CN104753673A - Random association code based multi-verification certificate association method for user - Google Patents
Random association code based multi-verification certificate association method for user Download PDFInfo
- Publication number
- CN104753673A CN104753673A CN201310746829.1A CN201310746829A CN104753673A CN 104753673 A CN104753673 A CN 104753673A CN 201310746829 A CN201310746829 A CN 201310746829A CN 104753673 A CN104753673 A CN 104753673A
- Authority
- CN
- China
- Prior art keywords
- associated code
- service ticket
- user
- master authentication
- authentication voucher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a random association code based multi-verification certificate association method for a user. The method comprises the steps of treating some certification certificate in the a plurality of certification certificates of the user as the main certification certificate; generating a random association which represents the main certification certificate within a certain valid period, and generating correspondence relationship with the certification certificate; associating other certification certificates with the main certification certificate according to the correspondence relationship between the random association code and the main certification certificate. With the adoption of the method, the plurality of certification certificates can be conveniently associated by the user on the premise that the security is ensured.
Description
Technical field
The present invention relates to information security field, relate to a kind of method be associated between multiple Service Ticket more specifically.
Background technology
In the environment using digital certificate.Be generally each user and sign and issue a certificate.This certificate storage is in the medium of a hardware.As, USB Key, TF card etc.When user uses the specific function of application system, user need according to application need certificate medium is inserted on the equipment such as computer, smart mobile phone, and to be conducted interviews by application program.
Universal along with smart mobile phone and mobile Internet, increasing application can use simultaneously on PC and mobile terminal simultaneously.If such application will use digital certificate so will face a problem as the voucher of authentication: the USB Key generally used on PC cannot use on smart mobile phone.Because smart mobile phone there is no standard-sized USB interface.Smart mobile phone uses digital certificate usually using TF card (MicroSD card) as the storage medium of certificate.On PC and smart mobile phone, use application just to need to sign and issue two certificates to user in order to user can be allowed: one is stored in USBKey, PC uses simultaneously.One is stored in TF card, mobile phone uses.And in application system, need these two certificates to be associated on a system account.
As can be seen here, how not only convenient but also safe association two certificates are problems that application developer needs solution.
Summary of the invention
For in prior art between striding equipment, many Service Ticket cannot fast, the problem of security association, the object of the present invention is to provide a kind of method of many Service Ticket associations, the method can make user can associate multiple Service Ticket easily under the premise that security is guaranteed.
In order to achieve the above object, the present invention adopts following technical scheme:
A kind of user's many Service Ticket correlating method based on random associated code, described correlating method with a certain Service Ticket in the many Service Ticket of user for master authentication voucher, and be created in certain term of validity with this random associated code representing master authentication voucher, and form corresponding relation with master authentication voucher; Again with the corresponding relation between random associated code and master authentication voucher, complete associating of other Service Ticket and master authentication voucher.
In the limited scheme of this programme, inputting an effective associated code when associating, with the corresponding relation between this associated code and master authentication voucher, confirming associating of Service Ticket to be associated and corresponding master authentication voucher.
Further, described correlating method is specifically implemented based on certificate server, comprises the steps:
(1) certificate server for user issues multiple effective Service Ticket, user is with wherein arbitrary Service Ticket for master authentication voucher, and all the other effective Service Ticket are time Service Ticket;
(2) user uses master authentication voucher to be sent the request generating associated code to certificate server by client;
(3) certificate server generates for this request the random associated code that has certain timeliness, and records the corresponding relation of this associated code and master authentication voucher, then associated code is returned client and shows user;
(4) the user's associated code that will certain Service Ticket being associated with master authentication voucher be needed to return together with step (3), sends the request being associated with master authentication voucher to certificate server by client;
(5) certificate server receives association request, first carries out certification to the Service Ticket that the client initiating association request provides, if authentification failure, terminates association process;
(6) after Service Ticket passes through certification, certificate server, according to the associated code submitted in association request, searches the associated code of the correspondence of storage in a database; If can not find corresponding associated code, or associated code is expired, then associate failure;
(7) find the associated code of correspondence of storage and this associated code effectively after, the incidence relation of the secondary Service Ticket submitted in certificate server recording step (4) and the middle master authentication voucher corresponding to associated code of step (3), so far completes the association of two Service Ticket.
Further, the generating algorithm of the associated code related in described method is as follows:
Associated code=MD5(master authentication authority unique identification+timestamp+random number).
By implementing such scheme, the association completing two Service Ticket that user is autonomous when not having system manager to participate in.In fail safe, the generative process of associated code considers uniqueness and randomness, and introduces the mechanism of the term of validity.Thus ensure that fail safe.
Accompanying drawing explanation
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Fig. 1 is the principle flow chart that the present invention carries out the association of many Service Ticket;
Fig. 2 carries out association process schematic diagram in the present invention one example;
Fig. 3 is the schematic diagram of the associated code produced in example of the present invention.
