CN103346890A - Initialization equipment and system and method for acquiring digital certificate based on IBC - Google Patents
Initialization equipment and system and method for acquiring digital certificate based on IBC Download PDFInfo
- Publication number
- CN103346890A CN103346890A CN2013102893020A CN201310289302A CN103346890A CN 103346890 A CN103346890 A CN 103346890A CN 2013102893020 A CN2013102893020 A CN 2013102893020A CN 201310289302 A CN201310289302 A CN 201310289302A CN 103346890 A CN103346890 A CN 103346890A
- Authority
- CN
- China
- Prior art keywords
- ibc
- key
- equipment
- information
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method for acquiring a digital certificate based on IBC. The method for acquiring the digital certificate based on the IBC includes the steps that initialized electronic secret key equipment generates a transaction secrete key pair according to triggering, an IBC verification private key and public parameters are utilized to sign a transaction public key contained in the transaction secrete key pair, and public key signature data are generated; the initialized electronic secret key equipment sends the transaction public key, the public key signature data, an IBC verification public key and first information to a verifying end; the verifying end verifies the signature of the public key signature data by utilizing the IBC verification public key and the public parameters acquired by the received first information, and the digital certificate is issued to the initialized electronic secret key equipment after the signature verification passes. The invention further provides a system for acquiring the digital certificate based on the IBC and IBC initialization equipment. By means of the system and method for acquiring the digital certificate based on the IBC and the initialization equipment, under the condition that safety is not lowered, operation is simplified, and work efficiency is improved.
Description
Technical field
The present invention relates to electronic technology field, relate in particular to a kind of IBC initialization apparatus, a kind of system and a kind of method of obtaining digital certificate based on IBC of obtaining digital certificate based on IBC.
Background technology
Existing intelligent cipher key equipment is before obtaining digital certificate, need to generate the birth certificate information corresponding with intelligent cipher key equipment, legitimacy with the proof intelligent cipher key equipment, and the birth certificate information corresponding with intelligent cipher key equipment that generates comprises a plurality of key informations, key version information and signed data, the process that not only generates birth certificate is comparatively complicated, and bank server is when the legitimacy of checking intelligent cipher key equipment, need utilize birth certificate and the information and executing relevant with birth certificate repeatedly to test and sign operation, the operation of the legitimacy of checking intelligent cipher key equipment is comparatively complicated, and bank server is after the legitimacy of checking intelligent cipher key equipment, also need to generate digital certificate, to use digital certificate to prove the information of intelligent cipher key equipment and the corresponding relation between PKI, be that existing intelligent cipher key equipment is comparatively complicated in the operation of obtaining digital certificate, be still waiting further improvement.
Summary of the invention
The present invention is intended to solve the problems referred to above of existing intelligent cipher key equipment.
Main purpose of the present invention is to provide a kind of method of obtaining digital certificate based on IBC.
Another object of the present invention is to provide a kind of system that obtains digital certificate based on IBC.
Another object of the present invention is to provide a kind of IBC initialization apparatus.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
One aspect of the present invention provides a kind of and has obtained the method for digital certificate based on IBC, and this method comprises:
Electronic key equipment after the initialization is right according to triggering the generation transaction key, utilizes IBC checking private key and common parameter that the transaction PKI that transaction key centering comprises is signed, and generates the public key signature data;
To conclude the business PKI, public key signature data, IBC verification public key and the first information of electronic key equipment after the described initialization sends to checking end;
The common parameter that described checking end utilizes the IBC verification public key and obtained by the first information that receives is tested label to the public key signature data, tests and signs by the electronic key equipment of back issuing digital certificate to the described initialization;
Described IBC verification public key is the information of unique identification electronic key equipment; The described first information is the information relevant with the production of electronic key equipment.
In addition, this method also comprises: based on IBC initialization electronic key equipment.
In addition, described based on also comprising before the IBC initialization electronic key equipment:
Generate common parameter and administrator key, described common parameter and the first information that obtains are sent to the checking end, so that the checking end described common parameter of binding and the described first information.
In addition, describedly comprise based on IBC initialization electronic key equipment:
Obtain the IBC verification public key from electronic key equipment;
Generate IBC checking private key according to administrator key, described IBC verification public key and IBC private key generating algorithm;
IBC verification public key and IBC checking private key are write described electronic key equipment.
