CN103973647A - Application access method and equipment - Google Patents

Application access method and equipment Download PDF

Info

Publication number
CN103973647A
CN103973647A CN201310038423.8A CN201310038423A CN103973647A CN 103973647 A CN103973647 A CN 103973647A CN 201310038423 A CN201310038423 A CN 201310038423A CN 103973647 A CN103973647 A CN 103973647A
Authority
CN
China
Prior art keywords
application
access equipment
digital certificate
operational outfit
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310038423.8A
Other languages
Chinese (zh)
Inventor
刘小元
孙增才
何庆建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Co Ltd
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN201310038423.8A priority Critical patent/CN103973647A/en
Priority to PCT/CN2014/070668 priority patent/WO2014117648A1/en
Publication of CN103973647A publication Critical patent/CN103973647A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides application access method and equipment. The method includes that the application access equipment generates a safety access request used for requesting for providing application safety service for the running applications of the application access equipment; the application access equipment generate a key pair including a public key and a private key according to the safety access request; the application access equipment utilizes the public key to apply for and obtain a digital certificate from a certificate server and is connected to an application server through the digital certificate; after the application access equipment is connected to the application server, the private key is used for encrypting data transmitted between the application access equipment and the application server. Dependence on peripherals can be reduced by the method and the equipment.

Description

Application access method and apparatus
Technical field
The present invention relates to the communication technology, relate in particular to a kind of application access method and apparatus.
Background technology
Current a lot of application are very high to security requirement, such as, Web bank's client, securities trading client etc., when user is when the application access equipment of oneself is for example used above-mentioned application to relate to the transaction of fund aspect in PC, conventionally all can use the dedicated encrypted equipment such as USB key, realize the safety approachs such as encryption and decryption in process of exchange, to guarantee the fail safe of process of exchange, the fail safe while strengthening this application of access.In prior art, above-mentioned dedicated encrypted device interior generally all stores some security information corresponding with this application, such as digital certificate, private key etc.; In the access process of application, application can be used the above-mentioned security information in this dedicated encrypted equipment to carry out the processing such as safety certification, data encryption, thereby guarantees the safety of application access.
But the defect of this mode is, the fail safe of application access is too strong for the dependence of these peripheral hardwares of dedicated encrypted equipment, if user does not carry described dedicated encrypted equipment, cannot carry out safely application access, may impact user's work, very inconvenient; And also needing to use for different application is the dedicated encrypted equipment of this applied customization, supposes that user should use Web bank's client, uses again securities trading client, may needs to carry and use two dedicated encrypted equipment.In a word, the method for current assurance application safety access is due to peripheral hardware dependence is caused too by force to the inconvenience of application access.
Summary of the invention
The invention provides a kind of application access method and apparatus, to reduce the dependence to secure peripheral.
First aspect, provides a kind of application access method, and described method comprises: application access equipment generates security access request, and described security access request is for asking the application for operating on described application access equipment that application safety service is provided; Described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key; Described application access equipment is used described PKI to obtain digital certificate to certificate server application, and described application access equipment connects by described digital certificate and application server; Described application access equipment, after connecting with described application server, is used described private key to be encrypted the data of transmitting between described application access equipment and application server.
In conjunction with first aspect, in the possible implementation of the first, described application access equipment further comprises: the corresponding relation of digital certificate and described application described in described application access device storage after generating security access request.
In conjunction with the possible implementation of the first of first aspect, in the possible implementation of the second, after described application access equipment generates security access request, according to described security access request, generate key to before, further comprise: described application access equipment, according to described corresponding relation, detects and whether stored the digital certificate corresponding with described application; In testing result, when being, described digital certificate and the application server directly carried out by storage connect.
Second aspect, a kind of application access method is provided, described method comprises: application access equipment receives the security access request that application operational outfit sends, and described security access request is for asking the application for operating on described application operational outfit that application safety service is provided; Described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key; Described application access equipment is sent to described application operational outfit by described PKI, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, and described application operational outfit connects by described digital certificate and application server; Described application access equipment, after described application operational outfit and described application server connect, is used described private key to be encrypted the data of transmitting between described application operational outfit and application server.
In conjunction with second aspect, in the possible implementation of the first, the security access request that described reception application operational outfit sends, comprising: described application access equipment receive with described application access equipment by USB is connected, WIFI connects, the security access request of any one described application operational outfit transmission connecting in NFC connection.
In conjunction with the possible implementation of the first of second aspect or second aspect, in the possible implementation of the second, described application access equipment receives the security access request that application operational outfit sends, comprise: described application access equipment, by PKCS#11 interface, receives the described security access request that described application operational outfit sends.
In conjunction with the possible implementation of the first of second aspect or second aspect, in the third possible implementation, after described application access equipment is sent to described application operational outfit by described PKI, further comprise: described application access equipment receives the described digital certificate that described application operational outfit sends, and stores the corresponding relation of described digital certificate and described application.
The third possible implementation in conjunction with second aspect, in the 4th kind of possible implementation, after described application access equipment receives the security access request of application operational outfit transmission, according to described security access request, generate key to before, further comprise: described application access equipment, according to described corresponding relation, detects and whether stored the digital certificate corresponding with described application; In testing result, when being, directly carrying out the described digital certificate of storage is sent to described application operational outfit, so that described application operational outfit is used described digital certificate and application server to connect.
The third aspect, provides a kind of application access equipment, comprising: interface unit, ciphering unit and application processing unit; Described interface unit, the security access request generating for receiving application access equipment, described security access request is for asking the application for operating on described application access equipment that application safety service is provided; Described ciphering unit, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; And, after connecting with described application server, use described private key to be encrypted the data of transmitting between described application access equipment and application server; Described application processing unit, for using described PKI to obtain digital certificate to certificate server application, and connects by described digital certificate and application server.
In conjunction with the third aspect, in the possible implementation of the first, described ciphering unit, is further used for storing the corresponding relation of described digital certificate and described application.
In conjunction with the possible implementation of the first of the third aspect, in the possible implementation of the second, described ciphering unit, be further used for after described interface unit receives described security access request, according to described security access request, generate key to before, according to the described corresponding relation of storage, detect and whether stored the digital certificate corresponding with described application; Described application processing unit, is further used in the testing result of described ciphering unit when being, described digital certificate and the application server directly carried out by storage connect.
Fourth aspect, provides a kind of application access equipment, and described application access equipment establishes a communications link with application operational outfit, and described application access equipment comprises: interface unit and ciphering unit;
Described interface unit, the security access request sending for receiving described application operational outfit, described security access request is for asking the application for operating on described application operational outfit that application safety service is provided; And described ciphering unit is sent to described application operational outfit by described PKI, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, and described application operational outfit connects by described digital certificate and application server;
Described ciphering unit, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; And, after described application operational outfit and described application server connect, use described private key to be encrypted the data of transmitting between described application operational outfit and application server.
In conjunction with fourth aspect, in the possible implementation of the first, described interface unit, for receiving the security access request sending by any one described application operational outfit connecting that USB is connected, WIFI connects, NFC connects with described application access equipment.
In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in the possible implementation of the second, described interface unit is PKCS#11 interface.
In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in the third possible implementation, described interface unit, is further used for after described PKI is sent to described application operational outfit, receives the described digital certificate that described application operational outfit sends; Described ciphering unit, is further used for storing the corresponding relation of described digital certificate and described application.
The third possible implementation in conjunction with fourth aspect, in the 4th kind of possible implementation, described ciphering unit, be further used for after described interface unit receives the security access request of application operational outfit transmission, according to described security access request, generate key to before, according to the described corresponding relation of storage, detect and whether stored the digital certificate corresponding with described application; Described interface unit, be further used in the testing result of described ciphering unit when being, directly carry out the described digital certificate of described ciphering unit storage is sent to described application operational outfit, so that described application operational outfit is used described digital certificate and application server to connect.
The technique effect of application access method and apparatus provided by the invention is: by generating key pair by application access equipment according to the security access request of application, make application can use this key to carrying out the application of digital certificate and the encryption of data, thereby strengthened the security capabilities of this application access equipment self, make this application access equipment that the safety assurance to application access can be provided, no longer need to increase in addition use secure peripheral in the outside of this application access equipment, reduce the dependence to secure peripheral.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the structural representation of application access equipment one embodiment of the present invention;
Fig. 2 is the operation principle schematic diagram of another embodiment of application access equipment of the present invention;
Fig. 3 is the structural representation of the another embodiment of application access equipment of the present invention;
Fig. 4 is the operation principle schematic diagram of the another embodiment of application access equipment of the present invention;
Fig. 5 is the operation principle schematic diagram of the another embodiment of application access equipment of the present invention;
Fig. 6 is the structural representation of the another embodiment of application access equipment of the present invention;
Fig. 7 is the structural representation of the another embodiment of application access equipment of the present invention;
Fig. 8 is the schematic flow sheet of application access method one embodiment of the present invention;
Fig. 9 is the schematic flow sheet of application access method one embodiment of the present invention.
Embodiment
The embodiment of the present invention is in order to make the access of application reduce the dependence to secure peripheral such as USB Key; application access means self has been carried out to the enhancing of security capabilities; making, not needing to use on the basis of secure peripheral, provides safeguard protection by application access equipment to application access.
Described application refers to, for example, and Web bank, securities trading etc.Described application access equipment refers to this application equipment used in use, and for example, user has started Web bank's application on the panel computer of oneself, and uses the service of this Web bank, and this panel computer is just called application access equipment; Again for example, user uses security transaction application on the notebook of oneself, this application has in use also been used another equipment such as the key pair providing on panel computer, and the present embodiment is key to be provided right panel computer is called application access equipment described.These also can describe in detail in follow-up specific embodiment, and what the application access equipment of the present embodiment referred in a word the equipment (providing key right panel computer than described above) of safeguard protection service can be provided for application.
The application access method of the embodiment of the present invention, it is the above-mentioned performed method of application access equipment, be that the embodiment of the present invention is that application access means is improved, the security capabilities of this equipment self is strengthened, can provide security service for the access of application, thereby also make the method for application access have some change.Based on this, clearer for the solution of the present invention is described, will first the structure of this application access equipment be described below.
The application access equipment of the embodiment of the present invention, both can provide security service for the application operating on this equipment, also can provide security service for the application operating on other equipment, so this application access equipment can have two kinds of different structures.To the structure of application access equipment and the operation principle of the application access equipment under counter structure in above-mentioned two situations be described respectively below:
Embodiment mono-
Fig. 1 is the structural representation of application access equipment one embodiment of the present invention, and the application access equipment of structure can provide security service for the application operating on this equipment described in the present embodiment; As shown in Figure 1, this application access equipment can comprise: interface unit 11, ciphering unit 12 and application processing unit 13;
Wherein, described interface unit 11, is for receiving for asking to provide the security access request of application safety service; Described security access request refers to, for example, when using the application of Web bank, when relating to the operation of funds transaction aspect, such as certain step in user's clicking trigger Web bank, now the equipment at Web bank operation place is wanted the connection network corresponding application server that goes to bank, in order to guarantee the communication security between this equipment and application server, needing to set up safety connects, therefore equipment will send described security access request to the application access equipment of the present embodiment, and it is for example that request generates key pair that request provides security service.Interface unit 11 can carry out assistance application according to this security access request indication ciphering unit 12 and set up the encryption that described safety connects.
In the present embodiment, installation and operation application on application access equipment, this application access equipment self generates described security access request.For example, installation and operation Web bank application on the application access equipment of the present embodiment, above-mentioned security access request is actually by the application processing unit in this application access equipment (this application processing unit is to call the module of carrying out Web bank's application) and sends security access request to interface unit 11.
Certainly, above-mentioned security access request specifically sends when application access equipment calls is carried out which step of application, such as move Web bank on notebook, Dang Gai Web bank moves to when notebook need to send security access request, can be set by application developer; As long as when needs guarantee application access fail safe, design this application and automatically trigger application access equipment to interface unit 11 transmission security access request, can for applying, provide security service by the application access equipment of the present embodiment.
Described ciphering unit 12, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; It is by Ron Rivest, Adi Shamirh and LenAdleman, in Massachusetts Institute Technology, to be developed for 1977 that the right operation of generation key can adopt for example RSA(RSA public key encryption algorithm, RSA is named the name from they three of exploitation) etc. routine techniques, no longer describe in detail.The PKI of described generation will be sent to interface unit 11 by ciphering unit 12, and interface unit 11 is sent to this PKI application processing unit 13 again.
Described application processing unit 13, being used for using described PKI (is digital certificate authentication center (Certificate Authority to certificate server, be called for short: CA server)) application acquisition digital certificate (certificate server will adopt this PKI generating digital certificate), this digital certificate is to apply unique corresponding certificate with this; And described application access equipment will be set up safety by this digital certificate and application server and be connected.
Wherein, by the application access process of the present embodiment compared with prior art, the digital certificate of prior art is to be directly stored in the dedicated encrypted equipment such as USB Key, and the application access equipment while being applied in operation will directly be used the digital certificate in encryption device to set up safely and be connected with application server; And when operation of being applied in of the present embodiment is that ciphering unit by application access device interior generates PKI for it, application access equipment self is used this PKI to carry out the application of digital certificate being connected by this certificate foundation and application server.
The benefit of above-mentioned difference is: because digital certificate is equivalent to the identity card of applying, different application is corresponding to different digital certificates, so in prior art by the pre-stored mode in the encryption devices such as USB Key of digital certificate, also make encryption device and application there is correspondence, for example, that the Web bank of certain bank is used is encryption device A, that the Web bank of another bank is used is encryption device B, the encryption device C that securities trading is used etc., not only need user to carry encryption device, and also need to carry a plurality of different encryption devices while using the plurality of application, very inconvenient, efficiency is lower.And the scheme of the present embodiment, ciphering unit in application access equipment can be in real time for this application provides key pair in the access process of application, application can be applied for digital certificate in real time, this ciphering unit is not corresponding to certain specific application, and various application can be used this ciphering unit; For example, user's panel computer is described application access equipment, Web bank, two kinds of application of securities trading on this panel computer, have been moved, these two kinds be applied in when operation panel computer can to ask ciphering unit be that it generates key pair, the right service of this generation key can be for applying and provide arbitrarily, and each applies for the digital certificate corresponding with self after being applied in and obtaining PKI separately again.Obviously, adopt the application access equipment of the present embodiment, can provide service for various application, very convenient, and improved the access efficiency of application.
The process that described application access equipment connects by described digital certificate and application server is routine techniques, be simply described as follows: application access equipment sends connection request to application server, carry and apply corresponding digital certificate, application server can be sent to this digital certificate authentication server (being VA server) and verify, if authentication server passes through this certification authentication, application server will return to connection response to application access equipment, set up with this application access equipment between be connected, because this connection is set up after certification authentication is passed through again, therefore can guarantee the communication security between application access equipment and application server, be safe connection.Wherein, the checking of above-mentioned authentication server to certificate, that this authentication server utilization digital certificate receiving from certificate server and the certificate receiving from application server compare, if both unanimously, are verified, certificate server also can be sent to certificate authentication server simultaneously when for application distribute digital certificate, in order to authentication server, now carries out the checking work of certificate.
The ciphering unit 12 of the present embodiment, is further used for, after application access equipment and described application server connect, using described private key to be encrypted the data of transmitting between described application access equipment and application server.
Encryption described here has comprised: the data of transmitting between application access means and application server are encrypted, after encrypting, application access equipment side is sent to application server (application access equipment utilization encrypted private key data for example, application server utilizes PKI deciphering to obtain data, this PKI is that application access equipment is sent to application server), also comprised described data have been decrypted, the data that application server is sent to application access equipment are decrypted that (for example application server utilizes public key encryption data, the deciphering of application access equipment utilization private key obtains data).
The application access equipment of the present embodiment, by asking to provide the security access request of application safety service to generate key pair by application access equipment according to being used for, make application access equipment can use this key to carrying out the application of digital certificate and the encryption of data, set up with the safety of application server and be connected, thereby strengthened the security capabilities of this application access equipment self, make this application access equipment that the safety assurance to application access can be provided, no longer need to increase in addition use secure peripheral in the outside of this application access equipment, reduced the dependence to secure peripheral.
The application access equipment of the embodiment of the present invention, both can provide security service for the application operating on this equipment, also can provide security service for the application operating on other equipment, with embodiment bis-and embodiment tri-, describe the operation principle of the application access equipment under both of these case below.
Embodiment bis-
The application access equipment of the present embodiment is that the application for operating on this equipment provides security service, and Fig. 2 is the operation principle schematic diagram of another embodiment of application access equipment of the present invention.
As shown in Figure 2, the application access equipment of the present embodiment be take panel computer as example, application be take Web bank as example, Web bank is the application operating on panel computer, therefore, this panel computer is application access equipment (being the equipment that application provides security service) application operational outfit (being the equipment of installation and operation application) again.The application access equipment of the present embodiment further comprises application processing unit 13, and this application processing unit 13 is for calling and carry out Web bank's application; And this application processing unit 13 can with interface unit 11 communication interactions.In addition, because the application access equipment of the present embodiment is also application operational outfit simultaneously, this application access equipment can also with the communication connection of application server, certificate server, in the present embodiment, be Transmit-Receive Unit 14 in application access equipment with above-mentioned server communication.
Concrete, application processing unit 13 calls carries out Web bank, and Web bank starts to move on this panel computer; In running, (such as starting on this panel computer, user uses Web bank), according to the setting of Web bank, certain running time apply processing unit 13 will according to this Web bank preset initiation security access request, this security access request will be sent to interface unit 11.For example, in the panel computer of the present embodiment, Android system is installed, is operated in and when Web bank in this system etc. is applied in operation, apply processing unit 13 and can send security access request to interface unit 11.Interface unit 11 carries out according to this security access request indication ciphering unit 12 the right service of key that generates, and the PKI that ciphering unit 12 generates will return to application processing unit 13 by interface unit 11.Application processing unit 13 sends to Transmit-Receive Unit 14 by this PKI, and indication Transmit-Receive Unit 14 utilizes this PKI to certificate server application digital certificate, and uses this certificate and application server foundation safety to be connected.
It should be noted that, described Transmit-Receive Unit 14 is only the interface of panel computer and server communication, actual will with server carry out transfer of data remain application processing unit 13, such as, application processing unit 13 is when calling operation Web bank, to transmit data to application server, these data are to issue Transmit-Receive Unit 14 by application processing unit 13, Transmit-Receive Unit 14 is only responsible for data retransmission to application server, is still in essence communicating by letter between application processing unit 13 and application server.
In addition, after panel computer and application server connect, application processing unit 13 is when sending data to application server, these data can be sent to ciphering unit 12 by interface unit 11, by returning to application processing unit 13 by interface unit 11 again after 12 pairs of these data encryptions of ciphering unit, application processing unit 13 indicates the described data of Transmit-Receive Unit 14 transmission to application server again.Application processing unit 13 is when receiving the data of application server transmission from Transmit-Receive Unit 14, these data can be sent to ciphering unit 12 by interface unit 11, by returning to application processing unit 13 by interface unit 11 again after 12 pairs of these data decipherings of ciphering unit, application processing unit 13 obtains these data, by these data, continues operation Web bank.Be that data encrypting and deciphering between Web bank and its application server is processed and also by ciphering unit 12, is responsible for.
Embodiment tri-
Fig. 3 is the structural representation of the another embodiment of application access equipment of the present invention, and the application access equipment of structure can provide security service for the application operating on other equipment described in the present embodiment, and these other equipment can be called application operational outfit; As shown in Figure 3, this application access equipment can comprise: interface unit 31 and ciphering unit 32;
Wherein, described interface unit 31, is for receiving for asking to provide the security access request of application safety service; Described security access request refers to, for example, when using the application of Web bank, when relating to the operation of funds transaction aspect, such as certain step in user's clicking trigger Web bank, now the equipment at Web bank operation place is wanted the connection network corresponding application server that goes to bank, in order to guarantee the communication security between this equipment and application server, needing to set up safety connects, therefore equipment will send described security access request to the application access equipment of the present embodiment, and it is for example that request generates key pair that request provides security service.Interface unit 31 can carry out assistance application according to this security access request indication ciphering unit 32 and set up the encryption that described safety connects.
In the present embodiment, sending the equipment of above-mentioned security access request, is the application operational outfit of installation and operation application, other equipment outside the application access equipment that this application operational outfit is the present embodiment.For example, Web bank's application is that installation and operation is on other equipment,, at the application access equipment of the present embodiment, such as being operates on certain notebook, above-mentioned security access request is not by described notebook, to be sent to the interface unit 31 of the application access equipment of the present embodiment.
Certainly, above-mentioned security access request specifically sends when application operational outfit calls which step of carrying out application, such as move Web bank on notebook, Dang Gai Web bank moves to when notebook need to send security access request, can be set by application developer; As long as when needs guarantee application access fail safe, design this application and automatically trigger application operational outfit to the interface unit 31 transmission security access request of the present embodiment application access equipment, can for applying, provide security service by the application access equipment of the present embodiment.
Described ciphering unit 32, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; Generate the right operation of key and can adopt such as routine techniquess such as RSA, no longer describe in detail.The PKI of described generation will be sent to interface unit 31 by ciphering unit 32, by interface unit 31, PKI is sent to application operational outfit again, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, this digital certificate is to apply unique corresponding certificate with this.Described application operational outfit will be set up safety by this digital certificate and application server and be connected.
Wherein, by the application access process of the present embodiment compared with prior art, the digital certificate of prior art is to be directly stored in the dedicated encrypted equipment such as USB Key, and the application operational outfit while being applied in operation will directly be used the digital certificate in encryption device to set up safely and be connected with application server; And when operation of being applied in of the present embodiment is that ciphering unit in application operational outfit request application access equipment generates PKI for it, application operational outfit self is used this PKI to carry out the application of digital certificate being connected by this certificate foundation and application server.
The benefit of above-mentioned difference is: because digital certificate is equivalent to the identity card of applying, different application is corresponding to different digital certificates, so in prior art by the pre-stored mode in the encryption devices such as USB Key of digital certificate, also make encryption device and application there is correspondence, for example, that the Web bank of certain bank is used is encryption device A, that the Web bank of another bank is used is encryption device B, the encryption device C that securities trading is used etc., not only need user to carry encryption device, and also need to carry a plurality of different encryption devices while using the plurality of application, very inconvenient, efficiency is lower.And the scheme of the present embodiment, ciphering unit in application access equipment can be in real time for this application provides key pair in the access process of application, application can be applied for digital certificate in real time, this ciphering unit is not corresponding to certain specific application, and various application can be used this ciphering unit; For example, user's panel computer is described application access equipment, Web bank, two kinds of application of securities trading on this panel computer, have been moved, these two kinds be applied in when operation panel computer can to ask ciphering unit be that it generates key pair, the right service of this generation key can be for applying and provide arbitrarily, and each applies for the digital certificate corresponding with self after being applied in and obtaining PKI separately again.Obviously, adopt the application access equipment of the present embodiment, can provide service for various application, very convenient, and improved the access efficiency of application.
The process that described application operational outfit connects by described digital certificate and application server is routine techniques, be simply described as follows: application operational outfit sends connection request to application server, carry and apply corresponding digital certificate, application server can be sent to this digital certificate authentication server (being VA server) and verify, if authentication server passes through this certification authentication, application server will return to connection response to application operational outfit, set up with this application operational outfit between be connected, because this connection is set up after certification authentication is passed through again, therefore can guarantee to apply the communication security between operational outfit and application server, be safe connection.Wherein, the checking of above-mentioned authentication server to certificate, that this authentication server utilization digital certificate receiving from certificate server and the certificate receiving from application server compare, if both unanimously, are verified, certificate server also can be sent to certificate authentication server simultaneously when for application distribute digital certificate, in order to authentication server, now carries out the checking work of certificate.
The ciphering unit 32 of the present embodiment, is further used for, after application operational outfit and described application server connect, using described private key to be encrypted the data of transmitting between described application operational outfit and application server.
Encryption described here has comprised: the data of transmitting between application operational outfit and application server are encrypted, after application operational outfit side is encrypted, being sent to application server (for example applies operational outfit and utilizes encrypted private key data, application server utilizes PKI deciphering to obtain data, this PKI is that application operational outfit is sent to application server), also comprised described data have been decrypted, the data that application server is sent to application operational outfit are decrypted that (for example application server utilizes public key encryption data, application operational outfit utilizes private key deciphering to obtain data).
The application access equipment of the present embodiment, by asking to provide the security access request of application safety service to generate key pair by application access equipment according to being used for, making to apply operational outfit can use this key to carrying out the application of digital certificate and the encryption of data, set up with the safety of application server and be connected, thereby strengthened the security capabilities of this application access equipment self, make this application access equipment that the safety assurance to application access can be provided, no longer need to increase in addition use secure peripheral in the outside of this application access equipment, reduced the dependence to secure peripheral.
Embodiment tetra-
The application access equipment of the present embodiment is that the application for operating on other equipment provides security service, and these other equipment are by outside, to be connected with the application access equipment of the present embodiment the equipment communicating.Fig. 4 is the operation principle schematic diagram of the another embodiment of application access equipment of the present invention.
As shown in Figure 4, the application access equipment of the present embodiment be take panel computer as example, and external equipment be take notebook as example, application be take Web bank as example, and Web bank is the application operating on notebook, therefore, panel computer is application access equipment, and notebook is application operational outfit.On the notebook of the present embodiment and panel computer, Transmit-Receive Unit can be all set, wherein, on notebook, be provided with application processing unit 21 and Transmit-Receive Unit 22, application processing unit 21 carries out for calling the Web bank's application being arranged on notebook, this notebook can be communicated by letter with certificate server with application server, can also communicate by letter with panel computer, interface by Transmit-Receive Unit 22 as notebook and above-mentioned server and dull and stereotyped compunlcation, for example, the security access request that Transmit-Receive Unit 22 can send application processing unit 21 is transmitted to panel computer, and the PKI that panel computer is returned is forwarded to application processing unit 21.On panel computer, be also provided with Transmit-Receive Unit 33, the interface of communicating by letter with notebook as panel computer.
Concrete, the application processing unit 21 on notebook calls carries out Web bank, and Web bank starts to move on notebook; In running, (such as starting on this panel computer, user uses Web bank), according to the setting of Web bank, certain running time apply processing unit 21 will according to this Web bank preset initiation security access request, this security access request is sent to the interface unit 31 on panel computer by the Transmit-Receive Unit on the Transmit-Receive Unit by notebook 22 and panel computer 33.
Interface unit 31 carries out according to this security access request indication ciphering unit 32 the right service of key that generates, and the PKI that ciphering unit 32 generates will return to the application processing unit 21 on notebook by interface unit 31 and each above-mentioned Transmit-Receive Unit.Application processing unit 21 recycles these PKIs to certificate server application digital certificate, and uses this certificate and application server foundation safety to be connected, forwarding by Transmit-Receive Unit 22 with communicating by letter of server in this process.
In addition, after notebook and its application server connect, the data encrypting and deciphering that the ciphering unit 32 on the panel computer of the present embodiment also can be responsible for applying between processing unit 21 and application server is processed, and process and a upper embodiment are similar.For example, application processing unit 21, when sending data to application server, can send data encryption requests to interface unit 31 by the Transmit-Receive Unit 22 on notebook, Transmit-Receive Unit 33 on panel computer, carries and needs the data of encrypting; Interface unit 31 indicates ciphering unit 32 to carry out data encryption processing accordingly; After 32 pairs of these data encryptions of ciphering unit, return to the application processing unit 21 on notebook again by interface unit 31 and above-mentioned each Transmit-Receive Unit, application processing unit 21 indicates the described data of Transmit-Receive Unit 22 transmission to application server again.
In the present embodiment, between described notebook and panel computer, by outside, be connected and communicate, it is for example USB (Universal Serial BUS that described outside connects, be called for short: USB) connection, WIFI connect, near-field communication (Near Field Communication, be called for short: any one in NFC) connecting, certainly in concrete enforcement, can be also other connected modes, above several only for giving an example.For example, for USB, connect, notebook can send security access request to the interface unit 31 on panel computer by USB mouth; For WIFI, connect, notebook can be communicated by letter with the interface unit 31 on panel computer by WIFI network interface, and the safety of WIFI link is wherein guaranteed by 802.11 agreements; For NFC, connect, notebook is communicated by letter with panel computer by NFC interface, and the safety of NFC link is wherein guaranteed by NFC agreement.
Embodiment five
Fig. 5 is the operation principle schematic diagram of the another embodiment of application access equipment of the present invention, and the present embodiment is to be applied in application access device interior to operate to example explanation, and the principle of the present embodiment is applicable to be applied in the situation of external equipment operation too.
As shown in Figure 5, panel computer is after certificate server application obtains digital certificate, Transmit-Receive Unit 14 can be sent to the digital certificate receiving from certificate server application processing unit 13, then apply processing unit 13 this digital certificate is sent to interface unit 11, interface unit 11 is sent to ciphering unit 12 by this certificate.Wherein, application processing unit 13, when sending digital certificate to interface unit 11, can carry the sign of Shang Gai Web bank application, and interface unit 11 just can all be sent to ciphering unit 12 by application identities and described digital certificate like this.Described digital certificate and application identities that ciphering unit 12 storing receiveds arrive, and set up the corresponding relation of this digital certificate and application identities, that is to say the corresponding relation of having set up digital certificate and the application of described Web bank.
Further, when interface unit 11 is forwarded to ciphering unit 12 by the security access request of application processing unit 13 transmissions, be equivalent to when interface unit 11 indication ciphering units 12 generate keys to time, ciphering unit 12 is by according to the corresponding relation of the digital certificate of above-mentioned storage and described application, detect and whether stored the digital certificate corresponding with described application, the sign of certainly, above-mentioned interface unit 11Hui Jiang Web bank application is sent to ciphering unit 12.
In the testing result of described ciphering unit 12 when being, store the digital certificate of Web bank's application, ciphering unit 12 can be sent to application processing unit 13 by the described digital certificate of storage by interface unit 11, now applying processing unit 13 will not need to apply for digital certificate again, but directly use described digital certificate and application server to connect.
When being applied in external equipment operation, be similar to the situation shown in Fig. 4, notebook is after the digital certificate obtaining to certificate server application, and the Transmit-Receive Unit 22 on notebook can send to panel computer to store this digital certificate; Concrete, for example, the Transmit-Receive Unit 22 on notebook is sent to digital certificate the Transmit-Receive Unit 33 of panel computer, the application identities of the application that on notebook move corresponding with this certificate is also sent to Transmit-Receive Unit 33 simultaneously; This Transmit-Receive Unit 33 is sent to interface unit 31 by digital certificate and application identities again, and interface unit 31 sends to ciphering unit 32.This ciphering unit 32 will be stored above-mentioned digital certificate and application identities, and sets up the corresponding relation of digital certificate and application identities.When notebook will connect application server next time, application processing unit 21 on notebook will indicate Transmit-Receive Unit 22 that application identities is sent to panel computer, equally according to above-mentioned transmission flow the most at last application identities be sent to the ciphering unit 32 of panel computer.Whether ciphering unit 32 stores the digital certificate corresponding with this application identities by inquiry, if had, ciphering unit 32 just can send to notebook by described digital certificate according to above-mentioned reverse flow process, notebook just does not need again to go certificate server to obtain certificate like this, but directly uses the certificate of this storage and application server to connect.If digital certificate corresponding to application identities self do not stored in ciphering unit 32 inquiries, can be directly for notebook starts to carry out security service, generate key pair, PKI is returned to notebook, so that being used this PKI to connect certificate server, notebook removes to apply for digital certificate, correlated process can, referring to above-described embodiment, no longer describe in detail.
The mode of the present embodiment, is equivalent to apply operational outfit when needing to connect application server first, by the application access equipment of the present embodiment, for it, provides key pair, for applying operational outfit, uses this key application digital certificate; And, application operational outfit can also be sent to application access equipment by the certificate of this application and store, on application operational outfit, once start while connecting application server like this, if application access equipment Inspection has stored this and has applied corresponding certificate, regeneration key pair not, directly described certificate is sent to application operational outfit, has also improved the efficiency of application access.
Embodiment six
In each above embodiment, the interface unit in application access equipment for example can adopt PKCS#11 interface, and described ciphering unit can be for example the implementation of software or encryption chip.
Fig. 6 is the structural representation of the another embodiment of application access equipment of the present invention, as shown in Figure 6, this equipment is to adopt software mode, ciphering unit is soft encryption module, the processing such as the i.e. encryption of this ciphering unit, deciphering are all to realize based on software algorithm, support conventional encrypting and decrypting algorithm, for example, triple DEAs (Triple Data Encryption Algorithm, 3DES), AESRC4, Message Digest Algorithm 5 (Message Digest Algorithm 5, MD5), DSA and RSA etc.The encryption that this soft encryption module provides, deciphering, generation key to and the security service such as signature, signature verification all by PKCS#11 interface, offer application.
Wherein, in this software realization mode, in the reciprocity various processing procedures of encryption, deciphering, generation key of ciphering unit executing data, can relate to some data buffer storages or data storage, the storage medium of its use is some storage mediums of application access device interior, and such as the memory block of emmc chip, storing process is by emmc chip is carried out to input and output (Input/Output, be called for short: IO) operation realizes, invisible to the file system of application access means.
Fig. 7 is the structural representation of the another embodiment of application access equipment of the present invention, as shown in Figure 7, this equipment is to adopt hardware mode, ciphering unit is encryption chip, the processing such as the i.e. encryption of this ciphering unit, deciphering are all to be realized by this encryption chip by driver, support conventional encrypting and decrypting algorithm.The encryption that this encryption chip provides, deciphering, signature, signature verification, the security service of generation key equity all offer application by PKCS#11 interface.
Wherein, in this hardware implementation mode, in the reciprocity various processing procedures of encryption, deciphering, generation key of ciphering unit executing data, the data storage relating to, the storage medium of its use is the built-in memory of encryption chip, storing process is the IO operation realization by this encryption chip, for example, to file system invisible (invisible to Android system).
Embodiment seven
The present embodiment provides a kind of application access method, and the method is to be carried out by application access equipment.
Fig. 8 is the schematic flow sheet of application access method one embodiment of the present invention, and the method for the present embodiment is by providing the application access equipment of security service to carry out for operating in equipment from application with it; The present embodiment only makes a brief description method, and concrete execution principle can be in conjunction with referring to described in apparatus embodiments.As shown in Figure 8, can comprise:
801, described application access equipment generates security access request, and described security access request is for asking the application for operating on described application access equipment that application safety service is provided;
802, described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key;
803, described application access equipment is used described PKI to obtain digital certificate to certificate server application, and described application access equipment connects by described digital certificate and application server;
804, described application access equipment, after connecting with described application server, is used described private key to be encrypted the data of transmitting between described application access equipment and application server.
Further, described application access equipment further comprises: the corresponding relation of digital certificate and described application described in described application access device storage after generating security access request.
Further, after described application access equipment generates security access request, according to described security access request, generate key to before, further comprise: described application access equipment, according to described corresponding relation, detects and whether stored the digital certificate corresponding with described application; In testing result, when being, described digital certificate and the application server directly carried out by storage connect.
Fig. 9 is the schematic flow sheet of application access method one embodiment of the present invention, and the method for the present embodiment is to provide the application access equipment of security service to carry out by the application for operating on other equipment; The present embodiment only makes a brief description method, and concrete execution principle can be in conjunction with referring to described in apparatus embodiments.As shown in Figure 9, can comprise:
901, described application access equipment receives the security access request that application operational outfit sends, and described security access request is for asking the application for operating on described application operational outfit that application safety service is provided;
902, described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key;
903, described application access equipment is sent to described application operational outfit by described PKI, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, and described application operational outfit connects by described digital certificate and application server;
904, described application access equipment, after described application operational outfit and described application server connect, is used described private key to be encrypted the data of transmitting between described application operational outfit and application server.
Further, the security access request that described reception application operational outfit sends, comprising: described application access equipment receive with described application access equipment by USB is connected, WIFI connects, the security access request of any one described application operational outfit transmission connecting in NFC connection.
Further, described application access equipment, specifically by PKCS#11 interface, receives the described security access request that described application operational outfit sends.
Further, after described application access equipment is sent to described application operational outfit by described PKI, further comprise: described application access equipment receives the described digital certificate that described application operational outfit sends, and stores the corresponding relation of described digital certificate and described application.
Further, after described application access equipment receives the security access request of application operational outfit transmission, according to described security access request, generate key to before, further comprise: described application access equipment, according to described corresponding relation, detects and whether stored the digital certificate corresponding with described application; In testing result, when being, directly carrying out the described digital certificate of storage is sent to described application operational outfit, so that described application operational outfit is used described digital certificate and application server to connect.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each embodiment of the method can complete by the relevant hardware of program command.Aforementioned program can be stored in a computer read/write memory medium.This program, when carrying out, is carried out the step that comprises above-mentioned each embodiment of the method; And aforementioned storage medium comprises: the medium that ROM, RAM, magnetic disc or CD etc. can be program code stored.
Finally it should be noted that: each embodiment, only in order to technical scheme of the present invention to be described, is not intended to limit above; Although the present invention is had been described in detail with reference to aforementioned each embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or some or all of technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims (16)

1. an application access method, is characterized in that, described method comprises:
Application access equipment generates security access request, and described security access request is for asking the application for operating on described application access equipment that application safety service is provided;
Described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key;
Described application access equipment is used described PKI to obtain digital certificate to certificate server application, and described application access equipment connects by described digital certificate and application server;
Described application access equipment, after connecting with described application server, is used described private key to be encrypted the data of transmitting between described application access equipment and application server.
2. method according to claim 1, is characterized in that, described application access equipment further comprises after generating security access request:
The corresponding relation of digital certificate and described application described in described application access device storage.
3. method according to claim 2, is characterized in that, after described application access equipment generates security access request, according to described security access request, generates key to before, further comprises:
Described application access equipment, according to described corresponding relation, detects and whether has stored the digital certificate corresponding with described application;
In testing result, when being, described digital certificate and the application server directly carried out by storage connect.
4. an application access method, is characterized in that, described method comprises:
Application access equipment receives the security access request that application operational outfit sends, and described security access request is for asking the application for operating on described application operational outfit that application safety service is provided;
Described application access equipment, according to described security access request, generates key pair, and described key is to comprising PKI and private key;
Described application access equipment is sent to described application operational outfit by described PKI, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, and described application operational outfit connects by described digital certificate and application server;
Described application access equipment, after described application operational outfit and described application server connect, is used described private key to be encrypted the data of transmitting between described application operational outfit and application server.
5. method according to claim 4, is characterized in that, the security access request that described reception application operational outfit sends, comprising:
Described application access equipment receive with described application access equipment by USB is connected, WIFI connects, the security access request of any one described application operational outfit transmission connecting in NFC connection.
6. according to the method described in claim 4 or 5, it is characterized in that, described application access equipment receives the security access request that application operational outfit sends, and comprising:
Described application access equipment, by PKCS#11 interface, receives the described security access request that described application operational outfit sends.
7. according to the method described in claim 4 or 5, it is characterized in that, described application access equipment further comprises after described PKI is sent to described application operational outfit:
Described application access equipment receives the described digital certificate that described application operational outfit sends, and stores the corresponding relation of described digital certificate and described application.
8. method according to claim 7, is characterized in that, after described application access equipment receives the security access request of application operational outfit transmission, according to described security access request, generates key to before, further comprises:
Described application access equipment, according to described corresponding relation, detects and whether has stored the digital certificate corresponding with described application;
In testing result, when being, directly carrying out the described digital certificate of storage is sent to described application operational outfit, so that described application operational outfit is used described digital certificate and application server to connect.
9. an application access equipment, is characterized in that, comprising: interface unit, ciphering unit and application processing unit;
Described interface unit, the security access request generating for receiving application access equipment, described security access request is for asking the application for operating on described application access equipment that application safety service is provided;
Described ciphering unit, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; And, after connecting with described application server, use described private key to be encrypted the data of transmitting between described application access equipment and application server;
Described application processing unit, for using described PKI to obtain digital certificate to certificate server application, and connects by described digital certificate and application server.
10. application access equipment claimed in claim 9, is characterized in that,
Described ciphering unit, is further used for storing the corresponding relation of described digital certificate and described application.
11. application access equipment claimed in claim 10, is characterized in that,
Described ciphering unit, be further used for after described interface unit receives described security access request, according to described security access request, generate key to before, according to the described corresponding relation of storage, detect and whether stored the digital certificate corresponding with described application;
Described application processing unit, is further used in the testing result of described ciphering unit when being, described digital certificate and the application server directly carried out by storage connect.
12. 1 kinds of application access equipment, is characterized in that, described application access equipment establishes a communications link with application operational outfit, and described application access equipment comprises: interface unit and ciphering unit;
Described interface unit, the security access request sending for receiving described application operational outfit, described security access request is for asking the application for operating on described application operational outfit that application safety service is provided; And described ciphering unit is sent to described application operational outfit by described PKI, so that described application operational outfit is used described PKI to obtain digital certificate to certificate server application, and described application operational outfit connects by described digital certificate and application server;
Described ciphering unit, for according to described security access request, generates key pair, and described key is to comprising PKI and private key; And, after described application operational outfit and described application server connect, use described private key to be encrypted the data of transmitting between described application operational outfit and application server.
13. equipment according to claim 12, is characterized in that,
Described interface unit, for receiving the security access request sending by any one described application operational outfit connecting that USB is connected, WIFI connects, NFC connects with described application access equipment.
14. according to the equipment described in claim 12 or 13, it is characterized in that, described interface unit is PKCS#11 interface.
15. according to the equipment described in claim 12 or 13, it is characterized in that,
Described interface unit, is further used for after described PKI is sent to described application operational outfit, receives the described digital certificate that described application operational outfit sends;
Described ciphering unit, is further used for storing the corresponding relation of described digital certificate and described application.
16. equipment according to claim 15, is characterized in that,
Described ciphering unit, be further used for after described interface unit receives the security access request of application operational outfit transmission, according to described security access request, generate key to before, according to the described corresponding relation of storage, detect and whether stored the digital certificate corresponding with described application;
Described interface unit, be further used in the testing result of described ciphering unit when being, directly carry out the described digital certificate of described ciphering unit storage is sent to described application operational outfit, so that described application operational outfit is used described digital certificate and application server to connect.
CN201310038423.8A 2013-01-31 2013-01-31 Application access method and equipment Pending CN103973647A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310038423.8A CN103973647A (en) 2013-01-31 2013-01-31 Application access method and equipment
PCT/CN2014/070668 WO2014117648A1 (en) 2013-01-31 2014-01-15 Application access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310038423.8A CN103973647A (en) 2013-01-31 2013-01-31 Application access method and equipment

Publications (1)

Publication Number Publication Date
CN103973647A true CN103973647A (en) 2014-08-06

Family

ID=51242697

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310038423.8A Pending CN103973647A (en) 2013-01-31 2013-01-31 Application access method and equipment

Country Status (2)

Country Link
CN (1) CN103973647A (en)
WO (1) WO2014117648A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017015797A1 (en) * 2015-07-24 2017-02-02 程强 Information security transmission method and system for ordering system
CN106921639A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 Mobile digital certificate application method and device
CN107359994A (en) * 2017-07-19 2017-11-17 国家电网公司 The integrated encryption device that a kind of quantum cryptography blends with classical password
CN108769024A (en) * 2018-05-30 2018-11-06 中国电子信息产业集团有限公司第六研究所 A kind of data capture method and majority are according to operator negotiation service system
CN109639427A (en) * 2017-10-09 2019-04-16 华为技术有限公司 A kind of method and apparatus that data are sent

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1838141A (en) * 2006-02-05 2006-09-27 刘亚威 Technology for improving security of accessing computer application system by mobile phone
CN101527024A (en) * 2008-03-06 2009-09-09 同方股份有限公司 Safe web bank system and realization method thereof
CN101527634A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 System and method for binding account information with certificates
CN101547095A (en) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 Application service management system and management method based on digital certificate
CN101676925A (en) * 2008-09-16 2010-03-24 联想(北京)有限公司 Computer system and method of setting authentication information in security chip
CN102054258A (en) * 2010-12-16 2011-05-11 中国建设银行股份有限公司 Electronic bank safety certificating method and system based on mobile equipment
CN102523095A (en) * 2012-01-12 2012-06-27 公安部第三研究所 User digital certificate remote update method with intelligent card protection function
EP2518671A1 (en) * 2010-09-19 2012-10-31 ZTE Corporation Method and mobile terminal for realizing network payment
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN102904865A (en) * 2011-07-29 2013-01-30 中国移动通信集团公司 Method, system and equipment for management of multiple digital certificates on basis of mobile terminal

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1838141A (en) * 2006-02-05 2006-09-27 刘亚威 Technology for improving security of accessing computer application system by mobile phone
CN101527024A (en) * 2008-03-06 2009-09-09 同方股份有限公司 Safe web bank system and realization method thereof
CN101676925A (en) * 2008-09-16 2010-03-24 联想(北京)有限公司 Computer system and method of setting authentication information in security chip
CN101527634A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 System and method for binding account information with certificates
CN101547095A (en) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 Application service management system and management method based on digital certificate
EP2518671A1 (en) * 2010-09-19 2012-10-31 ZTE Corporation Method and mobile terminal for realizing network payment
CN102054258A (en) * 2010-12-16 2011-05-11 中国建设银行股份有限公司 Electronic bank safety certificating method and system based on mobile equipment
CN102904865A (en) * 2011-07-29 2013-01-30 中国移动通信集团公司 Method, system and equipment for management of multiple digital certificates on basis of mobile terminal
CN102523095A (en) * 2012-01-12 2012-06-27 公安部第三研究所 User digital certificate remote update method with intelligent card protection function
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017015797A1 (en) * 2015-07-24 2017-02-02 程强 Information security transmission method and system for ordering system
CN106921639A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 Mobile digital certificate application method and device
CN107359994A (en) * 2017-07-19 2017-11-17 国家电网公司 The integrated encryption device that a kind of quantum cryptography blends with classical password
CN109639427A (en) * 2017-10-09 2019-04-16 华为技术有限公司 A kind of method and apparatus that data are sent
CN108769024A (en) * 2018-05-30 2018-11-06 中国电子信息产业集团有限公司第六研究所 A kind of data capture method and majority are according to operator negotiation service system

Also Published As

Publication number Publication date
WO2014117648A1 (en) 2014-08-07

Similar Documents

Publication Publication Date Title
US11082224B2 (en) Location aware cryptography
US9246678B2 (en) Secure cloud storage and encryption management system
US10103894B2 (en) Creating a digital certificate for a service using a local certificate authority
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
CN103701757B (en) Identity authentication method and system for service access
CN104869175A (en) Cross-platform account resource sharing implementation method, device and system
CN104252375A (en) Method and system for sharing USB (Universal Serial Bus) Key by multiple virtual machines positioned in different host computers
CN101527634B (en) System and method for binding account information with certificates
WO2018166359A1 (en) Mobile payment sublicensing method and payment system implemented by using same
CN104917807A (en) Resource transfer method, apparatus and system
CN107743067A (en) Awarding method, system, terminal and the storage medium of digital certificate
CN103973647A (en) Application access method and equipment
CN103220148A (en) Method and system for electronic signature token to respond operation request, and electronic signature token
CN105101169A (en) Method and apparatus of information processing by trusted execution environment, terminal and SIM card
US20200349566A1 (en) Device control method and related device
CN111461799B (en) Data processing method, data processing device, computer equipment and medium
CN106411520B (en) Method, device and system for processing virtual resource data
CN106888448B (en) Application downloading method, secure element and terminal
CN110838919A (en) Communication method, storage method, operation method and device
JP2018082244A (en) Login authentication system, service provider and authentication server in login authentication system, and login authentication method and program for service provider, authentication server, computer and mobile terminal in login authentication system
CN102546168A (en) Communication device for identity authentication
CN111464295A (en) Bank card making method and device
CN110365492A (en) A kind of method for authenticating, system, equipment and medium
KR20180024389A (en) Apparatus and method for key management
CN111355683A (en) Method, device and storage medium for ensuring http data transmission safety

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140806