Embodiment
The technological means realized to make the present invention, creation characteristic, reaching object and effect is easy to understand, below in conjunction with concrete diagram, setting forth the present invention further.
Have to use multiple Service Ticket to use the application scenarios of same application system for same user.Under this scene, application system needs multiple Service Ticket to associate usually.For this reason, the user's many Service Ticket correlating method based on random associated code provided by the invention, help system user independently can complete between multiple Service Ticket and associate, and whole association process is simple and safe and reliable.
The key point of correlating method of the present invention is, with a certain Service Ticket in the many Service Ticket of user for master authentication voucher, according to the feature (unique identification as master authentication voucher) of this master authentication voucher generate one within a period of time effective random associated code, this random associated code will represent master authentication voucher in its term of validity, again with the corresponding relation between random associated code and master authentication voucher, complete associating of other Service Ticket and master authentication voucher.
Thus, inputting an effective associated code when associating, with the corresponding relation between this associated code and master authentication voucher, confirming Service Ticket to be associated with which master authentication voucher associates, and completing association.
Based on above-mentioned principle, the association link detailed process following (see Fig. 1) of Service Ticket:
As seen from the figure, whole association process carries out based on certificate server, and it has a system database, for storing the information such as relevant associated code and the corresponding relation between itself and master authentication voucher.
Before operation associated, first certificate server will issue multiple effective Service Ticket for user, Service Ticket A as shown in the figure and Service Ticket B, and in these Service Ticket, each Service Ticket is with regard to oneself unique mark.Meanwhile, user is with wherein arbitrary Service Ticket for master authentication voucher (the Service Ticket A as in figure), and for user registers account number in certificate server, and remaining Service Ticket will as secondary Service Ticket, as the Service Ticket B in figure.
Accordingly, the association link of Service Ticket specifically comprises the steps:
(1) user uses master authentication voucher A from PC login system, is sent the request generating associated code by customer end A to certificate server.
(2) after certificate server receives this request, a random associated code is generated by according to the feature (i.e. the unique identification of master authentication voucher) of master authentication voucher A in request, and record this associated code in system database, and the relation of this associated code and master authentication voucher.
This step is when carrying out generating random associated code, certificate server extracts the unique identification of master authentication voucher A, the timestamp obtaining now correspondence and generation one 5 random numbers, certificate server this time for parameter carries out the calculating of associated code, specifically adopts following generating algorithm again:
Associated code=MD5(master authentication authority unique identification+timestamp+random number).
To ensure that randomness and the fail safe of associated code based on master authentication authority unique identification and random number when generating random associated code, timestamp wherein realizes the validity of associated code simultaneously.
(3) after record completes, associated code is returned customer end A by certificate server, and shows user by the PC of running client A.
(4) when user needs secondary Service Ticket B to be associated with master authentication voucher A, utilize the secondary Service Ticket B operational system customer end B needing association, generate according to the random associated code returned in step (3) and time Service Ticket B the request being associated with master authentication voucher again by customer end B, and sending to certificate server, this request comprises the associated code shown on PC in step (3).
(5) certificate server receives association request, first carrying out certification to the secondary Service Ticket B that the customer end B initiating association request provides, if authentification failure, terminating association process, if certification is by carrying out associated code certification.
(6) associated code submitted in certificate server association request, searches the associated code generated and stored in step (2) in system database, if can not find corresponding associated code, or associated code is expired, then associate failure; If search corresponding associated code and be in the term of validity, then carry out operation associated.
(7) incidence relation of the secondary Service Ticket submitted in certificate server recording step (4) and the middle master authentication voucher corresponding to associated code of step (2), so far completes the association of two Service Ticket.
Below with an embody rule example, process of the invention process will be described.It should be noted that, following instance is just for explaining how the present invention works, and is not intended to limit the present invention.
This application case safe cloud disc system is example.This system based on the Internet for user provide file safe storage and share.This system is supported on PC and smart mobile phone simultaneously and uses.User can leave file in Yun Panshang, and the equipment (mobile phone or computer) that can have access to server at any one above uses the file deposited.In order to ensure the safety of file, system employs digital certificate and carries out certification to user, and uses the Digital Envelope Technology based on certificate to be encrypted protection to file.In this example, if user will use this system just to need, for user issues two certificates, to be respectively used to computer and mobile phone by computer and smart mobile phone simultaneously.Because the USB Key that computer uses cannot use on mobile phone.Utilize method provided by the invention to associate user's two certificates in this application implementation, concrete steps are as follows:
First, link is registered user.Keeper is by according to the certificate registration system account in user USB Key.This USB Key is used to become master authentication voucher.After completing above-mentioned link, user just can carry out the step (as shown in Figure 1) associated:
1. the USB key that user uses on computers signs in in system.The certificate that system of users is submitted in a little process has carried out the checking of validity, and confirms that this certificate have registered account number in systems in which.This client is referred to as customer end A.In this step use the certificate in USB Key to be referred to as certificate of certification A.
2. user is in the customer end A logged in, and clicks the button of " associating other certificate ".The request generating associated code is initiated to server.
3. server receives the request of service, uses following algorithm to generate associated code:
The random number of the DN item+5 of associated code=MD5(timestamp this moment+certificate A)
That above-mentioned algorithm is formed and the associated code shape returned as:
ccb15b43a593812d22ab35c325123b84。
4. the associated code of generation is recorded in system database by server, and sets the expired time of master authentication voucher A corresponding to this associated code and associated code.
5. the associated code generated in step 3 is returned to customer end A by server.As shown in Figure 2, customer end A is illustrated on client end interface.In order to further optimize ease for use, associated code can be generated Quick Response Code by client, is convenient to mobile telephone scanning association.
6. the TF card that will mobile phone use of user, is inserted on mobile phone.And start the cell-phone customer terminal of application.This client we be referred to as customer end B.The certificate stored in TF card in this step is called certificate of certification B.
7. user clicks " being associated with main symptom book " in customer end B.Software prompt user inputs associated code.The associated code shown in user's input step 5.And submit request to.
8. service end receives the association request that customer end B is submitted to.Select and certification is carried out to the validity of the certificate that it is submitted to.If certificate be not system accept valid certificate, then associate failure.If certificate is effective, then carry out subsequent step.
9. system according to the associated code submitted in step 7 in system data library lookup corresponding record.If there is no corresponding record, or associated code is expired.Then associate failure.
10. the associating of system log (SYSLOG) certificate A and certificate B, completes operation associated.
In above-mentioned case, employing USB Key(or TF card) digital certificate that stores is as Service Ticket.Application also can select the Service Ticket of other type to implement the program.When using the Service Ticket of other type, association process is consistent, and the unique identification of the Service Ticket adopted when just associated code generates has all same according to the type of Service Ticket.
More than show and describe general principle of the present invention, principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; what describe in above-described embodiment and specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.Application claims protection range is defined by appending claims and equivalent thereof.
Claims (4)
1. the user's many Service Ticket correlating method based on random associated code, it is characterized in that, described correlating method with a certain Service Ticket in the many Service Ticket of user for master authentication voucher, and be created in certain term of validity with this random associated code representing master authentication voucher, and form corresponding relation with master authentication voucher; Again with the corresponding relation between random associated code and master authentication voucher, complete associating of other Service Ticket and master authentication voucher.
2. a kind of user's many Service Ticket correlating method based on random associated code according to claim 1, it is characterized in that, an effective associated code is inputted when associating, with the corresponding relation between this associated code and master authentication voucher, confirm associating of Service Ticket to be associated and corresponding master authentication voucher.
3. a kind of user's many Service Ticket correlating method based on random associated code according to claim 1 and 2, is characterized in that, described correlating method is specifically implemented based on certificate server, comprises the steps:
(1) certificate server for user issues multiple effective Service Ticket, user is with wherein arbitrary Service Ticket for master authentication voucher, and all the other effective Service Ticket are time Service Ticket;
(2) user uses master authentication voucher to be sent the request generating associated code to certificate server by client;
(3) certificate server generates for this request the random associated code that has certain timeliness, and records the corresponding relation of this associated code and master authentication voucher, then associated code is returned client and shows user;
(4) the user's associated code that will certain Service Ticket being associated with master authentication voucher be needed to return together with step (3), sends the request being associated with master authentication voucher to certificate server by client;
(5) certificate server receives association request, first carries out certification to the Service Ticket that the client initiating association request provides, if authentification failure, terminates association process;
(6) after Service Ticket passes through certification, certificate server, according to the associated code submitted in association request, searches the associated code of the correspondence of storage in a database; If can not find corresponding associated code, or associated code is expired, then associate failure;
(7) find the associated code of correspondence of storage and this associated code effectively after, the incidence relation of the secondary Service Ticket submitted in certificate server recording step (4) and the middle master authentication voucher corresponding to associated code of step (3), so far completes the association of two Service Ticket.
4. a kind of user's many Service Ticket correlating method based on random associated code according to claim 3, it is characterized in that, the generating algorithm of the associated code related in described method is as follows:
Associated code=MD5(master authentication authority unique identification+timestamp+random number).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310746829.1A CN104753673B (en) | 2013-12-30 | 2013-12-30 | A kind of more Service Ticket correlating methods of user based on random associated code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310746829.1A CN104753673B (en) | 2013-12-30 | 2013-12-30 | A kind of more Service Ticket correlating methods of user based on random associated code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104753673A true CN104753673A (en) | 2015-07-01 |
| CN104753673B CN104753673B (en) | 2019-04-30 |
Family
ID=53592834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310746829.1A Active CN104753673B (en) | 2013-12-30 | 2013-12-30 | A kind of more Service Ticket correlating methods of user based on random associated code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104753673B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108370319A (en) * | 2015-12-04 | 2018-08-03 | 维萨国际服务协会 | Unique code for token validation |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014958A (en) * | 2004-07-09 | 2007-08-08 | 松下电器产业株式会社 | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces |
| CN101521577A (en) * | 2009-04-01 | 2009-09-02 | 中国电信股份有限公司 | Method, system and home gateway for authentication voucher uniform management based on home gateway |
| CN102413112A (en) * | 2010-09-26 | 2012-04-11 | 深圳市闪联信息技术有限公司 | Method, association server and system for realizing association of equipment |
| CN102801532A (en) * | 2012-09-14 | 2012-11-28 | 江苏先安科技有限公司 | Method for associating and verifying multiple digital certificates |
| CN103166998A (en) * | 2011-12-15 | 2013-06-19 | 中国电信股份有限公司 | User information relating method, system and server |
| US20130262861A1 (en) * | 2012-03-29 | 2013-10-03 | Hon Hai Precision Industry Co., Ltd. | Data protection method for e-mail and electronic device having data protection function |
-
2013
- 2013-12-30 CN CN201310746829.1A patent/CN104753673B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014958A (en) * | 2004-07-09 | 2007-08-08 | 松下电器产业株式会社 | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces |
| CN101521577A (en) * | 2009-04-01 | 2009-09-02 | 中国电信股份有限公司 | Method, system and home gateway for authentication voucher uniform management based on home gateway |
| CN102413112A (en) * | 2010-09-26 | 2012-04-11 | 深圳市闪联信息技术有限公司 | Method, association server and system for realizing association of equipment |
| CN103166998A (en) * | 2011-12-15 | 2013-06-19 | 中国电信股份有限公司 | User information relating method, system and server |
| US20130262861A1 (en) * | 2012-03-29 | 2013-10-03 | Hon Hai Precision Industry Co., Ltd. | Data protection method for e-mail and electronic device having data protection function |
| CN102801532A (en) * | 2012-09-14 | 2012-11-28 | 江苏先安科技有限公司 | Method for associating and verifying multiple digital certificates |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108370319A (en) * | 2015-12-04 | 2018-08-03 | 维萨国际服务协会 | Unique code for token validation |
| CN108370319B (en) * | 2015-12-04 | 2021-08-17 | 维萨国际服务协会 | Method and computer for token verification |
| US11127016B2 (en) | 2015-12-04 | 2021-09-21 | Visa International Service Association | Unique code for token verification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104753673B (en) | 2019-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11777726B2 (en) | Methods and systems for recovering data using dynamic passwords | |
| US11818265B2 (en) | Methods and systems for creating and recovering accounts using dynamic passwords | |
| US10742411B2 (en) | Generating and managing decentralized identifiers | |
| JP6939791B2 (en) | Bulletin board information management system | |
| CN108985100B (en) | Block chain-based element security certification method, device, equipment and medium | |
| JP6355742B2 (en) | Signature verification method, apparatus, and system | |
| US20190190723A1 (en) | Authentication system and method, and user equipment, authentication server, and service server for performing same method | |
| US20200097950A1 (en) | Privileged entity consensus for digital asset creation | |
| JP6839267B2 (en) | Trace objects across different parties | |
| US9130926B2 (en) | Authorization messaging with integral delegation data | |
| WO2020182005A1 (en) | Method for information processing in digital asset certificate inheritance transfer, and related device | |
| CN113711536A (en) | Extracting data from a blockchain network | |
| WO2017028630A1 (en) | Verification method and server | |
| CN101419686A (en) | A kind of on-line contract signing system based on the internet | |
| CN111291394B (en) | False information management method, false information management device and storage medium | |
| CN110347750B (en) | Block chain-based data processing method and device | |
| JP7462903B2 (en) | User terminal, authenticator terminal, registrant terminal, management system and program | |
| CN100589382C (en) | System and method of dynamic password identification | |
| CN111488372A (en) | Data processing method, device and storage medium | |
| CN106156345B (en) | Item file deposits card method, deposits card equipment and terminal device | |
| Awalu et al. | Development of a distributed blockchain evoting system | |
| CN111008251B (en) | Data processing method and device | |
| CN110807209B (en) | Data processing method, device and storage medium | |
| CN110192212B (en) | Digital asset platform | |
| CN111274597A (en) | Data processing method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Applicant after: Geer software Limited by Share Ltd Address before: 200070 B, 501E, 199 JIANGCHANG West Road, Zhabei District, Shanghai. Applicant before: Geer Software Co., Ltd., Shanghai |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |