCA Verification System authentication result, there is law trackability, and a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard provided by the present invention can use in the estate management of various different scales, range of application is wide.
Description
Technical field
The present invention relates to a kind of based on CFCA Valuation Standard property corollary system, in particular, the present invention relates generally to a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard and method.
Background technology
CFCA is the security authority ratifying the national level authority set up through People's Bank of China and national information Security Administration Department, one of important national Financial information safety infrastructure, also be after " People's Republic of China's law of electronic signature " is promulgated, one of CA of domestic first batch of acquisition digital certificate serving grant, widespread use in financial circles at present, as bank or card Securities mechanism etc.And along with the continuous progress of science and technology, community's estate management is also more and more tending towards standardization, intelligent, such as owner and keeper all hold IC-card or the digital certificate of difference in functionality, the various service equipments in community are used by this function card or digital certificate, as opening gate, inquiry property relevant information etc., and due to property management staff, the user demand of owner or the other staff all kinds of service equipments in community is different, confusion is there is not for making community's estate management, different rights of using need be given for the user of different identity, with standardized administration, and it is actually rare in the current real estate management of this type of technology, although or can realize carrying out a point rights management to different personnel in the very high-end residential quarter of part, but its system is equal estate management side to be built voluntarily, security of system can not be guaranteed, therefore be necessary to do further improvement to intelligent property management system and method.
Summary of the invention
An object of the present invention is to solve above-mentioned deficiency, a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard and method are provided, cannot carry out standardized administration by the different rights of using of service equipment to expect to solve community's property in prior art, and the security of system such as to can not be guaranteed at the technical matters.
For solving above-mentioned technical matters, the present invention by the following technical solutions:
One aspect of the present invention provides a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard, and described system comprises CFCA Verification System, for storing the time of day data providing rear digital certificate;
Certificate verification unit, for receiving the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, from CFCA Verification System, inquire about the time of day data of property real-name authentication authorized application side certificate, be that legal certificate data is sent to property Certificate Authority unit by Query Result;
Property Certificate Authority unit, its inner preset multiple property module and function privilege, for after to receive certificate verification unit Query Result be legal certificate data, the identity information of property real-name authentication authorized application side is obtained from certificate data, and current identification is carried out to this information, according to property module and function privilege that current identity is its mandate correspondence, then to property real-name authentication authorized application side return authentication Authorization result.
As preferably, further technical scheme is: Query Result, also for inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side by described certificate verification unit.
Further technical scheme is: described digital certificate is the KEY certificate meeting CFCA authentication standard.
Further technical scheme is: the available information in described certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: in described property Certificate Authority unit preset property module and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more.
The present invention provides a kind of property system of real name authentication authority method based on CFCA Valuation Standard on the other hand, and described method comprises the steps:
Steps A, certificate verification unit receive the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, the time of day data of property real-name authentication authorized application side certificate are inquired about from CFCA Verification System, when Query Result is legal, then carry out next step;
Query Result is that legal certificate data is sent to property Certificate Authority unit by step B, certificate verification unit, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and current identification is carried out to this information, according to current identity be its authorize in property Certificate Authority unit preset with deserve before property module corresponding to identity and function privilege, then to the result of property real-name authentication authorized application side return authentication mandate.
As preferably, further technical scheme is: when the result of inquiring about the time of day data of property real-name authentication authorized application side certificate in described steps A from CFCA Verification System is illegal, namely step terminates, and does not carry out next step.
Further technical scheme is: the available information in described steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
Further technical scheme is: in described steps A, whether certificate verification unit before inquiring about certificate and be legal from CFCA Verification System, first authentication certificate information signature, to check integrality and the validity of certificate data; Checking CA certificate chain, with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, to determine that whether current certificates is out of date.
Further technical scheme is: the preset property module in described step B and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any one or multiple.
Compared with prior art, one of beneficial effect of the present invention is: verify by introducing the legitimacy of CFCA Verification System to digital certificate, the security of system is significantly improved, and by real-name authentication mechanism, ensure that the reliability of property Certificate Authority unit when authorizing to applicant and authenticity, specific function Certificate Authority can be carried out according to certificate identity, and can according to certificate data initiative recognition owner and non-owner, to owner and the mandate of non-owner's authenticated separate, and based on CFCA Verification System authentication result, there is law trackability, and a kind of property system of real name authentication and authorization system based on CFCA Valuation Standard provided by the present invention can use in the estate management of various different scales, range of application is wide.
Accompanying drawing explanation
Fig. 1 is the system architecture diagram for illustration of one embodiment of the invention.
Embodiment
Before the present invention is described in detail, first the part english abbreviation mentioned in the present invention is described, contributes to helping those skilled in the art to understand the present invention.
CFCA: China's finance authentication center is the security authority ratifying the national level authority set up through People's Bank of China and national information Security Administration Department
CA: digital certificate authentication center is the entity that in PKI system, communicating pair is all trusted, and is called as trusted third party's (Trusted Third Party is called for short TTP).The behavior that CA is exactly CA as one of the essential condition of trusted third party has non repudiation protocol.
The present invention is further elaborated by reference to the accompanying drawings more below.
Fig. 1 shows the system architecture diagram of the embodiment of the present invention, shown in figure 1, one embodiment of the present of invention are a kind of property system of real name authentication and authorization systems based on CFCA Valuation Standard, described system comprises CFCA Verification System, and its effect stores the time of day data providing rear digital certificate; CFCA Verification System is provided by CFCA, for carrying out certificate identity certification.
Certificate verification unit, its effect receives the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, from CFCA Verification System, inquire about the time of day data of property real-name authentication authorized application side certificate, be that legal certificate data is sent to property Certificate Authority unit by Query Result;
Property Certificate Authority unit, its inner preset multiple property module and function privilege, its effect is after to receive certificate verification unit Query Result be legal certificate data, the identity information of property real-name authentication authorized application side is obtained from certificate data, and current identification is carried out to this information, according to property module and function privilege that current identity is its mandate correspondence, then to property real-name authentication authorized application side return authentication Authorization result.
According to above-described embodiment, preferred technical scheme is: another effect of above-mentioned certificate verification unit is the time of day data of inquiring about property real-name authentication authorized application side certificate from CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side by Query Result.Shown in Fig. 1, aforementioned mode of inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System is: certificate data is inputted CFCA Verification System, namely CFCA Verification System feeds back the status code of this certificate data to certificate verification unit, it is legal that this status code indicates that certificate is that effective status is then considered as, otherwise then illegal.
And be with concrete elaboration the present invention, inventor is also according to its various ins and outs in an experiment, the portion of techniques means mentioned for above-described embodiment give further refinement and illustrate, to make the present invention more easily be implemented, namely the present invention is used for one or more embodiments that technical solution problem is more preferably:
Described digital certificate is the KEY certificate meeting CFCA authentication standard; And the available information in certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, shown in Fig. 1, such as in the present embodiment, certificate verification unit is successively to the checking that certificate information signature, CA certificate chain, validity period of certificate carry out one by one, when three information be all judged as available after, visit again the legitimacy of CFCA Verification System enquiring digital certificate, thus avoid frequent visit CFCA Verification System.
In above-mentioned property Certificate Authority unit preset property module and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more, same, shown in Fig. 1, in the present embodiment, in property Certificate Authority unit, be prefixed aforementioned all property modules and function privilege, and according to the actual requirements, other property module and function privilege can be set up, no longer enumerate herein, represent with other property module in FIG.
In conjunction with system described in above-described embodiment, an alternative embodiment of the invention is a kind of property system of real name authentication authority method based on CFCA Valuation Standard, and described method comprises the steps:
Steps A, certificate verification unit receive the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, the time of day data of property real-name authentication authorized application side certificate are inquired about from CFCA Verification System, when Query Result is legal, then carry out next step;
Query Result is that legal certificate data is sent to property Certificate Authority unit by step B, certificate verification unit, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and current identification is carried out to this information, according to current identity be its authorize in property Certificate Authority unit preset with deserve before property module corresponding to identity and function privilege, then to the result of property real-name authentication authorized application side return authentication mandate.
In the steps A of above-described embodiment, when the result of inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System is illegal, namely step terminates, and does not carry out next step.
In addition, according to another embodiment of the present invention, available information in above-mentioned steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple, such as in the present embodiment, available information in steps A contains aforementioned mentioned full detail, whether namely before inquiring about certificate and be legal from CFCA Verification System, first authentication certificate information signature, check integrality and the validity of certificate data; Checking CA certificate chain, with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, to determine that whether current certificates is out of date.And according to what mention in previous embodiment, in other embodiments of the invention, the available information in steps A can also be other any information relevant with digital certificate information, no longer particularize herein.
Same, more according to still another embodiment of the invention, the preset property module mentioned in step B in the above-described embodiments and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any one or multiple.Such as in the present embodiment, namely aforementioned mentioned all property modules and function privilege is contained, and can set up according to the actual demand of community's estate management, namely in other embodiments of the invention, aforesaid property module and all right wireless extensions of function privilege, specifically can be determined according to actual conditions, also do not enumerated herein.
Than that described above, the present invention also has following features:
1, based on system of real name certification
2, specific function Certificate Authority is carried out according to certificate identity
3, energy initiative recognition owner and non-owner, accomplish owner and the mandate of non-owner's authenticated separate
4, its authentication result has law trackability
Also it should be noted that, spoken of in this manual " embodiment ", " another embodiment ", " embodiment ", etc., refer to the specific features, structure or the feature that describe in conjunction with this embodiment and be included at least one embodiment of the application's generality description.Multiple place occurs that statement of the same race is not necessarily refer to same embodiment in the description.Furthermore, when describing specific features, structure or a feature in conjunction with any embodiment, what advocate is also fall within the scope of the invention to realize this feature, structure or feature in conjunction with other embodiments.
Although with reference to multiple explanatory embodiment of the present invention, invention has been described here, but, should be appreciated that, those skilled in the art can design a lot of other amendment and embodiment, these amendments and embodiment will drop within spirit disclosed in the present application and spirit.More particularly, in the scope of, accompanying drawing open in the application and claim, multiple modification and improvement can be carried out to the building block of subject combination layout and/or layout.Except the modification of carrying out building block and/or layout is with except improvement, to those skilled in the art, other purposes also will be obvious.
Claims (10)
1., based on a property system of real name authentication and authorization system for CFCA Valuation Standard, it is characterized in that: described
System comprises CFCA Verification System, for storing the time of day data providing rear digital certificate;
Certificate verification unit, for receiving the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, from CFCA Verification System, inquire about the time of day data of property real-name authentication authorized application side certificate, be that legal certificate data is sent to property Certificate Authority unit by Query Result; Described certificate verification unit inquires about the mode of the time of day data of property real-name authentication authorized application side certificate for certificate data is inputted CFCA Verification System from CFCA Verification System, namely CFCA Verification System feeds back the status code of this certificate data to certificate verification unit, it is legal that this status code indicates that certificate is that effective status is then considered as, otherwise then illegal;
Property Certificate Authority unit, its inner preset multiple property module and function privilege, for after to receive certificate verification unit Query Result be legal certificate data, the identity information of property real-name authentication authorized application side is obtained from certificate data, and current identification is carried out to this information, according to property module and function privilege that current identity is its mandate correspondence, then to property real-name authentication authorized application side return authentication Authorization result.
2. the property system of real name authentication and authorization system based on CFCA Valuation Standard according to claim 1, it is characterized in that: Query Result, also for inquiring about the time of day data of property real-name authentication authorized application side certificate from CFCA Verification System, is that illegal certificate data feeds back to property real-name authentication authorized application side by described certificate verification unit.
3. the property system of real name authentication and authorization system based on CFCA Valuation Standard according to claim 1 and 2, is characterized in that: described digital certificate is the KEY certificate meeting CFCA authentication standard.
4. the property system of real name authentication and authorization system based on CFCA Valuation Standard according to claim 1 and 2, is characterized in that: the available information in described certificate data be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
5. the property system of real name authentication and authorization system based on CFCA Valuation Standard according to claim 1, is characterized in that: in described property Certificate Authority unit preset property module and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more.
6., based on a property system of real name authentication authority method for CFCA Valuation Standard, it is characterized in that: described method comprises the steps:
Steps A, certificate verification unit receive the certificate data coming from property real-name authentication authorized application side, after also being judged by the available information read in certificate data, the time of day data of property real-name authentication authorized application side certificate are inquired about from CFCA Verification System, when Query Result is legal, then carry out next step;
Described certificate verification unit inquires about the mode of the time of day data of property real-name authentication authorized application side certificate for certificate data is inputted CFCA Verification System from CFCA Verification System, namely CFCA Verification System feeds back the status code of this certificate data to certificate verification unit, it is legal that this status code indicates that certificate is that effective status is then considered as, otherwise then illegal;
Query Result is that legal certificate data is sent to property Certificate Authority unit by step B, certificate verification unit, property Certificate Authority unit obtains the identity information of property real-name authentication authorized application side from certificate data, and current identification is carried out to this information, according to current identity be its authorize in property Certificate Authority unit preset with deserve before property module corresponding to identity and function privilege, then to the result of property real-name authentication authorized application side return authentication mandate.
7. the property system of real name authentication authority method based on CFCA Valuation Standard according to claim 6, it is characterized in that: when the result of inquiring about the time of day data of property real-name authentication authorized application side certificate in described steps A from CFCA Verification System is illegal, namely step terminates, and does not carry out next step.
8. the property system of real name authentication authority method based on CFCA Valuation Standard according to claim 6, is characterized in that: the available information in described steps A be in the middle of certificate message signature, CA certificate chain, validity period of certificate any one or multiple.
9. the property system of real name authentication authority method based on CFCA Valuation Standard according to claim 6 or 8, it is characterized in that: in described steps A, whether certificate verification unit before inquiring about certificate and be legal from CFCA Verification System, first authentication certificate information signature, to check integrality and the validity of certificate data; Checking CA certificate chain, with the validity by certificate chain demonstration validation user certificate signature; The authentication certificate term of validity, to determine that whether current certificates is out of date.
10. the property system of real name authentication authority method based on CFCA Valuation Standard according to claim 6, is characterized in that: the preset property module in described step B and function privilege be at least be informed of a case repair, entrust, vote with gate inhibition's doorbell in the middle of any two or more.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210451246.1A CN103106357B (en) | 2012-11-12 | 2012-11-12 | Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210451246.1A CN103106357B (en) | 2012-11-12 | 2012-11-12 | Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103106357A CN103106357A (en) | 2013-05-15 |
| CN103106357B true CN103106357B (en) | 2015-09-30 |
Family
ID=48314211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210451246.1A Expired - Fee Related CN103106357B (en) | 2012-11-12 | 2012-11-12 | Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103106357B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111918027B (en) * | 2020-07-02 | 2021-07-06 | 杭州齐圣科技有限公司 | Intelligent community security method based on Internet of things |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101645900A (en) * | 2009-08-31 | 2010-02-10 | 国家信息中心 | Cross-domain rights management system and method |
| CN101669125A (en) * | 2007-04-25 | 2010-03-10 | 德利多富国际有限责任公司 | Method and system for authenticating a user |
| CN102420690A (en) * | 2010-09-28 | 2012-04-18 | 上海可鲁系统软件有限公司 | Fusion and authentication method and system of identity and authority in industrial control system |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁系统软件有限公司 | Industrial internet distributed system safety access control device |
| CN102487377A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息计算机工程有限责任公司 | Authentication and authority management system |
-
2012
- 2012-11-12 CN CN201210451246.1A patent/CN103106357B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101669125A (en) * | 2007-04-25 | 2010-03-10 | 德利多富国际有限责任公司 | Method and system for authenticating a user |
| CN101645900A (en) * | 2009-08-31 | 2010-02-10 | 国家信息中心 | Cross-domain rights management system and method |
| CN102420690A (en) * | 2010-09-28 | 2012-04-18 | 上海可鲁系统软件有限公司 | Fusion and authentication method and system of identity and authority in industrial control system |
| CN102487377A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息计算机工程有限责任公司 | Authentication and authority management system |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁系统软件有限公司 | Industrial internet distributed system safety access control device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103106357A (en) | 2013-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2494440B1 (en) | Universal validation module for access control systems | |
| CN1682490B (en) | System and method for electronic transmission, storage and retrieval of authenticated documents | |
| US8793487B2 (en) | Binding a digital certificate to multiple trust domains | |
| EP3534288A2 (en) | Methods and systems for token-based anchoring of a physical object in a distributed ledger environment | |
| CN105308608A (en) | Secure end-to-end permitting system for device operations | |
| DE102017219533B4 (en) | System and procedure for controlling access to people | |
| KR102078913B1 (en) | AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE | |
| US11869292B2 (en) | Co-signing delegations | |
| CN107683599A (en) | Authorization device and method for the mandate issue of the authentication token of equipment | |
| CN106096947A (en) | Half off-line anonymous method of payment based on NFC | |
| EP3094040A1 (en) | Communication device | |
| US9769164B2 (en) | Universal validation module for access control systems | |
| CN112543184A (en) | Block chain-based equipment authentication activation method | |
| CN103106357B (en) | Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard | |
| CN102833754A (en) | Digital certificate based mobile equipment trusted access method | |
| CN113221090A (en) | Financial system digital certificate management method, device and system based on block chain | |
| CN104574535A (en) | PSAM (Purchase Secure Access Module) and management method and system thereof as well as vehicle charge management method and system | |
| US11863689B1 (en) | Security settlement using group signatures | |
| CN113992336B (en) | Encryption network offline data trusted exchange method and device based on block chain | |
| CN115396893A (en) | Digital key issuing and verifying method and system | |
| Gandhi et al. | Certificate policy and certification practice statement for root CA Indonesia | |
| EP3178073A1 (en) | Security management system for revoking a token from at least one service provider terminal of a service provider system | |
| Arm et al. | Offline access to a vehicle via PKI-based authentication | |
| CN107612696A (en) | A kind of quantum can in Denial protocal two kinds of unidirectional reduction of agreement method | |
| Colak et al. | Cryptographic security mechanisms of the next generation digital tachograph system and future considerations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160505 Address after: 610000, No. 188, No. 1-2, three section, Binhe Road, Huayang street, Tianfu New District, Sichuan, Chengdu Province, China, 74 Patentee after: Sichuan Hansen Technology Co., Ltd. Address before: 610000 Nanhu international community, No. 2 Commercial Street, Huayang street, Chengdu, Sichuan, Shuangliu County Patentee before: Chengdu Jinrui Investment Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150930 Termination date: 20181112 |