In addition, describedly comprise based on IBC initialization electronic key equipment:
Obtain the IBC verification public key from electronic key equipment;
Generate IBC checking private key according to administrator key, described IBC verification public key, common parameter and IBC private key generating algorithm;
IBC verification public key and IBC checking private key are write described electronic key equipment.
The present invention provides a kind of on the other hand and obtains the system of digital certificate based on IBC, and this system comprises: the electronic key equipment after the initialization and checking end;
Electronic key equipment after the described initialization is right according to triggering the generation transaction key, utilize IBC checking private key and common parameter that the transaction PKI that transaction key centering comprises is signed, generate the public key signature data, the PKI of will concluding the business, public key signature data, IBC verification public key and the first information send to the checking end; Described IBC verification public key is the information of unique identification electronic key equipment;
The common parameter that described checking end utilizes the IBC verification public key and obtained by the first information that receives is tested label to the public key signature data, tests and signs by the electronic key equipment of back issuing digital certificate to the described initialization;
The described first information is the information relevant with the production of electronic key equipment.
In addition, this system also comprises: carry out initialized IBC initialization apparatus based on the electronic key equipment of IBC.
In addition, described IBC initialization apparatus comprises:
Private key maker PKG according to administrator key, the IBC verification public key that obtains and the IBC private key generating algorithm of input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment.
In addition, described IBC initialization apparatus comprises:
Private key maker PKG according to common parameter and the IBC private key generating algorithm of the administrator key of input, the IBC verification public key that obtains, input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment.
In addition, described IBC initialization apparatus also comprises:
The initialization information generating apparatus generates common parameter and administrator key, and described common parameter and the first information that obtains are sent to the checking end, so that the checking end is bound described common parameter and the described first information.
Further aspect of the present invention provides a kind of IBC initialization apparatus, and this equipment comprises:
Private key maker PKG according to administrator key, the IBC verification public key that obtains and the IBC private key generating algorithm of input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment;
Described IBC verification public key is the information of unique identification electronic key equipment.
In addition, described private key maker PKG also generates IBC checking private key according to the common parameter of input.
In addition, this equipment also comprises:
The initialization information generating apparatus generates common parameter and administrator key, and described common parameter and the first information that obtains are sent to the checking end, so that the checking end is bound described common parameter and the described first information.
As seen from the above technical solution provided by the invention, the invention provides a kind of system and method that obtains digital certificate based on IBC, be about to the information of unique identification electronic key equipment as the IBC verification public key, utilize IBC checking private key and common parameter that the transaction PKI is signed, generate the public key signature data, so that the checking end utilizes the IBC verification public key that the public key signature data are tested label, and then the legitimacy of checking electronic key equipment, after by checking, get final product issuing digital certificate, need not the flow process of complicated generation birth certificate information, need not also to verify that end repeatedly tests the flow process of label, under the situation that does not reduce fail safe, simplify operation, improved operating efficiency.The present invention also provides a kind of IBC initialization apparatus, this equipment generates common parameter, IBC verification public key and the IBC checking private key that mates with this electronic key equipment according to the information of each electronic key equipment, so that in obtaining the process of digital certificate, utilize IBC verification public key, common parameter and IBC checking private key by the legitimate verification of checking end, obtain digital certificate, need not to generate complicated birth certificate information and relevant flow process, under the situation that does not reduce fail safe, simplify operation, improved operating efficiency.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 the present invention is based on the method flow diagram that IBC obtains digital certificate embodiment one;
Fig. 2 the present invention is based on the method flow diagram that IBC obtains digital certificate embodiment two;
Fig. 3 the present invention is based on the system configuration schematic diagram that IBC obtains digital certificate.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that obtains under the creative work prerequisite.
In description of the invention, it will be appreciated that, term " " center "; " vertically "; " laterally "; " on "; D score; " preceding ", " back ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", close the orientation of indications such as " outward " or position is based on orientation shown in the drawings or position relation, only be that the present invention for convenience of description and simplification are described, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " only are used for describing purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, need to prove that unless clear and definite regulation and restriction are arranged in addition, term " installation ", " linking to each other ", " connection " should be done broad understanding, for example, can be fixedly connected, also can be to removably connect, or connect integratedly; Can be mechanical connection, also can be to be electrically connected; Can be directly to link to each other, also can link to each other indirectly by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete implication in the present invention.
Below in conjunction with accompanying drawing the embodiment of the invention is described in further detail.
The equipment of the electronic key equipment that the present invention mentions for being encrypted and/or signing (comprising a PKI and a private key at least) according to the key that asymmetric arithmetic generates; Checking end can be credible equipments such as bank server, believable third-party server, believable third party system.
Embodiment one
Fig. 1 the present invention is based on method embodiment one flow chart that IBC obtains digital certificate.Now in conjunction with Fig. 1, describe the present invention is based on the method embodiment one that IBC obtains digital certificate, specific as follows:
Step 11: generate the public key signature data;
This step comprises: the electronic key equipment after the initialization is right according to triggering the generation transaction key; (Identity-Based Cryptography, IBC) checking private key and common parameter are signed to the transaction PKI that transaction key centering comprises, and generate the public key signature data based on the cryptographic technique that identifies in electronic key equipment utilization after the initialization.
Wherein, the triggering of mentioning in this step can be an instruction or a signal, and this triggering can be electronic key equipment and finishes and be used to conclude the business preceding generation after the initialization, so that electronic key equipment obtains digital certificate before transaction; The transaction key of mentioning in this step generates adopting existing asymmetric arithmetic, at this concrete algorithm of particularize no longer; IBC checking private key and the common parameter mentioned in this step are to generate in the initialization electronic key equipment, IBC checking private key is corresponding with each electronic key equipment, the IBC checking private key that is each electronic key equipment is inequality, common parameter is that the information relevant with the generation of electronic key equipment is corresponding, such as: the corresponding common parameter of the electronic key equipment of same manufacturers produce, certainly in order to improve fail safe, the corresponding common parameter of same batch electronic key equipment that can same manufacturers produce, can also same manufacturer corresponding common parameter of electronic key equipment of producing of section sometime.
The IBC that mentions among the present invention can be Shamir IBC signature algorithm, CC-IBC signature algorithm etc., at this particularize no longer.
Step 12: send transaction PKI, public key signature data, IBC verification public key and the first information to the checking end;
The electronic key equipment of this step after by initialization is carried out transmit operation.
Wherein, the first information is the information relevant with the production of electronic key equipment, such as: the information relevant with the production of electronic key equipment is manufacturer's information and/or batch information and/or production time information; Electronic key equipment after the initialization also sends extremely checking end of the first information, so that the checking end obtains the common parameter of binding with the first information according to the first information; The IBC verification public key is the information of unique identification electronic key equipment, such as the identify label of the sequence number of electronic key equipment, electronic key equipment etc., at this particularize no longer.
Step 13: the checking end is tested label to the public key signature data, tests and signs by the back issuing digital certificate.
This step comprises: the first information that the utilization of checking end receives obtains the common parameter with first information binding; Checking end utilizes IBC verification public key and common parameter that the public key signature data are tested label, tests and signs by the electronic key equipment of back issuing digital certificate to the initialization, so that the electronic key equipment after the initialization is preserved digital certificate.
The above embodiment of the present invention, electronic key equipment after the initialization need not to preserve the bigger birth certificate information of data volume again, also need not repeatedly to sign to generate the required signed data of checking end checking legitimacy, in other words the IBC verification public key of the present invention information that is unique identification electronic key equipment, such as: the sequence number of electronic key equipment, the cryptographic Hash of the information of the information of the identity of sign electronic key equipment own or the identity of sign electronic key equipment own, so just need not to rely on existing certificate and existing certificate management system, greatly simplified the complexity of checking end administrator password system, and the electronic key equipment after the initialization of the present invention only utilizes IBC checking private key and common parameter that the transaction PKI is signed to generate the public key signature data, and IBC checking private key is device-dependent with each electronic key, the IBC checking private key that is each electronic key equipment is different, and the fail safe of IBC checking private key is guaranteed by administrator key, namely when not obtaining administrator key, can't know the content of IBC checking private key, can't reduce the fail safe of electronic key equipment like this, but can reduce the complexity of the operating process of obtaining digital certificate, therefore electronic key equipment of the present invention is under the situation that does not reduce fail safe, reduce the complexity of the operating process of obtaining digital certificate, improved operating efficiency.
Embodiment two
Fig. 2 the present invention is based on method embodiment one flow chart that IBC obtains digital certificate.Now in conjunction with Fig. 2, the embodiment of the invention two is described based on the method that IBC obtains digital certificate, specific as follows:
Step 21: based on IBC initialization electronic key equipment;
This step comprises: obtain the information of unique identification electronic key equipment from electronic key equipment, with this information as the IBC verification public key; Generate IBC checking private key according to administrator key, IBC verification public key and IBC private key generating algorithm; IBC verification public key and IBC checking private key are write electronic key equipment;
Perhaps this step comprises: obtain the information of unique identification electronic key equipment from electronic key equipment, with this information as the IBC verification public key; Generate IBC checking private key according to administrator key, IBC verification public key, common parameter and IBC private key generating algorithm; IBC verification public key and IBC checking private key are write electronic key equipment.
Wherein, the information of unique identification electronic key equipment can be the cryptographic Hash of the user profile of the user profile of electronic key equipment, electronic key equipment, the sequence number of electronic key equipment, identify label of electronic key equipment etc.; When generating IBC checking private key, can be with administrator key and the IBC verification public key input data as a private key maker, then export data and be the IBC checking private key that generates according to administrator key, IBC verification public key and IBC private key generating algorithm, perhaps with administrator key, common parameter and the IBC verification public key input data as a private key maker, then export data and be the IBC checking private key that generates according to administrator key, IBC verification public key, common parameter and IBC private key generating algorithm.
The IBC that mentions among the present invention can be shamir IBC signature algorithm, CC-IBC signature algorithm etc., at this particularize no longer.
Here administrator key is joined in the generative process of IBC checking private key, the fail safe of IBC checking private key is guaranteed by administrator key, namely when not obtaining administrator key, can't know the content of IBC checking private key, the fail safe of electronic key equipment can't be reduced like this, but the complexity of the operating process of obtaining digital certificate can be reduced.
Step 22: generate the public key signature data;
This step comprises: the electronic key equipment after the initialization is right according to triggering the generation transaction key; Electronic key equipment utilization IBC checking private key and common parameter after the initialization are signed to the transaction PKI that transaction key centering comprises, and generate the public key signature data.
Wherein, the triggering of mentioning in this step can be an instruction or a signal, and this triggering can be electronic key equipment and finishes and be used to conclude the business preceding generation after the initialization, so that electronic key equipment obtains digital certificate before transaction; The transaction key of mentioning in this step generates adopting existing asymmetric arithmetic, at this concrete algorithm of particularize no longer; IBC checking private key and the common parameter mentioned in this step are to generate in the initialization electronic key equipment, IBC checking private key is corresponding with each electronic key equipment, the IBC checking private key that is each electronic key equipment is inequality, common parameter is that the information relevant with the generation of electronic key equipment is corresponding, such as: the corresponding common parameter of the electronic key equipment of same manufacturers produce, certainly in order to improve fail safe, the corresponding common parameter of same batch electronic key equipment that can same manufacturers produce, can also same manufacturer corresponding common parameter of electronic key equipment of producing of section sometime.
Step 23: send transaction PKI, public key signature data, IBC verification public key and the first information to the checking end;
The electronic key equipment of this step after by initialization is carried out transmit operation.
Wherein, the first information is the information relevant with the production of electronic key equipment, such as: manufacturer's information and/or batch information and/or production time information; Electronic key equipment after the initialization also sends extremely checking end of the first information, so that the checking end obtains the common parameter of binding with the first information according to the first information; The IBC verification public key is the information of unique identification electronic key equipment, such as the cryptographic Hash of the user profile of the identify label of the sequence number of electronic key equipment, electronic key equipment, the user profile of electronic key equipment, electronic key equipment etc., at this particularize no longer.
Step 24: the checking end is tested label to the public key signature data, tests and signs by the back issuing digital certificate.
This step comprises: the first information that the utilization of checking end receives obtains the common parameter with first information binding; Checking end utilizes IBC verification public key and common parameter that the public key signature data are tested label, tests and signs by the electronic key equipment of back issuing digital certificate to the initialization, so that the electronic key equipment after the initialization is preserved digital certificate.
Also can comprise before the step 21:
Step 20: generate common parameter and administrator key, common parameter and the first information that obtains are sent to the checking end, so that checking end binding common parameter and the first information.
Wherein, this step is optional step, be manufacturer's information for the first information namely, this manufacturer needs execution in step 20 before first electronic key equipment of initialization, when the follow-up electronic key equipment of initialization, only need utilize the common parameter and the managing keys that have generated to get final product, need not the new common parameter of regeneration and administrator key; Be the batch information of certain manufacturer for the first information, before first electronic key equipment in a certain batch of the initialization, need execution in step 20, when the follow-up electronic key equipment of this batch of initialization, only need utilize the common parameter and the administrator key that have generated to get final product, need not the new common parameter of regeneration and administrator key; Be the production time segment information of certain manufacturer for the first information, should need execution in step 20 before first electronic key equipment in the time period in initialization, initialization should be in the time period follow-up electronic key equipment the time only need utilize the common parameter and the administrator key that have generated to get final product, in sum, before any one electronic key equipment of initialization, if have the common parameter and the administrator key that can be used for this electronic key equipment, then need not execution in step 20, direct execution in step 21, otherwise need first execution in step 20 execution in step 21 again.
Generation common parameter and administrator key comprise in the step 20: generate common parameter earlier, generate administrator key based on common parameter, perhaps elder generation's generation administrator key generates common parameter based on administrator key.Wherein, generating administrator key and generate the method for common parameter based on managing keys based on common parameter can be referring to the algorithm of IBC, at this particularize no longer.
The above embodiment of the present invention, need not to generate many to key information in the process of initialization electronic key equipment, complicated operations such as a plurality of signed datas of generation also need not repeatedly to sign, electronic key equipment after the initialization need not to preserve the bigger birth certificate information of data volume again, also need not repeatedly to sign to generate the required signed data of checking end checking legitimacy, in other words the IBC verification public key of the present invention information that is unique identification electronic key equipment, such as: the cryptographic Hash of the user profile of the user profile of electronic key equipment or electronic key equipment, so just need not to rely on existing certificate and existing certificate management system, greatly simplified the complexity of checking end administrator password system, and the electronic key equipment after the initialization of the present invention only utilizes IBC checking private key and common parameter that the transaction PKI is signed to generate the public key signature data, and IBC checking private key is device-dependent with each electronic key, the IBC checking private key that is each electronic key equipment is different, and the fail safe of IBC checking private key is guaranteed by administrator key, namely when not obtaining administrator key, can't know the content of IBC checking private key, can't reduce the fail safe of electronic key equipment like this, but can reduce the complexity of the operating process of obtaining digital certificate, therefore electronic key equipment of the present invention is under the situation that does not reduce fail safe, reduce the complexity of the operating process of obtaining digital certificate, improved operating efficiency.
Fig. 3 the present invention is based on the system configuration schematic diagram that IBC obtains digital certificate.Now in conjunction with Fig. 3, describe the present invention is based on the system that IBC obtains digital certificate, specific as follows:
The system that obtains digital certificate based on IBC of the present invention comprises: the electronic key equipment 31 after the initialization and checking end 32.
Electronic key equipment 31 after the initialization is right according to triggering the generation transaction key, utilize IBC checking private key and common parameter that the transaction PKI that transaction key centering comprises is signed, generate the public key signature data, the PKI of will concluding the business, public key signature data, IBC verification public key and the first information send to checking end 32.Wherein, the IBC verification public key is the information of unique identification electronic key equipment, such as the cryptographic Hash of the user profile of the identify label of the sequence number of electronic key equipment, electronic key equipment, the user profile of electronic key equipment, electronic key equipment etc., at this particularize no longer.
The common parameters that checking end 32 utilizes the IBC verification public key and obtained by the first information that receives are tested label to the public key signature data, test and sign by the electronic key equipment 31 of back issuing digital certificate to the initialization.Wherein, the first information is the information relevant with the production of electronic key equipment, such as: manufacturer's information and/or batch information.
Preferably, this system also comprises: carry out initialized IBC initialization apparatus 30 based on the electronic key equipment of IBC.
IBC initialization apparatus 30 comprises: private key maker PKG301.Private key maker PKG301 is according to administrator key, the IBC verification public key that obtains and the IBC private key generating algorithm of input, generate IBC checking private key, IBC verification public key and IBC checking private key are write electronic key equipment 31, perhaps private key maker PKG301 is according to common parameter and the IBC private key generating algorithm of the administrator key of input, the IBC verification public key that obtains, input, generate IBC checking private key, IBC verification public key and IBC checking private key are write electronic key equipment 31.Wherein, if private key maker PKG301 input is administrator key, IBC verification public key, output be the IBC checking private key that generates according to administrator key and IBC verification public key, if private key maker PKG301 input is administrator key, common parameter and IBC verification public key, output be the IBC checking private key that generates according to administrator key, common parameter and IBC verification public key; The built-in private key generating algorithm of private key maker PKG301, the private key generating algorithm can arrange according to the height of fail safe, at this particularize no longer.
Preferably, IBC initialization apparatus 30 also comprises: initialization information generating apparatus 302.Initialization information generating apparatus 302 generates common parameter and administrator key, and common parameter and the first information that obtains are sent to checking end 32, so that checking end 32 is bound common parameter and the first information.Wherein, when checking end 32 binding common parameters and the first information, the manufacturer's information that comprises in common parameter and the first information can be bound, corresponding common parameter of electronic key equipment such as same manufacturers produce, perhaps the batch information of the manufacturer's information that comprises in common parameter and the first information is bound, such as corresponding common parameter of same batch electronic key equipment that can same manufacturers produce, perhaps the production time information of the manufacturer's information that comprises in common parameter and the first information is bound, such as same manufacturer corresponding common parameter of electronic key equipment of producing of section sometime.Wherein, the production information relevant with the first information can be manufacturer's information, perhaps is manufacturer's information and batch information, perhaps is manufacturer's information and production time information.
Wherein, can be with IBC initialization apparatus 30 independently as the device of initialization electronic key equipment, namely the structure of the IBC initialization apparatus 30 among the device of initialization electronic key equipment and Fig. 3 is identical, does not repeat them here.
In the above embodiment of the present invention, IBC initialization apparatus 30 is when carrying out initialization to electronic key equipment, need not to generate many to key information, also need not to utilize many to the private key that comprises in key information progressive encryption repeatedly, generate signed data and birth certificate data, simplified initialized operating process and complexity; Electronic key equipment after the initialization need not to preserve the bigger birth certificate information of data volume again, in other words the IBC verification public key of the present invention information that is unique identification electronic key equipment, such as: the cryptographic Hash of the user profile of the user profile of electronic key equipment or electronic key equipment, so just need not to rely on existing certificate and existing certificate management system, greatly simplified the complexity of checking end administrator password system, and the electronic key equipment after the initialization of the present invention only utilizes IBC checking private key and common parameter that the transaction PKI is signed to generate the public key signature data, and IBC checking private key is device-dependent with each electronic key, the IBC checking private key that is each electronic key equipment is different, and the fail safe of IBC checking private key is guaranteed by administrator key, namely when not obtaining administrator key, can't know the content of IBC checking private key, can't reduce the fail safe of electronic key equipment like this, but can reduce the complexity of the operating process of obtaining digital certificate, therefore electronic key equipment of the present invention is under the situation that does not reduce fail safe, reduce the complexity of the operating process of obtaining digital certificate, improved operating efficiency.
Describe and to be understood that in the flow chart or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, in the available following technology well known in the art each or their combination realize: have for the discrete logic of data-signal being realized the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, this program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, concrete feature, structure, material or characteristics that the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means in conjunction with this embodiment or example description are contained at least one embodiment of the present invention or the example.In this manual, the schematic statement to above-mentioned term not necessarily refers to identical embodiment or example.And concrete feature, structure, material or the characteristics of description can be with the suitable manner combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment under the situation that does not break away from principle of the present invention and aim within the scope of the invention, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (13)
1. method of obtaining digital certificate based on IBC is characterized in that this method comprises:
Electronic key equipment after the initialization is right according to triggering the generation transaction key, utilizes IBC checking private key and common parameter that the transaction PKI that transaction key centering comprises is signed, and generates the public key signature data;
To conclude the business PKI, public key signature data, IBC verification public key and the first information of electronic key equipment after the described initialization sends to checking end;
The common parameter that described checking end utilizes the IBC verification public key and obtained by the first information that receives is tested label to the public key signature data, tests and signs by the electronic key equipment of back issuing digital certificate to the described initialization;
Described IBC verification public key is the information of unique identification electronic key equipment; The described first information is the information relevant with the production of electronic key equipment.
2. method according to claim 1 is characterized in that, this method also comprises:
Based on IBC initialization electronic key equipment.
3. method according to claim 2 is characterized in that, and is described based on also comprising before the IBC initialization electronic key equipment:
Generate common parameter and administrator key, described common parameter and the first information that obtains are sent to the checking end, so that the checking end described common parameter of binding and the described first information.
4. according to claim 2 or 3 described methods, it is characterized in that, describedly comprise based on IBC initialization electronic key equipment:
Obtain the IBC verification public key from electronic key equipment;
Generate IBC checking private key according to administrator key, described IBC verification public key and IBC private key generating algorithm;
IBC verification public key and IBC checking private key are write described electronic key equipment.
5. according to claim 2 or 3 described methods, it is characterized in that, describedly comprise based on IBC initialization electronic key equipment:
Obtain the IBC verification public key from electronic key equipment;
Generate IBC checking private key according to administrator key, described IBC verification public key, common parameter and IBC private key generating algorithm;
IBC verification public key and IBC checking private key are write described electronic key equipment.
6. a system that obtains digital certificate based on IBC is characterized in that this system comprises: the electronic key equipment after the initialization and checking end;
Electronic key equipment after the described initialization is right according to triggering the generation transaction key, utilize IBC checking private key and common parameter that the transaction PKI that transaction key centering comprises is signed, generate the public key signature data, the PKI of will concluding the business, public key signature data, IBC verification public key and the first information send to the checking end; Described IBC verification public key is the information of unique identification electronic key equipment;
The common parameter that described checking end utilizes the IBC verification public key and obtained by the first information that receives is tested label to the public key signature data, tests and signs by the electronic key equipment of back issuing digital certificate to the described initialization;
The described first information is the information relevant with the production of electronic key equipment.
7. system according to claim 6 is characterized in that, this system also comprises: carry out initialized IBC initialization apparatus based on the electronic key equipment of IBC.
8. system according to claim 7 is characterized in that, described IBC initialization apparatus comprises:
Private key maker PKG according to administrator key, the IBC verification public key that obtains and the IBC private key generating algorithm of input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment.
9. system according to claim 7 is characterized in that, described IBC initialization apparatus comprises:
Private key maker PKG according to common parameter and the IBC private key generating algorithm of the administrator key of input, the IBC verification public key that obtains, input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment.
10. according to Claim 8 or 9 described systems, it is characterized in that described IBC initialization apparatus also comprises:
The initialization information generating apparatus generates common parameter and administrator key, and described common parameter and the first information that obtains are sent to the checking end, so that the checking end is bound described common parameter and the described first information.
11. an IBC initialization apparatus is characterized in that, this equipment comprises:
Private key maker PKG according to administrator key, the IBC verification public key that obtains and the IBC private key generating algorithm of input, generates IBC checking private key, and IBC verification public key and IBC checking private key are write described electronic key equipment;
Described IBC verification public key is the information of unique identification electronic key equipment.
12. equipment according to claim 11 is characterized in that, described private key maker PKG also generates IBC checking private key according to the common parameter of input.
13. according to claim 11 or 12 described equipment, it is characterized in that this equipment also comprises:
The initialization information generating apparatus generates common parameter and administrator key, and described common parameter and the first information that obtains are sent to the checking end, so that the checking end is bound described common parameter and the described first information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310289302.0A CN103346890B (en) | 2013-07-10 | 2013-07-10 | Initialization apparatus, system and method based on IBC acquisition digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310289302.0A CN103346890B (en) | 2013-07-10 | 2013-07-10 | Initialization apparatus, system and method based on IBC acquisition digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103346890A true CN103346890A (en) | 2013-10-09 |
| CN103346890B CN103346890B (en) | 2016-12-28 |
Family
ID=49281666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310289302.0A Active CN103346890B (en) | 2013-07-10 | 2013-07-10 | Initialization apparatus, system and method based on IBC acquisition digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103346890B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027475A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Secret key obtaining method and identity card information transmission method and system |
| CN110808998A (en) * | 2019-11-12 | 2020-02-18 | 上海华羿汽车系统集成有限公司 | Initialization of identity authenticator, identity authentication method and device |
| CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170407A (en) * | 2007-12-03 | 2008-04-30 | 北京深思洛克数据保护中心 | A method for securely generating secret key pair and transmitting public key or certificate application file |
| CN101697513A (en) * | 2009-10-26 | 2010-04-21 | 深圳华为通信技术有限公司 | Digital signature method, device and system as well as digital signature verification method |
| CN102215111A (en) * | 2011-07-06 | 2011-10-12 | 北京中兴通数码科技有限公司 | Method for combining identity-based cryptography and conventional public key cryptography |
| CN102970144A (en) * | 2012-12-20 | 2013-03-13 | 四川长虹电器股份有限公司 | Identity-based authentication method |
-
2013
- 2013-07-10 CN CN201310289302.0A patent/CN103346890B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170407A (en) * | 2007-12-03 | 2008-04-30 | 北京深思洛克数据保护中心 | A method for securely generating secret key pair and transmitting public key or certificate application file |
| CN101697513A (en) * | 2009-10-26 | 2010-04-21 | 深圳华为通信技术有限公司 | Digital signature method, device and system as well as digital signature verification method |
| CN102215111A (en) * | 2011-07-06 | 2011-10-12 | 北京中兴通数码科技有限公司 | Method for combining identity-based cryptography and conventional public key cryptography |
| CN102970144A (en) * | 2012-12-20 | 2013-03-13 | 四川长虹电器股份有限公司 | Identity-based authentication method |
Non-Patent Citations (2)
| Title |
|---|
| 冯登国: "《网络安全原理与技术(第2版)》", 1 October 2010, 科学出版社 * |
| 胡亮: "《基于身份的密码学》", 31 January 2011, 高等教育出版社 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027475A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Secret key obtaining method and identity card information transmission method and system |
| CN106027475B (en) * | 2016-01-21 | 2019-06-28 | 李明 | The transmission method and system of a kind of key acquisition method, ID card information |
| CN110808998A (en) * | 2019-11-12 | 2020-02-18 | 上海华羿汽车系统集成有限公司 | Initialization of identity authenticator, identity authentication method and device |
| CN110808998B (en) * | 2019-11-12 | 2022-05-17 | 上海华羿汽车系统集成有限公司 | Initialization of identity authentication device, identity authentication method and device |
| CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
| CN112865972B (en) * | 2021-03-31 | 2023-03-14 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103346890B (en) | 2016-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109639427B (en) | Data sending method and equipment | |
| US20160036808A1 (en) | Otp token, data transmission system and data transmission method for otp token | |
| CN103248491B (en) | A kind of backup method of electronic signature token private key and system | |
| EP2597591A2 (en) | Secure key generation | |
| CN108173659B (en) | Certificate management method and system based on UKEY equipment and terminal equipment | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN103078742A (en) | Generation method and system of digital certificate | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| EP3005217A1 (en) | Apparatus and method for provisioning an endorsement key certificate for a firmware trusted platform module | |
| CN103346883A (en) | Method and device for initializing electronic signature tool | |
| CN103198401A (en) | Smart card transaction method and smart card transaction system with electronic signature function | |
| CN103346890A (en) | Initialization equipment and system and method for acquiring digital certificate based on IBC | |
| CN103813333A (en) | Data processing method based on negotiation keys | |
| CN103281188B (en) | A kind of back up the method and system of private key in electronic signature token | |
| EP2948893A1 (en) | Automated content signing for point-of-sale applications in fuel dispensing environments | |
| CN103746802A (en) | Data processing method based on coordination secret keys and mobile phone | |
| CN113438205A (en) | Block chain data access control method, node and system | |
| CN103813321A (en) | Agreement key based data processing method and mobile phone | |
| CN103414567A (en) | Information monitoring method and system | |
| CN115426106B (en) | Identity authentication method, device and system, electronic equipment and storage medium | |
| CN103248490B (en) | A kind of back up the method and system of information in electronic signature token | |
| CN102843237A (en) | Authorization token, operation token, and method and system for remotely authorizing dynamic password token | |
| CN105959249A (en) | Method and system for management of electronic device | |
| US10313132B2 (en) | Method and system for importing and exporting configurations | |
| CN107070648B (en) | Key protection method and PKI system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |